From df4bf4890576e6026ee69fee9f23be4d75ffa7a4 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <jolsa@kernel.org>
Date: Thu, 16 Jan 2025 12:45:24 +0000
Subject: [PATCH] tetragon: Add vmlinux.h file

Adding vmlinux.h file that includes the vmlinux_generated.h and
adds our local tetragon structures.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 bpf/include/vmlinux.h           | 43 +++++++++++++++++++++++++++++++++
 bpf/lib/bpf_task.h              |  4 ++-
 bpf/process/bpf_process_event.h |  4 ++-
 3 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 bpf/include/vmlinux.h

diff --git a/bpf/include/vmlinux.h b/bpf/include/vmlinux.h
new file mode 100644
index 00000000000..ae26f238b1e
--- /dev/null
+++ b/bpf/include/vmlinux.h
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+#ifndef __VMLINUX_H__
+#define __VMLINUX_H__
+
+#include "vmlinux_generated.h"
+
+/*
+ * Local definitions that we use in tetragon and are no longer part
+ * of vmlinux_generated.h.
+ */
+
+struct pid_link {
+	struct hlist_node node;
+	struct pid *pid;
+};
+
+struct audit_task_info {
+	kuid_t loginuid;
+};
+
+struct task_struct___local {
+	struct pid_link pids[PIDTYPE_MAX]; // old school pid refs
+	struct pid *thread_pid;
+	struct audit_task_info *audit; // Added audit_task for older kernels
+	kuid_t loginuid;
+};
+
+/* Represent old kernfs node present in 5.4 kernels and older */
+union kernfs_node_id {
+	struct {
+		/*
+		 * blktrace will export this struct as a simplified 'struct
+		 * fid' (which is a big data struction), so userspace can use
+		 * it to find kernfs node. The layout must match the first two
+		 * fields of 'struct fid' exactly.
+		 */
+		u32 ino;
+		u32 generation;
+	};
+	u64 id;
+};
+
+#endif /* __VMLINUX_H__ */
diff --git a/bpf/lib/bpf_task.h b/bpf/lib/bpf_task.h
index 190e814e382..e1554fb2c7e 100644
--- a/bpf/lib/bpf_task.h
+++ b/bpf/lib/bpf_task.h
@@ -7,6 +7,7 @@
 #include "bpf_event.h"
 #include "bpf_helpers.h"
 #include "generic.h"
+#include "vmlinux.h"
 
 /* __d_path_local flags */
 // #define UNRESOLVED_MOUNT_POINTS	   0x01 // (deprecated)
@@ -57,8 +58,9 @@ FUNC_INLINE struct task_struct *get_task_from_pid(__u32 pid)
 	return task;
 }
 
-FUNC_INLINE __u32 get_task_pid_vnr_by_task(struct task_struct *task)
+FUNC_INLINE __u32 get_task_pid_vnr_by_task(struct task_struct *t)
 {
+	struct task_struct___local *task = (struct task_struct___local *)t;
 	int thread_pid_exists;
 	unsigned int level;
 	struct upid upid;
diff --git a/bpf/process/bpf_process_event.h b/bpf/process/bpf_process_event.h
index f22e90ec00b..baf767657d3 100644
--- a/bpf/process/bpf_process_event.h
+++ b/bpf/process/bpf_process_event.h
@@ -30,8 +30,10 @@ struct {
 	__type(value, struct buffer_heap_map_value);
 } buffer_heap_map SEC(".maps");
 
-FUNC_INLINE __u64 __get_auid(struct task_struct *task)
+FUNC_INLINE __u64 __get_auid(struct task_struct *t)
 {
+	struct task_struct___local *task = (struct task_struct___local *)t;
+
 	// u64 to convince compiler to do 64bit loads early kernels do not
 	// support 32bit loads from stack, e.g. r1 = *(u32 *)(r10 -8).
 	__u64 auid = 0;