I have Debian 12 which has 6.1 kernel.
After fresh install I ran the following commands to get required source code to start building eBPF LSM program:
apt update
apt upgrade -y
apt install -y build-essential linux-headers-$(uname -r) linux-source clang llvm libbpf-dev bpftool git
cd /usr/src/
tar -xf linux-source-*.tar.xz
cd linux-source-6.1
make defconfig
I have this simple file called prevent_delete.c that I wish to compile. It uses eBPF to hook into path_unlink which according to documentation .2/security/LSM.html needs const struct path *dir and struct dentry *dentry as arguments.
#include <linux/path.h>
#include <linux/dcache.h>
#include <linux/errno.h>
#include <bpf/bpf_helpers.h>
SEC("lsm/path_unlink")
int path_unlink_audit(struct path *dir, struct dentry *dentry) {
return -EPERM;
}
char LICENSE[] SEC("license") = "GPL";
According to this blog I should be able to get started by simply using clang from command line: /@megawan/writing-compiling-and-loading-ebpf-program-7b0efa014142
But with that approach I kept getting errors about files that were not found like for example fatal error: 'linux/path.h' file not found or fatal error: 'asm/atomic.h' file not foundand so on.
Every time there was a file which was not found I used find command to find directory that contains this file. For example:
find /usr/src/ -name atomic.h | grep asm/ | grep x86
Sometimes when many directories were found I used grep like in this example to reduce the number of choices.
So after repeating it for few times I ended up having quite long command:
clang -g -O2 -target bpf -D__TARGET_ARCH_x86_64 \
-I/usr/src/linux-source-6.1/include \
-I/usr/src/linux-headers-6.1/arch/x86/include \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/uapi \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/uapi \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include \
-c prevent_delete.c -o prevent_delete.o
But now I got way too many errors:
root@debian:~/ebpf_lsm# clang -g -O2 -target bpf -D__TARGET_ARCH_x86_64 \
-I/usr/src/linux-source-6.1/include \
-I/usr/src/linux-headers-6.1/arch/x86/include \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/uapi \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/uapi \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include \
-c prevent_delete.c -o prevent_delete.o
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/compiler.h:261:
In file included from /usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/asm/rwonce.h:1:
In file included from /usr/src/linux-source-6.1/include/asm-generic/rwonce.h:27:
In file included from /usr/src/linux-source-6.1/include/linux/kcsan-checks.h:13:
/usr/src/linux-source-6.1/include/linux/compiler_attributes.h:55:9: warning: '__always_inline' macro redefined [-Wmacro-redefined]
#define __always_inline inline __attribute__((__always_inline__))
^
/usr/src/linux-source-6.1/include/uapi/linux/stddef.h:8:9: note: previous definition is here
#define __always_inline inline
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/compiler.h:261:
In file included from /usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/asm/rwonce.h:1:
/usr/src/linux-source-6.1/include/asm-generic/rwonce.h:64:8: error: unknown type name '__no_sanitize_or_inline'
static __no_sanitize_or_inline
^
/usr/src/linux-source-6.1/include/asm-generic/rwonce.h:82:8: error: unknown type name '__no_kasan_or_inline'
static __no_kasan_or_inline
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:165:13: error: invalid output constraint '+q' in asm
return i + xadd(&v->counter, i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:184:9: error: invalid output constraint '+q' in asm
return xadd(&v->counter, i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:190:9: error: invalid output constraint '+q' in asm
return xadd(&v->counter, -i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
return arch_cmpxchg(&v->counter, old, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:95:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:104:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:113:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:122:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
return arch_try_cmpxchg(&v->counter, old, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:172:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:184:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:196:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:208:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: warning: implicit declaration of function 'unlikely' is invalid in C99 [-Wimplicit-function-declaration]
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:216:6: note: expanded from macro '__raw_try_cmpxchg'
if (unlikely(!success)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: warning: implicit declaration of function 'likely' is invalid in C99 [-Wimplicit-function-declaration]
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:218:2: note: expanded from macro '__raw_try_cmpxchg'
likely(success); \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:208:9: error: invalid output constraint '+q' in asm
return arch_xchg(&v->counter, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:78:27: note: expanded from macro 'arch_xchg'
#define arch_xchg(ptr, v) __xchg_op((ptr), (v), xchg, "")
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:20:44: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline s64 arch_atomic64_read(const atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:32:38: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline void arch_atomic64_set(atomic64_t *v, s64 i)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:44:54: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static __always_inline void arch_atomic64_add(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:58:45: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline void arch_atomic64_sub(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:74:54: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline bool arch_atomic64_sub_and_test(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
3 warnings and 20 errors generated.
which seems like some includes are conflicting with each other. Did I missing something when I set up my environment? Should I have run some make command within linux source or linux headers directories to set up environment properly? What would be the best way to resolve those conflicts to get program to compile?
