sync 0.17.x branch

.github/workflows/drivers_ci.yml

@@ -249,7 +249,7 @@ jobs:
   build-modern-bpf-skeleton:
     needs: paths-filter
     # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
-    runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
+    runs-on: 'ubuntu-latest'
     if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
     container: fedora:latest
     steps:
@@ -270,21 +270,38 @@ jobs:
       - name: Upload skeleton
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
-          name: bpf_probe_${{ inputs.arch }}.skel.h
+          name: bpf_probe_x86_64.skel.h
           path: skeleton-build/skel_dir/bpf_probe.skel.h
           retention-days: 1
 
   build-scap-open-w-extern-bpf-skeleton:
+    env:
+      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
     needs: [paths-filter,build-modern-bpf-skeleton] 
     # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
-    runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
+    runs-on: 'ubuntu-latest'
     if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
     container: centos:7
     steps:
       # Always install deps before invoking checkout action, to properly perform a full clone.
-      - name: Install build dependencies
+      - name: Fix mirrors to use vault.centos.org
+        run: |
+          sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
+          sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo
+          sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+      - name: Install scl repos
         run: |
           yum -y install centos-release-scl
+
+      - name: Fix new mirrors to use vault.centos.org
+        run: |
+          sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
+          sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo
+          sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+      - name: Install build dependencies
+        run: |
           yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++
           source /opt/rh/devtoolset-9/enable
           yum install -y wget git make m4 rpm-build perl-IPC-Cmd
@@ -296,7 +313,7 @@ jobs:
       - name: Download skeleton
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: bpf_probe_${{ inputs.arch }}.skel.h
+          name: bpf_probe_x86_64.skel.h
           path: /tmp
 
       - name: Install updated cmake

cmake/modules/zlib.cmake

@@ -68,19 +68,24 @@ else()
 		else()
 			if(BUILD_SHARED_LIBS)
 				set(ZLIB_LIB_SUFFIX "${CMAKE_SHARED_LIBRARY_SUFFIX}")
+				set(ZLIB_LIB "${ZLIB_SRC}/lib/zlib$<$<CONFIG:Debug>:d>${ZLIB_LIB_SUFFIX}")
 			else()
 				set(ZLIB_LIB_SUFFIX "${CMAKE_STATIC_LIBRARY_SUFFIX}")
+				set(ZLIB_LIB "${ZLIB_SRC}/lib/zlibstatic$<$<CONFIG:Debug>:d>${ZLIB_LIB_SUFFIX}")
 			endif()
-			set(ZLIB_LIB "${ZLIB_SRC}/zlib${ZLIB_LIB_SUFFIX}")
 			ExternalProject_Add(zlib
 				PREFIX "${PROJECT_BINARY_DIR}/zlib-prefix"
 				URL "https://github.com/madler/zlib/archive/v1.2.13.tar.gz"
 				URL_HASH "SHA256=1525952a0a567581792613a9723333d7f8cc20b87a81f920fb8bc7e3f2251428"
-				CONFIGURE_COMMAND ""
-				BUILD_COMMAND nmake -f win32/Makefile.msc LOC=-DZLIB_WINAPI
 				BUILD_IN_SOURCE 1
 				BUILD_BYPRODUCTS ${ZLIB_LIB}
-				INSTALL_COMMAND "")
+				CMAKE_ARGS
+					-DCMAKE_POLICY_DEFAULT_CMP0091:STRING=NEW
+					-DCMAKE_MSVC_RUNTIME_LIBRARY=${CMAKE_MSVC_RUNTIME_LIBRARY}
+					-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
+					-DCMAKE_POSITION_INDEPENDENT_CODE=${ENABLE_PIC}
+					-DBUILD_SHARED_LIBS=${BUILD_SHARED_LIBS}
+					-DCMAKE_INSTALL_PREFIX=${ZLIB_SRC})
 			install(FILES "${ZLIB_LIB}" DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
 					COMPONENT "libs-deps")
 			install(FILES ${ZLIB_HEADERS} DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}/zlib"

driver/bpf/fillers.h

@@ -2392,48 +2392,28 @@ static __always_inline bool get_exe_writable(struct inode *inode, struct cred *c
 	return false;
 }
 
