Fix: task_struct backwards-compatibility with kernel versions < 5.14#53
Merged
tanelpoder merged 1 commit intotanelpoder:masterfrom Dec 11, 2024
Merged
Fix: task_struct backwards-compatibility with kernel versions < 5.14#53tanelpoder merged 1 commit intotanelpoder:masterfrom
tanelpoder merged 1 commit intotanelpoder:masterfrom
Conversation
The state field in task_struct has been renamed to __state in kernel version 5.14.
Due to this change, xcapture-bpf.c fails with the following error on kernel versions < 5.14:
/virtual/main.c:178:29: error: no member named '__state' in 'struct task_struct'; did you mean 'state'?
This fix adds a bunch of macros to make xcapture-bpf.c backwards compatible with kernel versions < 5.14.
Example:
#if LINUX_VERSION_MAJOR >= 5 && LINUX_VERSION_PATCHLEVEL >= 14
t->state = curtask->__state;
#else
t->state = curtask->state;
#endif
Owner
|
Thanks! Yep I had that check in my code in an earlier version, but for some reason lost/removed it when changing things. |
Owner
|
Hey @Christoph-Lutz, I now remember why I had removed the simple version check, RHEL backports the new I just added some comments to this issue - if you have time and a RHEL8 clone around (with RHEL kernel not UEK), feel free to play with this (otherwise I should be able to look into this over the holidays): |
Christoph-Lutz
added a commit
to Christoph-Lutz/0xtools
that referenced
this pull request
Dec 12, 2024
The state field in task_struct has been renamed to __state in kernel version 5.14. Due to this change, xcapture-bpf.c fails with the following error on kernel versions < 5.14: /virtual/main.c:178:29: error: no member named '__state' in 'struct task_struct'; did you mean 'state'? The state field rename has been backported to the RHEL8 4.18 kernels as well, but the fix in tanelpoder#53 / 55f1e30 did not consider this. Therefore, this fix now also includes a macro that checks for RHEL8 like so: #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 14, 0) || RHEL_MAJOR >= 8 #define STATE_FIELD __state #else #define STATE_FIELD state #endif ... t->state = curtask->STATE_FIELD;
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The state field in task_struct has been renamed to __state in kernel version 5.14.
Due to this change, xcapture-bpf.c fails with the following error on kernel versions < 5.14:
/virtual/main.c:178:29: error: no member named '__state' in 'struct task_struct'; did you mean 'state'?
This fix adds a bunch of macros to make xcapture-bpf.c backwards compatible with kernel versions < 5.14.
Example:
#if LINUX_VERSION_MAJOR >= 5 && LINUX_VERSION_PATCHLEVEL >= 14
t->state = curtask->__state;
#else
t->state = curtask->state;
#endif