I have Debian 12 which has 6.1 kernel.
After fresh install I ran the following commands to get required source code to start building eBPF LSM program:
apt update
apt upgrade -y
apt install -y build-essential linux-headers-$(uname -r) linux-source clang llvm libbpf-dev bpftool git
cd /usr/src/
tar -xf linux-source-*.tar.xz
cd linux-source-6.1
make defconfig
I have this simple file called prevent_delete.c that I wish to compile. It uses eBPF to hook into path_unlink which according to documentation https://www.kernel./doc/html/v5.2/security/LSM.html needs const struct path *dir and struct dentry *dentry as arguments.
#include <linux/path.h>
#include <linux/dcache.h>
#include <linux/errno.h>
#include <bpf/bpf_helpers.h>
SEC("lsm/path_unlink")
int path_unlink_audit(struct path *dir, struct dentry *dentry) {
return -EPERM;
}
char LICENSE[] SEC("license") = "GPL";
According to this blog I should be able to get started by simply using clang from command line: https://medium/@megawan/writing-compiling-and-loading-ebpf-program-7b0efa014142
But with that approach I kept getting errors about files that were not found like for example fatal error: 'linux/path.h' file not found or fatal error: 'asm/atomic.h' file not foundand so on.
Every time there was a file which was not found I used find command to find directory that contains this file. For example:
find /usr/src/ -name atomic.h | grep asm/ | grep x86
Sometimes when many directories were found I used grep like in this example to reduce the number of choices.
So after repeating it for few times I ended up having quite long command:
clang -g -O2 -target bpf -D__TARGET_ARCH_x86_64 \
-I/usr/src/linux-source-6.1/include \
-I/usr/src/linux-headers-6.1/arch/x86/include \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/uapi \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/uapi \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include \
-c prevent_delete.c -o prevent_delete.o
But now I got way too many errors:
root@debian:~/ebpf_lsm# clang -g -O2 -target bpf -D__TARGET_ARCH_x86_64 \
-I/usr/src/linux-source-6.1/include \
-I/usr/src/linux-headers-6.1/arch/x86/include \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/uapi \
-I/usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/uapi \
-I/usr/src/linux-headers-6.1.0-32-common/arch/x86/include \
-c prevent_delete.c -o prevent_delete.o
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/compiler.h:261:
In file included from /usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/asm/rwonce.h:1:
In file included from /usr/src/linux-source-6.1/include/asm-generic/rwonce.h:27:
In file included from /usr/src/linux-source-6.1/include/linux/kcsan-checks.h:13:
/usr/src/linux-source-6.1/include/linux/compiler_attributes.h:55:9: warning: '__always_inline' macro redefined [-Wmacro-redefined]
#define __always_inline inline __attribute__((__always_inline__))
^
/usr/src/linux-source-6.1/include/uapi/linux/stddef.h:8:9: note: previous definition is here
#define __always_inline inline
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/compiler.h:261:
In file included from /usr/src/linux-headers-6.1.0-32-amd64/arch/x86/include/generated/asm/rwonce.h:1:
/usr/src/linux-source-6.1/include/asm-generic/rwonce.h:64:8: error: unknown type name '__no_sanitize_or_inline'
static __no_sanitize_or_inline
^
/usr/src/linux-source-6.1/include/asm-generic/rwonce.h:82:8: error: unknown type name '__no_kasan_or_inline'
static __no_kasan_or_inline
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:165:13: error: invalid output constraint '+q' in asm
return i + xadd(&v->counter, i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:184:9: error: invalid output constraint '+q' in asm
return xadd(&v->counter, i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:190:9: error: invalid output constraint '+q' in asm
return xadd(&v->counter, -i);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:234:25: note: expanded from macro 'xadd'
#define xadd(ptr, inc) __xadd((ptr), (inc), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:233:32: note: expanded from macro '__xadd'
#define __xadd(ptr, inc, lock) __xchg_op((ptr), (inc), xadd, lock)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
return arch_cmpxchg(&v->counter, old, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:95:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:104:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:113:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:196:9: error: invalid output constraint '=a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:149:2: note: expanded from macro 'arch_cmpxchg'
__cmpxchg(ptr, old, new, sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:134:2: note: expanded from macro '__cmpxchg'
__raw_cmpxchg((ptr), (old), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:122:11: note: expanded from macro '__raw_cmpxchg'
: "=a" (__ret), "+m" (*__ptr) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
return arch_try_cmpxchg(&v->counter, old, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:172:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:184:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:196:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: error: invalid output constraint '+a' in asm