-static __always_inline bool get_exe_upper_layer(struct dentry *dentry, struct super_block *sb)
+static __always_inline bool get_exe_upper_layer(struct file *file)
 {
+	struct dentry* dentry = NULL;
+	bpf_probe_read_kernel(&dentry, sizeof(dentry), &file->f_path.dentry);
+	struct super_block* sb = (struct super_block*)_READ(dentry->d_sb);
 	unsigned long sb_magic = _READ(sb->s_magic);
-	if(sb_magic == PPM_OVERLAYFS_SUPER_MAGIC)
-	{
-		struct dentry *upper_dentry = NULL;
-		char *vfs_inode = (char *)_READ(dentry->d_inode);
-
-		// Pointer arithmetics due to unexported ovl_inode struct
-		// warning: this works if and only if the dentry pointer is placed right after the inode struct
-		struct dentry *tmp = (struct dentry *)(vfs_inode + sizeof(struct inode));
-		upper_dentry = _READ(tmp);
-		if(!upper_dentry)
-		{
-			return false;
-		}
 
-		unsigned int d_flags = _READ(dentry->d_flags);
-		bool disconnected = (d_flags & DCACHE_DISCONNECTED);
-		if(disconnected)
-		{
-			return true;
-		}
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0)
-		struct ovl_entry *oe = (struct ovl_entry*)_READ(dentry->d_fsdata);
-		unsigned long has_upper = (unsigned long)_READ(oe->has_upper);
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(6, 5, 0)
-		struct ovl_entry *oe = (struct ovl_entry*)_READ(dentry->d_fsdata);
-		unsigned long flags = _READ(oe->flags);
-		unsigned long has_upper = (flags & (1U << (OVL_E_UPPER_ALIAS)));
-#else
-		unsigned long flags = (unsigned long)_READ(dentry->d_fsdata);
-		unsigned long has_upper = (flags & (1U << (OVL_E_UPPER_ALIAS)));
-#endif
+	if(sb_magic != PPM_OVERLAYFS_SUPER_MAGIC)
+	{
+		return false;
+	}
 
-		if(has_upper)
-		{
-			return true;
-		}
+	char *vfs_inode = (char *)_READ(dentry->d_inode);
+	struct dentry *upper_dentry = NULL;
+	bpf_probe_read_kernel(&upper_dentry, sizeof(upper_dentry), (char *)vfs_inode + sizeof(struct inode));
+	if(!upper_dentry)
+	{
+		return false;
 	}
-	return false;
+
+	struct inode *upper_ino = _READ(upper_dentry->d_inode);
+	return _READ(upper_ino->i_ino) != 0;
 }
 
 FILLER(proc_startupdate, true)
@@ -2945,43 +2925,27 @@ FILLER(execve_extra_tail_1, true)
 	struct cred *cred = (struct cred *)_READ(task->cred);
 	struct file *exe_file = get_exe_file(task);
 	struct inode *inode = get_file_inode(exe_file);
-	struct path f_path = (struct path)_READ(exe_file->f_path);
-	struct dentry* dentry = f_path.dentry;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 18, 0)
-	struct super_block* sb = _READ(dentry->d_sb);
-#else
-	struct super_block *sb = _READ(inode->i_sb);
-#endif
-
-	/* `exe_writable` and `exe_upper_layer` flag logic */
-	bool exe_writable = false;
-	bool exe_upper_layer = false;
-
 	uint32_t flags = 0;
-	kuid_t euid;
+	kuid_t euid = {0};
 
-	if(sb && inode)
+	if(inode)
 	{
 		/*
 		 * exe_writable
 		 */
-		exe_writable = get_exe_writable(inode, cred);
+		bool exe_writable = get_exe_writable(inode, cred);
 		if (exe_writable) 
 		{
 			flags |= PPM_EXE_WRITABLE;
 		}
+	}
 
