Date: Friday, May 24, 2019 @ 08:35:55
Author: mtorromeo
Revision: 469562
upgpkg: sysdig 0.26.0-1
Added:
sysdig/trunk/glibc.patch
Modified:
sysdig/trunk/PKGBUILD
sysdig/trunk/linux-5.1.patch
-----------------+
PKGBUILD | 14 +
glibc.patch | 12 +
linux-5.1.patch | 444 ++++++++++++++++++++++++++++--------------------------
3 files changed, 257 insertions(+), 213 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-05-24 08:26:57 UTC (rev 469561)
+++ PKGBUILD 2019-05-24 08:35:55 UTC (rev 469562)
@@ -3,8 +3,8 @@
# Contribuitor: Christian Babeux <christian.bab...@0x80.ca>
pkgname=sysdig
-pkgver=0.25
-pkgrel=2
+pkgver=0.26.0
+pkgrel=1
pkgdesc="Open source system-level exploration and troubleshooting tool"
arch=('x86_64')
url="https://www.sysdig.com/";
@@ -13,15 +13,18 @@
makedepends=('cmake' 'pandoc')
source=("https://github.com/draios/sysdig/archive/$pkgver/$pkgname-$pkgver.tar.gz";
"bashcomp-location.patch"
- "linux-5.1.patch")
-sha256sums=('4ab2d3cebb49e3b059bf974d68cef4cedc141d1544fa2b252cfa1cdf3ee33fdd'
+ "linux-5.1.patch"
+ "glibc.patch")
+sha256sums=('bf0f119d6c5216d25fe8acb0d340b0df01e32fc56119653da5928a1113a976fe'
'aaee8a0ff414a24c5d5a479229324be1667bc5eb70702838f5d617fd986f947b'
- '4440ad68b2c8d7f4d6a13adcc0c901bb07faece70bb91a4e0b5e5c744dd9603b')
+ '4f0666813276af5d07314afc71986b1b4f1b2dc59cb517936a138adf63133077'
+ '9d9ee715500cb5c3709cf6a77e95421edaaae5f15dbb1c7c8ad2147cc9637939')
prepare() {
cd "$srcdir"/$pkgname-$pkgver
patch -p1 -i "$srcdir"/bashcomp-location.patch
patch -p1 -i "$srcdir"/linux-5.1.patch
+ patch -p1 -i "$srcdir"/glibc.patch
}
build() {
@@ -31,6 +34,7 @@
cd build
cmake .. \
-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
+ -DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl" \
-DCMAKE_CXX_FLAGS="-Wno-deprecated-declarations" \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=/usr \
Added: glibc.patch
===================================================================
--- glibc.patch (rev 0)
+++ glibc.patch 2019-05-24 08:35:55 UTC (rev 469562)
@@ -0,0 +1,12 @@
+diff --git a/userspace/libscap/scap_fds.c b/userspace/libscap/scap_fds.c
+index 452353a..c1e38b1 100644
+--- a/userspace/libscap/scap_fds.c
++++ b/userspace/libscap/scap_fds.c
+@@ -25,6 +25,7 @@ limitations under the License.
+ #include "scap_savefile.h"
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <sys/sysmacros.h>
+ #include <fcntl.h>
+ #include "uthash.h"
+ #ifdef _WIN32
Modified: linux-5.1.patch
===================================================================
--- linux-5.1.patch 2019-05-24 08:26:57 UTC (rev 469561)
+++ linux-5.1.patch 2019-05-24 08:35:55 UTC (rev 469562)
@@ -1,8 +1,43 @@
+From a6ab1e66fc05a02178e051ea2441633996d5871e Mon Sep 17 00:00:00 2001
+From: Nathan Baker <7409217+natha...@users.noreply.github.com>
+Date: Thu, 23 May 2019 09:59:06 -0400
+Subject: [PATCH] Changes to build the kmod with 5.1 kernels [SMAGENT-1643]
+ (#1413)
+
+[SMAGENT-1643] Changes to build the kmod with 5.1 kernels
+
+* The syscall_get_arguments function changed its parameters.
