tools/{filegone.py,filelife.py}: Check btf struct field for CO-RE

Since kernel commit abf08576afe3("fs: port vfs_*() helpers to struct
mnt_idmap"), the vfs_unlink/create function use 'struct mnt_idmap' instead
of 'struct user_namespace'.

Signed-off-by: Rong Tao <[email protected]>

tools/filegone.py

@@ -106,12 +106,15 @@
  struct dentry *new_dentry = rd->new_dentry;
 """
 
-bpf_vfs_unlink_text_old="""
+bpf_vfs_unlink_text_1="""
 int trace_unlink(struct pt_regs *ctx, struct inode *dir, struct dentry *dentry)
 """
-bpf_vfs_unlink_text_new="""
+bpf_vfs_unlink_text_2="""
 int trace_unlink(struct pt_regs *ctx, struct user_namespace *ns, struct inode *dir, struct dentry *dentry)
 """
+bpf_vfs_unlink_text_3="""
+int trace_unlink(struct pt_regs *ctx, struct mnt_idmap *idmap, struct inode *dir, struct dentry *dentry)
+"""
 
 def action2str(action):
  if chr(action) == 'D':
@@ -132,12 +135,15 @@ def action2str(action):
  exit()
 
 # check 'struct renamedata' exist or not
-if BPF.kernel_struct_has_field("renamedata", "old_mnt_userns") == 1:
+if BPF.kernel_struct_has_field(b'renamedata', b'new_mnt_idmap') == 1:
+ bpf_text = bpf_text.replace('TRACE_VFS_RENAME_FUNC', bpf_vfs_rename_text_new)
+ bpf_text = bpf_text.replace('TRACE_VFS_UNLINK_FUNC', bpf_vfs_unlink_text_3)
+elif BPF.kernel_struct_has_field("renamedata", "old_mnt_userns") == 1:
  bpf_text = bpf_text.replace('TRACE_VFS_RENAME_FUNC', bpf_vfs_rename_text_new)
- bpf_text = bpf_text.replace('TRACE_VFS_UNLINK_FUNC', bpf_vfs_unlink_text_new)
+ bpf_text = bpf_text.replace('TRACE_VFS_UNLINK_FUNC', bpf_vfs_unlink_text_2)
 else:
  bpf_text = bpf_text.replace('TRACE_VFS_RENAME_FUNC', bpf_vfs_rename_text_old)
- bpf_text = bpf_text.replace('TRACE_VFS_UNLINK_FUNC', bpf_vfs_unlink_text_old)
+ bpf_text = bpf_text.replace('TRACE_VFS_UNLINK_FUNC', bpf_vfs_unlink_text_1)
 
 # initialize BPF
 b = BPF(text=bpf_text)

tools/filelife.py

@@ -124,21 +124,29 @@
 }
 """
 
-trace_create_text_old="""
+trace_create_text_1="""
 int trace_create(struct pt_regs *ctx, struct inode *dir, struct dentry *dentry)
 """
-trace_create_text_new="""
+trace_create_text_2="""
 int trace_create(struct pt_regs *ctx, struct user_namespace *mnt_userns,
  struct inode *dir, struct dentry *dentry)
 """
+trace_create_text_3="""
+int trace_create(struct pt_regs *ctx, struct mnt_idmap *idmap,
+ struct inode *dir, struct dentry *dentry)
+"""
 
-trace_unlink_text_old="""
+trace_unlink_text_1="""
 int trace_unlink(struct pt_regs *ctx, struct inode *dir, struct dentry *dentry)
 """
-trace_unlink_text_new="""
+trace_unlink_text_2="""
 int trace_unlink(struct pt_regs *ctx, struct user_namespace *mnt_userns,
  struct inode *dir, struct dentry *dentry)
 """
+trace_unlink_text_3="""
+int trace_unlink(struct pt_regs *ctx, struct mnt_idmap *idmap,
+ struct inode *dir, struct dentry *dentry)
+"""
 
 if args.pid:
  bpf_text = bpf_text.replace('FILTER',
@@ -150,12 +158,15 @@
  if args.ebpf:
  exit()
 
-if BPF.kernel_struct_has_field(b'renamedata', b'old_mnt_userns') == 1:
- bpf_text = bpf_text.replace('TRACE_CREATE_FUNC', trace_create_text_new)
- bpf_text = bpf_text.replace('TRACE_UNLINK_FUNC', trace_unlink_text_new)
+if BPF.kernel_struct_has_field(b'renamedata', b'new_mnt_idmap') == 1:
+ bpf_text = bpf_text.replace('TRACE_CREATE_FUNC', trace_create_text_3)
+ bpf_text = bpf_text.replace('TRACE_UNLINK_FUNC', trace_unlink_text_3)
+elif BPF.kernel_struct_has_field(b'renamedata', b'old_mnt_userns') == 1:
+ bpf_text = bpf_text.replace('TRACE_CREATE_FUNC', trace_create_text_2)
+ bpf_text = bpf_text.replace('TRACE_UNLINK_FUNC', trace_unlink_text_2)
 else:
- bpf_text = bpf_text.replace('TRACE_CREATE_FUNC', trace_create_text_old)
- bpf_text = bpf_text.replace('TRACE_UNLINK_FUNC', trace_unlink_text_old)
+ bpf_text = bpf_text.replace('TRACE_CREATE_FUNC', trace_create_text_1)
+ bpf_text = bpf_text.replace('TRACE_UNLINK_FUNC', trace_unlink_text_1)
 
 # initialize BPF
 b = BPF(text=bpf_text)