-		/*
-		 * exe_upper_layer
-		 */
-		exe_upper_layer = get_exe_upper_layer(dentry,sb);
-		if (exe_upper_layer)
-		{
-			flags |= PPM_EXE_UPPER_LAYER;
-		}
-
-		// write all additional flags for execve family here...
+	/*
+	 * exe_upper_layer
+	 */
+	if(exe_file && get_exe_upper_layer(exe_file))
+	{
+		flags |= PPM_EXE_UPPER_LAYER;
 	}
 
 	if(exe_file && get_exe_from_memfd(exe_file))
@@ -6869,42 +6833,27 @@ FILLER(sched_prog_exec_4, false)
 	struct cred *cred = (struct cred *)_READ(task->cred);
 	struct file *exe_file = get_exe_file(task);
 	struct inode *inode = get_file_inode(exe_file);
-	struct path f_path = (struct path)_READ(exe_file->f_path);
-	struct dentry* dentry = f_path.dentry;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 18, 0)
-	struct super_block* sb = _READ(dentry->d_sb);
-#else
-	struct super_block *sb = _READ(inode->i_sb);
-#endif
-
-	/* `exe_writable` and `exe_upper_layer` flag logic */
-	bool exe_writable = false;
-	bool exe_upper_layer = false;
 	uint32_t flags = 0;
-	kuid_t euid;
+	kuid_t euid = {0};
 
-	if(sb && inode)
+	if(inode)
 	{
 		/*
 		 * exe_writable
 		 */
-		exe_writable = get_exe_writable(inode, cred);
+		bool exe_writable = get_exe_writable(inode, cred);
 		if (exe_writable) 
 		{
 			flags |= PPM_EXE_WRITABLE;
 		}
+	}
 
-		/*
-		 * exe_upper_layer
-		 */
-		exe_upper_layer = get_exe_upper_layer(dentry,sb);
-		if (exe_upper_layer)
-		{
-			flags |= PPM_EXE_UPPER_LAYER;
-		}
-
-		// write all additional flags for execve family here...
+	/*
+	 * exe_upper_layer
+	 */
+	if (exe_file && get_exe_upper_layer(exe_file))
+	{
+		flags |= PPM_EXE_UPPER_LAYER;
 	}
 
 	if(exe_file && get_exe_from_memfd(exe_file))

driver/bpf/missing_definitions.h

@@ -10,37 +10,6 @@ or GPL2.txt for full copies of the license.
 #ifndef __BPF_MISSING_DEFINITIONS_H__
 #define __BPF_MISSING_DEFINITIONS_H__
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 16, 0)
-struct ovl_entry {
-	union {
-		struct {
-			unsigned long has_upper;
-			bool opaque;
-		};
-		struct rcu_head rcu;
-	};
-	unsigned numlower;
-	struct path lowerstack[];
-};
-#else
-struct ovl_entry {
-	union {
-		struct {
-			unsigned long flags;
-		};
-		struct rcu_head rcu;
-	};
-	unsigned numlower;
-	//struct ovl_path lowerstack[];
-};
-
-enum ovl_entry_flag {
-	OVL_E_UPPER_ALIAS,
-	OVL_E_OPAQUE,
-	OVL_E_CONNECTED,
-};
-#endif
-
 #include <linux/mount.h>
 /* This require the inlclude `linux/mount.h` for `vfsmount` definition */
 struct mount {

driver/modern_bpf/definitions/missing_definitions.h

@@ -1586,9 +1586,4 @@
 #define MODULE_INIT_COMPRESSED_FILE    4
 /*==================================== FINIT   FLAGS ================================*/
 
-/*==================================== OVERLAY FLAGS ================================*/
-#define DCACHE_DISCONNECTED 0x20
-#define OVL_E_UPPER_ALIAS      0
-/*==================================== OVERLAY FLAGS ================================*/
-
 #endif /* __MISSING_DEFINITIONS_H__ */

driver/modern_bpf/definitions/struct_flavors.h

@@ -52,11 +52,6 @@ struct inode___v6_7 {
 	struct timespec64 __i_mtime;
 };
 
-struct ovl_entry___before_v6_5
-{
-	long unsigned int flags;
-};
-
 #ifndef BPF_NO_PRESERVE_ACCESS_INDEX
 #pragma clang attribute pop
 #endif