I am trying to retrieve the mount namespace of the current task in a BPF program as follows:
task = (struct task_struct *)bpf_get_current_task();
bpf_probe_read(&nsproxy, sizeof(nsproxy), (void *)&task->nsproxy);
bpf_probe_read(&mnt_ns, sizeof(mnt_ns), (void *)&nsproxy->mnt_ns);
bpf_probe_read(&ns, sizeof(ns), (void *)&mnt_ns->ns);
mnt_ns_inum = ns.inum;
This works fine using an Ubuntu kernel (uname -r: 4.15.0-13-generic) and mnt_ns_inum gets a value of 4026531840 for tasks in the host's mount namespace but running the same code using GCP's kernel (uname -r: 4.15.0-1019-gcp) always sets mnt_ns_inum to 0.
I am at a loss as to what Google could have changed to cause this behaviour (I am testing this on a local VM so the only difference between the two cases is the kernel I have booted the VM with and the kernel headers used for compilation).
Additionally, this same code worked for a GCP 4.13 kernel (uname -r: 4.13.0-1008-gcp) so it seems that this is a recent change.
EDIT:
For the 4.15 GCP kernel, the return values for the calls to bpf_probe_read are as follows:
- 0
- 18446744073709551602
- 18446744073709551602
As mentioned in the comments below, the non-zero return values correspond to -EFAULT.
