libbpf-tools/mountsnoop: Use union to pass arguments

Ready to introduce fsopen(2),fsconfig(2),fsmount(2),move_mount(2)
syscall support.

Signed-off-by: Rong Tao <[email protected]>

Author: Rtoax

libbpf-tools/mountsnoop.bpf.c

@@ -31,12 +31,21 @@ static int probe_entry(const char *src, const char *dest, const char *fs,
 		return 0;
 
 	arg.ts = bpf_ktime_get_ns();
-	arg.flags = flags;
-	arg.src = src;
-	arg.dest = dest;
-	arg.fs = fs;
-	arg.data= data;
 	arg.op = op;
+
+	switch (op) {
+	case MOUNT:
+		arg.mount.flags = flags;
+		arg.mount.src = src;
+		arg.mount.dest = dest;
+		arg.mount.fs = fs;
+		arg.mount.data= data;
+		break;
+	case UMOUNT:
+		arg.umount.flags = flags;
+		arg.umount.dest = dest;
+		break;
+	}
 	bpf_map_update_elem(&args, &tid, &arg, BPF_ANY);
 	return 0;
 };
@@ -60,29 +69,26 @@ static int probe_exit(void *ctx, int ret)
 
 	task = (struct task_struct *)bpf_get_current_task();
 	eventp->delta = bpf_ktime_get_ns() - argp->ts;
-	eventp->flags = argp->flags;
+	eventp->op = argp->op;
 	eventp->pid = pid;
 	eventp->tid = tid;
 	eventp->mnt_ns = BPF_CORE_READ(task, nsproxy, mnt_ns, ns.inum);
 	eventp->ret = ret;
-	eventp->op = argp->op;
 	bpf_get_current_comm(&eventp->comm, sizeof(eventp->comm));
-	if (argp->src)
-		bpf_probe_read_user_str(eventp->src, sizeof(eventp->src), argp->src);
-	else
-		eventp->src[0] = '\0';
-	if (argp->dest)
-		bpf_probe_read_user_str(eventp->dest, sizeof(eventp->dest), argp->dest);
-	else
-		eventp->dest[0] = '\0';
-	if (argp->fs)
-		bpf_probe_read_user_str(eventp->fs, sizeof(eventp->fs), argp->fs);
-	else
-		eventp->fs[0] = '\0';
-	if (argp->data)
-		bpf_probe_read_user_str(eventp->data, sizeof(eventp->data), argp->data);
-	else
-		eventp->data[0] = '\0';
+
+	switch (argp->op) {
+	case MOUNT:
+		eventp->mount.flags = argp->mount.flags;
+		bpf_probe_read_user_str(eventp->mount.src, sizeof(eventp->mount.src), argp->mount.src);
+		bpf_probe_read_user_str(eventp->mount.dest, sizeof(eventp->mount.dest), argp->mount.dest);
+		bpf_probe_read_user_str(eventp->mount.fs, sizeof(eventp->mount.fs), argp->mount.fs);
+		bpf_probe_read_user_str(eventp->mount.data, sizeof(eventp->mount.data), argp->mount.data);
+		break;
+	case UMOUNT:
+		eventp->umount.flags = argp->umount.flags;
+		bpf_probe_read_user_str(eventp->umount.dest, sizeof(eventp->umount.dest), argp->umount.dest);
+		break;
+	}
 
 	submit_buf(ctx, eventp, sizeof(*eventp));
 

libbpf-tools/mountsnoop.c

@@ -185,12 +185,20 @@ static const char *gen_call(const struct event *e)
 	static char call[10240];
 
 	memset(call, 0, sizeof(call));
-	if (e->op == UMOUNT) {
+	switch (e->op) {
+	case UMOUNT:
 		snprintf(call, sizeof(call), "umount(\"%s\", %s) = %s",
-			 e->dest, strflags(e->flags), strerrno(e->ret));
-	} else {
+			 e->umount.dest, strflags(e->umount.flags),
+			 strerrno(e->ret));
+		break;
+	case MOUNT:
 		snprintf(call, sizeof(call), "mount(\"%s\", \"%s\", \"%s\", %s, \"%s\") = %s",
-			 e->src, e->dest, e->fs, strflags(e->flags), e->data, strerrno(e->ret));
+			 e->mount.src, e->mount.dest, e->mount.fs,
+			 strflags(e->mount.flags), e->mount.data,
+			 strerrno(e->ret));
+		break;
+	default:
+		break;
 	}
 	return call;
 }
@@ -230,11 +238,21 @@ static int handle_event(void *ctx, void *data, size_t len)
 	printf("%sRET:    %s\n", indent, strerrno(e->ret));
 	printf("%sLAT:    %lldus\n", indent, e->delta / 1000);
 	printf("%sMNT_NS: %u\n", indent, e->mnt_ns);
-	printf("%sFS:     %s\n", indent, e->fs);
-	printf("%sSOURCE: %s\n", indent, e->src);
-	printf("%sTARGET: %s\n", indent, e->dest);
-	printf("%sDATA:   %s\n", indent, e->data);
-	printf("%sFLAGS:  %s\n", indent, strflags(e->flags));
+	switch (e->op) {
+	case MOUNT:
+		printf("%sFS:     %s\n", indent, e->mount.fs);
+		printf("%sSOURCE: %s\n", indent, e->mount.src);
+		printf("%sTARGET: %s\n", indent, e->mount.dest);
+		printf("%sDATA:   %s\n", indent, e->mount.data);
+		printf("%sFLAGS:  %s\n", indent, strflags(e->mount.flags));
+		break;
+	case UMOUNT:
+		printf("%sTARGET: %s\n", indent, e->umount.dest);
+		printf("%sFLAGS:  %s\n", indent, strflags(e->umount.flags));
+		break;
+	default:
+		break;
+	}
 	printf("\n");
 
 	return 0;

libbpf-tools/mountsnoop.h

@@ -8,33 +8,55 @@
 #define PATH_MAX	4096
 
 enum op {
+	OP_MIN, /* skip 0 */
 	MOUNT,
 	UMOUNT,
 };
 
 struct arg {
 	__u64 ts;
-	__u64 flags;
-	const char *src;
-	const char *dest;
-	const char *fs;
-	const char *data;
 	enum op op;
+
+	union {
+		/* op=MOUNT */
+		struct {
+			__u64 flags;
+			const char *src;
+			const char *dest;
+			const char *fs;
+			const char *data;
+		} mount;
+		/* op=UMOUNT */
+		struct {
+			__u64 flags;
+			const char *dest;
+		} umount;
+	};
 };
 
 struct event {
 	__u64 delta;
-	__u64 flags;
 	__u32 pid;
 	__u32 tid;
 	unsigned int mnt_ns;
 	int ret;
-	char comm[TASK_COMM_LEN];
-	char fs[FS_NAME_LEN];
-	char src[PATH_MAX];
-	char dest[PATH_MAX];
-	char data[DATA_LEN];
 	enum op op;
+	char comm[TASK_COMM_LEN];
+	union {
+		/* op=MOUNT */
+		struct {
+			__u64 flags;
+			char fs[FS_NAME_LEN];
+			char src[PATH_MAX];
+			char dest[PATH_MAX];
+			char data[DATA_LEN];
+		} mount;
+		/* op=UMOUNT */
+		struct {
+			__u64 flags;
+			char dest[PATH_MAX];
+		} umount;
+	};
 };
 
 #endif /* __MOUNTSNOOP_H */