+* The mmap symbols changed header locations
+* Wrapped the kernel version check in a function
+---
+ driver/main.c | 21 ++-
+ driver/ppm.h | 2 +
+ driver/ppm_events.c | 47 +++---
+ driver/ppm_fillers.c | 345 ++++++++++++++++++++------------------
+ driver/ppm_flag_helpers.h | 3 +-
+ 5 files changed, 227 insertions(+), 191 deletions(-)
+
diff --git a/driver/main.c b/driver/main.c
-index a2b0b64..cdd8d2d 100644
+index a2b0b6453..fc8768584 100644
--- a/driver/main.c
+++ b/driver/main.c
-@@ -1284,11 +1284,14 @@ static const unsigned char compat_nas[21] = {
+@@ -216,6 +216,15 @@ do {
\
+ pr_info(fmt, ##__VA_ARGS__); \
+ } while (0)
+
++inline void ppm_syscall_get_arguments(struct task_struct *task, struct
pt_regs *regs, unsigned long *args)
++{
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
++ syscall_get_arguments(task, regs, 0, 6, args);
++#else
++ syscall_get_arguments(task, regs, args);
++#endif
++}
++
+ /* compat tracepoint functions */
+ static int compat_register_trace(void *func, const char *probename, struct
tracepoint *tp)
+ {
+@@ -1284,11 +1293,10 @@ static const unsigned char compat_nas[21] = {
#ifdef _HAS_SOCKETCALL
static enum ppm_event_type parse_socketcall(struct event_filler_arguments
*filler_args, struct pt_regs *regs)
{
@@ -12,15 +47,11 @@
int socketcall_id;
-
- syscall_get_arguments(current, regs, 0, 2, args);
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, regs, 0, 6, args);
-+#else
-+ syscall_get_arguments(current, regs, args);
-+#endif
++ ppm_syscall_get_arguments(current, regs, args);
socketcall_id = args[0];
scargs = (unsigned long __user *)args[1];
-@@ -1403,6 +1406,7 @@ static inline void record_drop_x(struct ppm_consumer_t
*consumer, struct timespe
+@@ -1403,6 +1411,7 @@ static inline void record_drop_x(struct ppm_consumer_t
*consumer, struct timespe
static inline int drop_nostate_event(enum ppm_event_type event_type,
struct pt_regs *regs)
{
@@ -28,39 +59,42 @@
unsigned long arg = 0;
int close_fd = -1;
struct files_struct *files;
-@@ -1424,7 +1428,12 @@ static inline int drop_nostate_event(enum
ppm_event_type event_type,
+@@ -1424,7 +1433,8 @@ static inline int drop_nostate_event(enum ppm_event_type
event_type,
* The invalid fd events don't matter to userspace in dropping
mode,
* so we do this before the UF_NEVER_DROP check
*/
- syscall_get_arguments(current, regs, 0, 1, &arg);
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, regs, 0, 6, args);
-+#else
-+ syscall_get_arguments(current, regs, args);
-+#endif
++ ppm_syscall_get_arguments(current, regs, args);
+ arg = args[0];
close_fd = (int)arg;
files = current->files;
-@@ -1444,7 +1453,12 @@ static inline int drop_nostate_event(enum
ppm_event_type event_type,
+@@ -1444,7 +1454,8 @@ static inline int drop_nostate_event(enum ppm_event_type
event_type,
case PPME_SYSCALL_FCNTL_E:
case PPME_SYSCALL_FCNTL_X:
// cmd arg
- syscall_get_arguments(current, regs, 1, 1, &arg);
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, regs, 0, 6, args);
-+#else
-+ syscall_get_arguments(current, regs, args);
-+#endif
++ ppm_syscall_get_arguments(current, regs, args);
+ arg = args[1];
if (arg != F_DUPFD && arg != F_DUPFD_CLOEXEC)
drop = true;
break;
+diff --git a/driver/ppm.h b/driver/ppm.h
+index 6ecc2b719..6077fa425 100644
+--- a/driver/ppm.h
++++ b/driver/ppm.h
+@@ -113,4 +113,6 @@ extern const struct syscall_evt_pair
g_syscall_ia32_table[];
+ extern const enum ppm_syscall_code g_syscall_ia32_code_routing_table[];
+ #endif
+
++extern void ppm_syscall_get_arguments(struct task_struct *task, struct
pt_regs *regs, unsigned long *args);
