fix(driver): use configure system to check for mnt_idmap for fs

Kernel 6.3 changed fs functions to `struct mnt_idmap`. Use the configure system in place of the version check to support driver build on RHEL 9 (namely 5.14.0-547.el9.x86_64) Signed-off-by: Angelo Puglisi <[email protected]>
falcosecurity · Jan 20, 2025 · cb3e5cf · cb3e5cf
1 parent 02ac6f6
commit cb3e5cf
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/driver/configure/FS_MNT_IDMAP/test.c b/driver/configure/FS_MNT_IDMAP/test.c
@@ -0,0 +1,33 @@
+/*
+
+Copyright (C) 2025 The Falco Authors.
+
+This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+or GPL2.txt for full copies of the license.
+
+*/
+
+/*
+ * Check that fs function wants mnt_idmap
+ * See linux 6.3 changes:
+ * - https://github.com/torvalds/linux/commit/abf08576afe3
+ * - https://github.com/torvalds/linux/commit/01beba7957a2
+ */
+
+#include <linux/module.h>
+#include <linux/fs.h>
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("the Falco authors");
+
+static int fs_mnt_idmap_init(void) {
+	struct mnt_idmap *idmap = NULL;
+	const struct inode *inode = NULL;
+	inode_owner_or_capable(idmap, inode);
+	return 0;
+}
+
+static void fs_mnt_idmap_exit(void) {}
+
+module_init(fs_mnt_idmap_init);
+module_exit(fs_mnt_idmap_exit);
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
@@ -1390,7 +1390,7 @@ int f_proc_startupdate(struct event_filler_arguments *args) {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)
 			if(file_inode(exe_file) != NULL) {
 				/* Support exe_writable */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0)
+#ifdef HAS_FS_MNT_IDMAP
 				exe_writable |= (file_permission(exe_file, MAY_WRITE | MAY_NOT_BLOCK) == 0);
 				exe_writable |=
 				        inode_owner_or_capable(file_mnt_idmap(exe_file), file_inode(exe_file));
@@ -7754,7 +7754,7 @@ int f_sched_prog_exec(struct event_filler_arguments *args) {
 	if(exe_file != NULL) {
 		if(file_inode(exe_file) != NULL) {
 			/* Support exe_writable */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0)
+#ifdef HAS_FS_MNT_IDMAP
 			exe_writable |= (file_permission(exe_file, MAY_WRITE | MAY_NOT_BLOCK) == 0);
 			exe_writable |= inode_owner_or_capable(file_mnt_idmap(exe_file), file_inode(exe_file));
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)