update: address review requests

Signed-off-by: rohith-raju <[email protected]>

driver/bpf/fillers.h

@@ -5794,9 +5794,9 @@ FILLER(sys_bpf_x, true)
 	long fd = bpf_syscall_get_retval(data->ctx);
 	bpf_push_s64_to_ring(data, fd);
 
-	/* Parameter 2: cmd (type: PT_INT64) */
+	/* Parameter 2: cmd (type: PT_INT32) */
 	int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0);
-	return bpf_push_s64_to_ring(data,(int64_t)cmd);
+	return bpf_push_s32_to_ring(data, cmd);
 }
 
 FILLER(sys_unlinkat_x, true)

driver/event_table.c

@@ -419,7 +419,7 @@ const struct ppm_event_info g_event_info[] = {
 	[PPME_SYSCALL_DUP_1_E] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 1, {{"fd", PT_FD, PF_DEC} } },
 	[PPME_SYSCALL_DUP_1_X] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 2, {{"res", PT_FD, PF_DEC}, {"oldfd", PT_FD, PF_DEC} } },
 	[PPME_SYSCALL_BPF_2_E] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 1, {{"cmd", PT_INT64, PF_DEC} } },
-	[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd",PT_INT64, PF_DEC} } },
+	[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd",PT_INT32, PF_DEC} } },
 	[PPME_SYSCALL_MLOCK2_E] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 0},
 	[PPME_SYSCALL_MLOCK2_X] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 4, {{"res", PT_ERRNO, PF_DEC}, {"addr", PT_UINT64, PF_HEX}, {"len", PT_UINT64, PF_DEC}, {"flags", PT_UINT32, PF_HEX, mlock2_flags}}},
 	[PPME_SYSCALL_FSCONFIG_E] = {"fsconfig", EC_SYSTEM | EC_SYSCALL, EF_NONE, 0},

driver/modern_bpf/definitions/events_dimensions.h

@@ -105,7 +105,7 @@
 #define PIPE_E_SIZE HEADER_LEN
 #define PIPE_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) + PARAM_LEN * 4
 #define BPF_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define BPF_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + PARAM_LEN * 2
+#define BPF_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(int32_t) + PARAM_LEN * 2
 #define FLOCK_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
 #define FLOCK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define IOCTL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c

@@ -58,9 +58,9 @@ int BPF_PROG(bpf_x,
 	/* Parameter 1: fd (type: PT_FD) */
 	ringbuf__store_s64(&ringbuf, ret);
 
-	/* Parameter 2: cmd (type: PT_INT64) */
+	/* Parameter 2: cmd (type: PT_INT32) */
 	int32_t cmd = (int32_t)extract__syscall_argument(regs, 0);
-	ringbuf__store_s64(&ringbuf, (int64_t)cmd);
+	ringbuf__store_s32(&ringbuf, cmd);
 
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/

driver/ppm_fillers.c

@@ -6734,7 +6734,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
 	/* Parameter 2: cmd (type: PT_INT64) */
 	syscall_get_arguments_deprecated(args, 0, 1, &val);
 	cmd = (int32_t)val;
-	res = val_to_ring(args, (int64_t)cmd, 0, false, 0);
+	res = val_to_ring(args, cmd, 0, false, 0);
 	CHECK_RES(res);
 	return add_sentinel(args);
 }

test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp

@@ -71,10 +71,10 @@ TEST(SyscallExit, bpfX_invalid_cmd)
 	/*=============================== ASSERT PARAMETERS  ===========================*/
 
 	/* Parameter 1: fd (type: PT_FD) */
-	evt_test->assert_numeric_param(1, (int64_t)errno_value);
+	evt_test->assert_numeric_param(1, errno_value);
 
-	/* Parameter 2: cmd (type: PT_FD) */
-	evt_test->assert_numeric_param(2, (int64_t)cmd);
+	/* Parameter 2: cmd (type: PT_INT32) */
+	evt_test->assert_numeric_param(2, cmd);
 
 	/*=============================== ASSERT PARAMETERS  ===========================*/
 
@@ -90,15 +90,10 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
-	int32_t cmd = BPF_MAP_CREATE;
-	union bpf_attr attr = {
-		.map_type = BPF_MAP_TYPE_ARRAY,
-		.key_size = sizeof(int),
-		.value_size = sizeof(int),
-		.max_entries = 1024
-	};
-	//
-	int *ret = (int*) mmap(NULL, sizeof(int), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0);
+	int32_t cmd = 1;
+	union bpf_attr *attr = NULL; 
+
+
 	/* Here we need to call the `bpf` from a child because the main process throws lots of
 	 * `bpf` syscalls to manage the bpf drivers.
 	 */
@@ -108,12 +103,10 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 
 	if(ret_pid == 0)
 	{
-		/* When BPF_MAP_CREATE is used, the new file descriptor associated with the eBPF map is returned.*/
-
-		*ret = syscall(__NR_bpf, cmd, &attr, sizeof(attr));
 		/* In this way in the father we know if the call was successful or not. */
-		if(*ret != -1)
+		if(syscall(__NR_bpf, cmd, attr, sizeof(attr) == -1))
 		{
+			/* SUCCESS because we want the call to fail */
 			exit(EXIT_SUCCESS);
 		}
 		else
@@ -127,11 +120,13 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 	int status = 0;
 	int options = 0;
 	assert_syscall_state(SYSCALL_SUCCESS, "wait4", syscall(__NR_wait4, ret_pid, &status, options, NULL), NOT_EQUAL, -1);
-	int fd = *ret;
-	if (munmap(ret, sizeof(ret) != -1)){
-		//munmap returns -1 when failed 
-		FAIL() << "Shared memory failed to clear..."<<std::endl;
-	};
+
+	if(__WEXITSTATUS(status) == EXIT_FAILURE || __WIFSIGNALED(status) != 0)
+	{
+		FAIL() << "The bpf call is successful while it should fail..." << std::endl;
+	}
+
+	int64_t errno_value = -EINVAL;
 
 	/*=============================== TRIGGER SYSCALL ===========================*/
 
@@ -151,8 +146,9 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 	/*=============================== ASSERT PARAMETERS  ===========================*/
 
 	/* Parameter 1: fd (type: PT_FD) */
-	evt_test->assert_numeric_param(1, (int64_t)fd);
-	evt_test->assert_numeric_param(2, (int64_t)cmd);
+	evt_test->assert_numeric_param(1, errno_value);
+	/* Parameter 2: cmd (type: PT_INT32)*/
+	evt_test->assert_numeric_param(2, cmd);
 
 	/*=============================== ASSERT PARAMETERS  ===========================*/