Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix path rename signature #317

Merged
merged 1 commit into from
Nov 14, 2024
Merged

fix path rename signature #317

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 40 additions & 3 deletions crates/modules/file-system-monitor/probes.bpf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,9 +169,7 @@ static __always_inline void on_path_rmdir(void *ctx, struct path *dir,
output_fs_event(ctx, event);
}

PULSAR_LSM_HOOK(path_rename, struct path *, old_dir, struct dentry *,
old_dentry, struct path *, new_dir, struct dentry *,
new_dentry);
// Manually implements hooks below
static __always_inline void on_path_rename(void *ctx, struct path *old_dir,
struct dentry *old_dentry,
struct path *new_dir,
Expand All @@ -188,3 +186,42 @@ static __always_inline void on_path_rename(void *ctx, struct path *old_dir,
get_path_str(&destination, &event->buffer, &event->rename.destination);
output_fs_event(ctx, event);
}

#ifdef FEATURE_LSM
/// This function shim is needed to make the verifier happy,
static __always_inline int shim_5_19_on_path_rename(unsigned long long *ctx,
struct path *old_dir,
struct dentry *old_dentry,
struct path *new_dir,
struct dentry *new_dentry,
unsigned int flags,
int ret) {
on_path_rename(ctx,old_dir, old_dentry, new_dir, new_dentry);
return ret;
}

SEC("lsm/path_rename")
int BPF_PROG(path_rename,
struct path *old_dir,
struct dentry *old_dentry,
struct path *new_dir,
struct dentry *new_dentry) {
// On kernel >= 5.19 there is another parameter before:
// `unsigned int flags` in `ctx[4]`;
// so ret it located foward
if (LINUX_KERNEL_VERSION >= KERNEL_VERSION(5, 19, 0)) {
unsigned int flags = (unsigned int) ctx[4];
int ret = (int) (ctx[5]);
return shim_5_19_on_path_rename(ctx, old_dir, old_dentry, new_dir, new_dentry, flags, ret);
} else {
on_path_rename(ctx,old_dir, old_dentry, new_dir, new_dentry);
return (int) (ctx[4]);
}
}
#else
SEC("kprobe/security_path_rename")
int BPF_KPROBE(security_path_rename, struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) {
on_path_rename(ctx, old_dir, old_dentry, new_dir, new_dentry);
return 0;
}
#endif