diff --git a/pkg/security/ebpf/c/include/constants/offsets/filesystem.h b/pkg/security/ebpf/c/include/constants/offsets/filesystem.h index f1dd1c10e3393e..369530b4500e49 100644 --- a/pkg/security/ebpf/c/include/constants/offsets/filesystem.h +++ b/pkg/security/ebpf/c/include/constants/offsets/filesystem.h @@ -163,8 +163,11 @@ struct file_system_type *__attribute__((always_inline)) get_super_block_fs(struc } struct super_block *__attribute__((always_inline)) get_vfsmount_sb(struct vfsmount *mnt) { + u64 offset; + LOAD_CONSTANT("vfsmount_mnt_sb_offset", offset); + struct super_block *sb; - bpf_probe_read(&sb, sizeof(sb), &mnt->mnt_sb); + bpf_probe_read(&sb, sizeof(sb), (void *)mnt + offset); return sb; } @@ -213,7 +216,7 @@ unsigned long __attribute__((always_inline)) get_path_ino(struct path *path) { void __attribute__((always_inline)) get_dentry_name(struct dentry *dentry, void *buffer, size_t n) { u64 dentry_d_name_offset; - LOAD_CONSTANT*("dentry_d_name_offset", dentry_d_name_offset); + LOAD_CONSTANT("dentry_d_name_offset", dentry_d_name_offset); struct qstr qstr; bpf_probe_read(&qstr, sizeof(qstr), (void *)dentry + dentry_d_name_offset); diff --git a/pkg/security/probe/constantfetch/constant_names.go b/pkg/security/probe/constantfetch/constant_names.go index 1b33cb897407f4..c71c82d6065953 100644 --- a/pkg/security/probe/constantfetch/constant_names.go +++ b/pkg/security/probe/constantfetch/constant_names.go @@ -39,6 +39,7 @@ const ( OffsetNameMountpointDentry = "mountpoint_dentry_offset" OffsetNameVfsmountMntFlags = "vfsmount_mnt_flags_offset" OffsetNameVfsmountMntRoot = "vfsmount_mnt_root_offset" + OffsetNameVfsmountMntSb = "vfsmount_mnt_sb_offset" OffsetNameSuperblockSType = "super_block_s_type_offset" OffsetNameDentryDName = "dentry_d_name_offset" diff --git a/pkg/security/probe/constantfetch/fallback.go b/pkg/security/probe/constantfetch/fallback.go index 2f591a02bf72c2..541974c91d83a8 100644 --- a/pkg/security/probe/constantfetch/fallback.go +++ b/pkg/security/probe/constantfetch/fallback.go @@ -179,6 +179,8 @@ func (f *FallbackConstantFetcher) appendRequest(id string) { value = getVfsmountMntRootOffset(f.kernelVersion) case OffsetNameDentryDName: value = getDentryDNameOffset(f.kernelVersion) + case OffsetNameVfsmountMntSb: + value = getVfsmountMntSbOffset(f.kernelVersion) } f.res[id] = value } @@ -1137,3 +1139,7 @@ func getVfsmountMntRootOffset(_ *kernel.Version) uint64 { func getDentryDNameOffset(_ *kernel.Version) uint64 { return 32 } + +func getVfsmountMntSbOffset(_ *kernel.Version) uint64 { + return 8 +} diff --git a/pkg/security/probe/probe_ebpf.go b/pkg/security/probe/probe_ebpf.go index ffe05e28f85971..9d226d20585b18 100644 --- a/pkg/security/probe/probe_ebpf.go +++ b/pkg/security/probe/probe_ebpf.go @@ -2543,6 +2543,7 @@ func AppendProbeRequestsToFetcher(constantFetcher constantfetch.ConstantFetcher, constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameMountMntMountpoint, "struct mountpoint", "m_dentry") constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameVfsmountMntFlags, "struct vfsmount", "mnt_flags") constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameVfsmountMntRoot, "struct vfsmount", "mnt_root") + constantFetcher.AppendOffsetofRequest(constantfetch.OffsetNameVfsmountMntSb, "struct vfsmount", "mnt_sb") } // HandleActions handles the rule actions