From ef80f577771e95c0843658d65ced3dd069634471 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Tue, 13 Feb 2024 18:54:50 +0200
Subject: define event struct and assign values independently. otherwise,
 confuses BPF verifier on linux 4.18.

---
 ioriotng.bpf.c | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/ioriotng.bpf.c b/ioriotng.bpf.c
index 5555144..c064364 100644
--- a/ioriotng.bpf.c
+++ b/ioriotng.bpf.c
@@ -17,10 +17,9 @@ int handle_enter_open(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
-    struct open_event event = {
-        .op_id = OPEN,
-        .enter_time = bpf_ktime_get_ns(),
-    };
+    struct open_event event = {};
+    event.op_id = OPEN;
+    event.enter_time = bpf_ktime_get_ns();
 
     bpf_probe_read_user_str(event.filename, sizeof(event.filename), (void *)ctx->args[0]);
     bpf_get_current_comm(&event.comm, sizeof(event.comm));
@@ -54,14 +53,14 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
-    struct open_event event = {
-        .op_id = OPEN_AT,
-        .enter_time = bpf_ktime_get_ns(),
-    };
+
+    struct open_event event = {};
+    event.op_id = OPEN_AT;
+    event.enter_time = bpf_ktime_get_ns();
+    event.tid = tid;
 
     bpf_probe_read_user_str(event.filename, sizeof(event.filename), (void *)ctx->args[1]);
     bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    event.tid = tid;
     bpf_map_update_elem(&open_event_temp_map, &tid, &event, BPF_ANY);
 
     return 0;
@@ -81,12 +80,13 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
-    struct fd_event event = {
-        .fd = (int)ctx->args[0],
-        .op_id = CLOSE,
-        .tid = bpf_get_current_pid_tgid(),
-        .enter_time = bpf_ktime_get_ns(),
-    };
+
+    struct fd_event event = {};
+    event.fd = (int)ctx->args[0];
+    event.op_id = CLOSE;
+    event.tid = tid;
+    event.enter_time = bpf_ktime_get_ns();
+
     bpf_map_update_elem(&fd_event_temp_map, &tid, &event, BPF_ANY);
 
     return 0;
@@ -98,11 +98,13 @@ int handle_exit_close(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
+
     struct open_event *eventp = bpf_map_lookup_elem(&fd_event_temp_map, &tid);
     if (!eventp) {
         return 0;
     }
     eventp->exit_time = bpf_ktime_get_ns();
+
     bpf_perf_event_output(ctx, &fd_event_map, BPF_F_CURRENT_CPU, eventp, sizeof(struct fd_event));
     bpf_map_delete_elem(&fd_event_temp_map, &tid);
 
-- 
cgit v1.2.3