From 5df4aec696ba359cfbc6329169738c4847b09c38 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andreaterzolo3@gmail.com>
Date: Thu, 2 Jan 2025 15:48:55 +0100
Subject: [PATCH] fix(modern): move args declaration at the beginning

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
---
 .../events/syscall_dispatched_events/bind.bpf.c    |  4 +++-
 .../events/syscall_dispatched_events/listen.bpf.c  |  8 ++++++--
 .../events/syscall_dispatched_events/recv.bpf.c    |  4 +++-
 .../syscall_dispatched_events/recvfrom.bpf.c       |  4 +++-
 .../events/syscall_dispatched_events/recvmsg.bpf.c |  4 +++-
 .../events/syscall_dispatched_events/send.bpf.c    |  4 +++-
 .../syscall_dispatched_events/shutdown.bpf.c       |  4 +++-
 .../events/syscall_dispatched_events/socket.bpf.c  | 14 +++++++++-----
 .../syscall_dispatched_events/socketpair.bpf.c     |  4 +++-
 9 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c
index 43a8c3f996..75f83784ae 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c
@@ -13,7 +13,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(bind_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to easily manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long socket_fd = 0;
 	extract__network_args(&socket_fd, 1, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c
index 892da8aa4e..10cdc99813 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c
@@ -12,7 +12,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(listen_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[2] = {0};
 	extract__network_args(args, 2, regs);
 
@@ -46,7 +48,9 @@ int BPF_PROG(listen_e, struct pt_regs *regs, long id) {
 
 SEC("tp_btf/sys_exit")
 int BPF_PROG(listen_x, struct pt_regs *regs, long ret) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[2] = {0};
 	extract__network_args(args, 2, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c
index 34a8106ccf..53b1340fde 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c
@@ -13,7 +13,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(recv_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[3] = {0};
 	extract__network_args(args, 3, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c
index 7f90812e12..615224c8f2 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c
@@ -13,7 +13,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(recvfrom_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to  manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[3] = {0};
 	extract__network_args(args, 3, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c
index b4c4b310f0..942e9bd860 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c
@@ -13,7 +13,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(recvmsg_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long socket_fd = 0;
 	extract__network_args(&socket_fd, 1, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c
index c7beaa5365..d9d8b417f1 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c
@@ -13,7 +13,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(send_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[3] = {0};
 	extract__network_args(args, 3, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c
index 6a77636f6b..5135783a70 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c
@@ -12,7 +12,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(shutdown_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to easily manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[2] = {0};
 	extract__network_args(args, 2, regs);
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c
index 8cefc41a27..a3178c6519 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c
@@ -12,7 +12,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(socket_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning so we can easily manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[3] = {0};
 	extract__network_args(args, 3, regs);
 
@@ -53,6 +55,12 @@ int BPF_PROG(socket_e, struct pt_regs *regs, long id) {
 
 SEC("tp_btf/sys_exit")
 int BPF_PROG(socket_x, struct pt_regs *regs, long ret) {
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
+	unsigned long args[3] = {0};
+	extract__network_args(args, 3, regs);
+
 	struct ringbuf_struct ringbuf;
 	if(!ringbuf__reserve_space(&ringbuf, SOCKET_X_SIZE, PPME_SOCKET_SOCKET_X)) {
 		return 0;
@@ -85,10 +93,6 @@ int BPF_PROG(socket_x, struct pt_regs *regs, long ret) {
 		}
 	}
 
-	/* Collect parameters at the beginning so we can easily manage socketcalls */
-	unsigned long args[3] = {0};
-	extract__network_args(args, 3, regs);
-
 	/* Parameter 2: domain (type: PT_ENUMFLAGS32) */
 	uint8_t domain = (uint8_t)args[0];
 	ringbuf__store_u32(&ringbuf, (uint32_t)socket_family_to_scap(domain));
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c
index 3aaa9f77a5..95e9857018 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c
@@ -12,7 +12,9 @@
 
 SEC("tp_btf/sys_enter")
 int BPF_PROG(socketpair_e, struct pt_regs *regs, long id) {
-	/* Collect parameters at the beginning to manage socketcalls */
+	/* We need to keep this at the beginning of the program because otherwise we alter the state of
+	 * the ebpf registers causing a verifier issue.
+	 */
 	unsigned long args[3] = {0};
 	extract__network_args(args, 3, regs);