From abc2dc45c1209cbc4bed1306a20c1b1ed4a4a48d Mon Sep 17 00:00:00 2001 From: Everett Badeaux Date: Thu, 2 Nov 2023 16:44:35 -0500 Subject: [PATCH] cleanup(dup3): fix flags param Signed-off-by: Everett Badeaux --- driver/bpf/fillers.h | 9 +++++---- driver/modern_bpf/definitions/events_dimensions.h | 2 +- .../events/syscall_dispatched_events/dup3.bpf.c | 2 +- driver/ppm_fillers.c | 5 +++-- test/drivers/test_suites/syscall_enter_suite/dup3_e.cpp | 2 +- userspace/libscap/engine/gvisor/fillers.cpp | 2 +- userspace/libscap/engine/gvisor/fillers.h | 2 +- userspace/libsinsp/parsers.cpp | 2 +- 8 files changed, 14 insertions(+), 12 deletions(-) diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h index d283182660a..b3fcc77acd9 100644 --- a/driver/bpf/fillers.h +++ b/driver/bpf/fillers.h @@ -6257,8 +6257,9 @@ FILLER(sys_dup3_x, true) { unsigned long val; unsigned long retval; - unsigned long flags; + int flags; unsigned long res; + unsigned int scap_flags; retval = bpf_syscall_get_retval(data->ctx); res = bpf_push_s64_to_ring(data, retval); @@ -6280,9 +6281,9 @@ FILLER(sys_dup3_x, true) /* * flags */ - val = bpf_syscall_get_argument(data, 2); - flags = dup3_flags_to_scap(val); - return bpf_push_u32_to_ring(data, flags); + flags = bpf_syscall_get_argument(data, 2); + scap_flags = dup3_flags_to_scap(flags); + return bpf_push_u32_to_ring(data, scap_flags); } FILLER(sys_umount_x, true) diff --git a/driver/modern_bpf/definitions/events_dimensions.h b/driver/modern_bpf/definitions/events_dimensions.h index e052cb3241f..ec3fc7a0f10 100644 --- a/driver/modern_bpf/definitions/events_dimensions.h +++ b/driver/modern_bpf/definitions/events_dimensions.h @@ -49,7 +49,7 @@ #define DUP2_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN #define DUP2_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + PARAM_LEN * 3 #define DUP3_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN -#define DUP3_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + PARAM_LEN * 4 +#define DUP3_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(int32_t) + PARAM_LEN * 4 #define CHDIR_E_SIZE HEADER_LEN #define CHMOD_E_SIZE HEADER_LEN #define CHOWN_E_SIZE HEADER_LEN diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/dup3.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/dup3.bpf.c index 9d984669568..2847ff80b6b 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/dup3.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/dup3.bpf.c @@ -67,7 +67,7 @@ int BPF_PROG(dup3_x, ringbuf__store_s64(&ringbuf, (int64_t)newfd); /* Parameter 4: flags (type: PT_FLAGS32) */ - unsigned long flags = extract__syscall_argument(regs, 2); + int flags = extract__syscall_argument(regs, 2); ringbuf__store_u32(&ringbuf, dup3_flags_to_scap(flags)); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c index 076f3558a72..fc618afa8b4 100644 --- a/driver/ppm_fillers.c +++ b/driver/ppm_fillers.c @@ -5695,6 +5695,7 @@ int f_sys_dup3_x(struct event_filler_arguments *args) { int res; unsigned long val; + int flags; int64_t retval = (int64_t)syscall_get_return_value(current, args->regs); @@ -5718,8 +5719,8 @@ int f_sys_dup3_x(struct event_filler_arguments *args) /* * flags */ - syscall_get_arguments_deprecated(args, 2, 1, &val); - res = val_to_ring(args, dup3_flags_to_scap(val), 0, false, 0); + syscall_get_arguments_deprecated(args, 2, 1, &flags); + res = val_to_ring(args, dup3_flags_to_scap(flags), 0, false, 0); CHECK_RES(res); return add_sentinel(args); diff --git a/test/drivers/test_suites/syscall_enter_suite/dup3_e.cpp b/test/drivers/test_suites/syscall_enter_suite/dup3_e.cpp index deab8bece12..6784811bf58 100644 --- a/test/drivers/test_suites/syscall_enter_suite/dup3_e.cpp +++ b/test/drivers/test_suites/syscall_enter_suite/dup3_e.cpp @@ -14,7 +14,7 @@ TEST(SyscallEnter, dup3E) /* If `oldfd` equals `newfd`, then dup3() fails with the error `EINVAL`. */ int32_t new_fd = old_fd; - uint32_t flags = O_CLOEXEC; + int32_t flags = O_CLOEXEC; int32_t res = syscall(__NR_dup3, old_fd, new_fd, flags); assert_syscall_state(SYSCALL_FAILURE, "dup3", res); diff --git a/userspace/libscap/engine/gvisor/fillers.cpp b/userspace/libscap/engine/gvisor/fillers.cpp index 0fa6f7e1b7c..ef33ecfb559 100644 --- a/userspace/libscap/engine/gvisor/fillers.cpp +++ b/userspace/libscap/engine/gvisor/fillers.cpp @@ -1086,7 +1086,7 @@ fill_event_dup3_x(scap_sized_buffer scap_buf, size_t* event_size, char* scap_err int64_t res, int64_t oldfd, int64_t newfd, - uint32_t flags) + int32_t flags) { return scap_event_encode_params( scap_buf, event_size, scap_err, diff --git a/userspace/libscap/engine/gvisor/fillers.h b/userspace/libscap/engine/gvisor/fillers.h index 1c4d3ab6db5..695bb4ac5fb 100644 --- a/userspace/libscap/engine/gvisor/fillers.h +++ b/userspace/libscap/engine/gvisor/fillers.h @@ -349,7 +349,7 @@ fill_event_dup3_x(scap_sized_buffer scap_buf, size_t* event_size, char* scap_err int64_t res, int64_t oldfd, int64_t newfd, - uint32_t flags); + int32_t flags); int32_t fill_event_signalfd_e(scap_sized_buffer scap_buf, size_t* event_size, char* scap_err, diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 09052fdabf0..1d67aaf3439 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -4960,7 +4960,7 @@ void sinsp_parser::parse_dup_exit(sinsp_evt *evt) // If we are handling the dup3() event exit then we add the flags to the new file descriptor. // if (evt->get_type() == PPME_SYSCALL_DUP3_X){ - uint32_t flags; + int32_t flags; // // Get the flags parameter.