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:208:17: note: expanded from macro '__raw_try_cmpxchg'
[old] "+a" (__old) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: warning: implicit declaration of function 'unlikely' is invalid in C99 [-Wimplicit-function-declaration]
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:216:6: note: expanded from macro '__raw_try_cmpxchg'
if (unlikely(!success)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:202:9: warning: implicit declaration of function 'likely' is invalid in C99 [-Wimplicit-function-declaration]
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:225:2: note: expanded from macro 'arch_try_cmpxchg'
__try_cmpxchg((ptr), (pold), (new), sizeof(*(ptr)))
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:222:2: note: expanded from macro '__try_cmpxchg'
__raw_try_cmpxchg((ptr), (pold), (new), (size), LOCK_PREFIX)
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:218:2: note: expanded from macro '__raw_try_cmpxchg'
likely(success); \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:208:9: error: invalid output constraint '+q' in asm
return arch_xchg(&v->counter, new);
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:78:27: note: expanded from macro 'arch_xchg'
#define arch_xchg(ptr, v) __xchg_op((ptr), (v), xchg, "")
^
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/cmpxchg.h:48:13: note: expanded from macro '__xchg_op'
: "+q" (__ret), "+m" (*(ptr)) \
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:20:44: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline s64 arch_atomic64_read(const atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:32:38: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline void arch_atomic64_set(atomic64_t *v, s64 i)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:44:54: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static __always_inline void arch_atomic64_add(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:58:45: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline void arch_atomic64_sub(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
In file included from prevent_delete.c:2:
In file included from /usr/src/linux-source-6.1/include/linux/dcache.h:5:
In file included from /usr/src/linux-source-6.1/include/linux/atomic.h:7:
In file included from /usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic.h:269:
/usr/src/linux-headers-6.1.0-32-common/arch/x86/include/asm/atomic64_64.h:74:54: error: unknown type name 'atomic64_t'; did you mean 'atomic_t'?
static inline bool arch_atomic64_sub_and_test(s64 i, atomic64_t *v)
^~~~~~~~~~
atomic_t
/usr/src/linux-source-6.1/include/linux/types.h:168:3: note: 'atomic_t' declared here
} atomic_t;
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
3 warnings and 20 errors generated.
which seems like some includes are conflicting with each other. Did I missing something when I set up my environment? Should I have run some make command within linux source or linux headers directories to set up environment properly? What would be the best way to resolve those conflicts to get program to compile?
1 Answer
Reset to default 0After doing more research I found help from https://eunomia.dev/en/tutorials/1-helloworld/.
Solution was to use ecc instead of clang.
- Get
eccandecliusingwgetbecause currently ecc (eBPF Compiler Collection) and ecli (eBPF Command-Line Interface) are not available in the official Debian package repositories.
wget https://aka.pw/bpf-ecli -O ecli && chmod +x ./ecli
wget https://github/eunomia-bpf/eunomia-bpf/releases/latest/download/ecc && chmod +x ./ecc
- Refactor the code a little bit:
#include "vmlinux.h"
#include <bpf/bpf_tracing.h>
char LICENSE[] SEC("license") = "GPL";
#define EPERM 1
SEC("lsm/path_unlink")
int BPF_PROG(path_unlink_audit, struct path *dir, struct dentry *dentry)
{
bpf_printk("prevent_delete: %s/%s", dir->dentry->d_name.name, dentry->d_name.name);
return -EPERM;
}
Here is important to call function as BPF_PROG instead of path_unlink_audit because BPF_PROG is macro defined in bpf_tracing.h. The initial idea to refactor it like that came from here.
- Compile using
ecc:
./ecc prevent_delete.c
- run using
ecli:
./ecli run package.json
- Test by verifying that deleting file gives error message and file is not deleted:
root@debian:~/testing# ls
root@debian:~/testing# echo "hello" >> a.txt
root@debian:~/testing# ls
a.txt
root@debian:~/testing# rm a.txt
rm: cannot remove 'a.txt': Operation not permitted
root@debian:~/testing# ls
a.txt
- Verify that event is logged:
root@debian:~/testing# cat /sys/kernel/debug/tracing/trace_pipe
pool-nemo-11538 [000] ...11 126823.305886: bpf_trace_printk: prevent_delete: testing/a.txt
For educational purposes it would still be interesting to learn what clang version would look like. If Someone knows it I would be happy to include it in answer. But for practical purposes ecc seems to be enough.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744307976a4567811.html
评论列表(0条)