add constant for dentry_d_name_offset

DataDog · Jan 7, 2025 · 327d1fa · 327d1fa
1 parent d43728e
commit 327d1fa
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 1 deletion.
diff --git a/pkg/security/ebpf/c/include/constants/offsets/filesystem.h b/pkg/security/ebpf/c/include/constants/offsets/filesystem.h
@@ -212,8 +212,11 @@ unsigned long __attribute__((always_inline)) get_path_ino(struct path *path) {
 }
 
 void __attribute__((always_inline)) get_dentry_name(struct dentry *dentry, void *buffer, size_t n) {
+	u64 dentry_d_name_offset;
+	LOAD_CONSTANT*("dentry_d_name_offset", dentry_d_name_offset);
+
     struct qstr qstr;
-    bpf_probe_read(&qstr, sizeof(qstr), &dentry->d_name);
+    bpf_probe_read(&qstr, sizeof(qstr), (void *)dentry + dentry_d_name_offset);
     bpf_probe_read_str(buffer, n, (void *)qstr.name);
 }
 

diff --git a/pkg/security/probe/constantfetch/constant_names.go b/pkg/security/probe/constantfetch/constant_names.go
@@ -40,6 +40,7 @@ const (
 	OffsetNameVfsmountMntFlags          = "vfsmount_mnt_flags_offset"
 	OffsetNameVfsmountMntRoot           = "vfsmount_mnt_root_offset"
 	OffsetNameSuperblockSType           = "super_block_s_type_offset"
+	OffsetNameDentryDName               = "dentry_d_name_offset"
 
 	// inode
 	OffsetInodeIno   = "inode_ino_offset"

diff --git a/pkg/security/probe/constantfetch/fallback.go b/pkg/security/probe/constantfetch/fallback.go
@@ -177,6 +177,8 @@ func (f *FallbackConstantFetcher) appendRequest(id string) {
 		value = getSuperblockSTypeOffset(f.kernelVersion)
 	case OffsetNameVfsmountMntRoot:
 		value = getVfsmountMntRootOffset(f.kernelVersion)
+	case OffsetNameDentryDName:
+		value = getDentryDNameOffset(f.kernelVersion)
 	}
 	f.res[id] = value
 }
@@ -1131,3 +1133,7 @@ func getSuperblockSTypeOffset(_ *kernel.Version) uint64 {
 func getVfsmountMntRootOffset(_ *kernel.Version) uint64 {
 	return 0
 }
+
+func getDentryDNameOffset(_ *kernel.Version) uint64 {
+	return 32
+}
diff --git a/pkg/security/probe/probe_ebpf.go b/pkg/security/probe/probe_ebpf.go
@@ -2535,6 +2535,7 @@ func AppendProbeRequestsToFetcher(constantFetcher constantfetch.ConstantFetcher,
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameSbDev, "struct super_block", "s_dev")
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameSuperblockSType, "struct super_block", "s_type")
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameDentryDInode, "struct dentry", "d_inode")
+	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameDentryDName, "struct dentry", "d_name")
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNamePathDentry, "struct path", "dentry")
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNamePathMnt, "struct path", "mnt")
 	constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameInodeSuperblock, "struct inode", "i_sb")