++
+ #endif /* PPM_H_ */
diff --git a/driver/ppm_events.c b/driver/ppm_events.c
-index cc3eb98..db13d07 100644
+index 77671a9fa..fd96acd8c 100644
--- a/driver/ppm_events.c
+++ b/driver/ppm_events.c
-@@ -244,14 +244,20 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
+@@ -249,14 +249,16 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
if (err == 0) {
if(args->event_type == PPME_SOCKET_SENDTO_X)
{
@@ -74,17 +108,13 @@
- syscall_get_arguments(current,
args->regs, 4, 1, &val);
- else
+ if (!args->is_socketcall) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current,
args->regs, 0, 6, syscall_args);
-+#else
-+ syscall_get_arguments(current,
args->regs, syscall_args);
-+#endif
++
ppm_syscall_get_arguments(current, args->regs, syscall_args);
+ val = syscall_args[4];
+ } else
val = args->socketcall_args[4];
usrsockaddr = (struct sockaddr __user
*)val;
-@@ -265,9 +271,14 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
+@@ -270,9 +272,10 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
/*
* Get the address len
*/
@@ -92,17 +122,13 @@
-
syscall_get_arguments(current, args->regs, 5, 1, &val);
- else
+ if (!args->is_socketcall) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+
syscall_get_arguments(current, args->regs, 0, 6, syscall_args);
-+#else
-+
syscall_get_arguments(current, args->regs, syscall_args);
-+#endif
++
ppm_syscall_get_arguments(current, args->regs, syscall_args);
+ val = syscall_args[5];
+ } else
val =
args->socketcall_args[5];
if (val != 0) {
-@@ -283,6 +294,7 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
+@@ -288,6 +291,7 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
}
}
} else if (args->event_type ==
PPME_SOCKET_SENDMSG_X) {
@@ -110,7 +136,7 @@
unsigned long val;
struct sockaddr __user * usrsockaddr;
int addrlen;
-@@ -295,9 +307,14 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
+@@ -300,9 +304,10 @@ inline u32 compute_snaplen(struct event_filler_arguments
*args, char *buf, u32 l
struct msghdr mh;
#endif
@@ -118,17 +144,13 @@
- syscall_get_arguments(current,
args->regs, 1, 1, &val);
- else
+ if (!args->is_socketcall) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current,
args->regs, 0, 6, syscall_args);
-+#else
-+ syscall_get_arguments(current,
args->regs, syscall_args);
-+#endif
++
ppm_syscall_get_arguments(current, args->regs, syscall_args);
+ val = syscall_args[1];
+ } else
val = args->socketcall_args[1];
#ifdef CONFIG_COMPAT
-@@ -1106,6 +1123,7 @@ int32_t parse_readv_writev_bufs(struct
event_filler_arguments *args, const struc
+@@ -1113,6 +1118,7 @@ int32_t parse_readv_writev_bufs(struct
event_filler_arguments *args, const struc
unsigned long bufsize;
char *targetbuf = args->str_storage;
u32 targetbuflen = STR_STORAGE_SIZE;
@@ -136,7 +158,7 @@
unsigned long val;
u32 notcopied_len;
size_t tocopy_len;
-@@ -1151,9 +1169,14 @@ int32_t parse_readv_writev_bufs(struct
event_filler_arguments *args, const struc
+@@ -1158,9 +1164,10 @@ int32_t parse_readv_writev_bufs(struct
event_filler_arguments *args, const struc
/*
* Retrieve the FD. It will be used for dynamic snaplen
calculation.
*/
@@ -144,17 +166,13 @@
- syscall_get_arguments(current, args->regs, 0,
1, &val);
- else
+ if (!args->is_socketcall) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, args->regs, 0,
6, syscall_args);
-+#else
-+ syscall_get_arguments(current, args->regs,
syscall_args);
-+#endif
++ ppm_syscall_get_arguments(current, args->regs,
syscall_args);
+ val = syscall_args[0];
+ } else
val = args->socketcall_args[0];
args->fd = (int)val;
-@@ -1237,6 +1260,7 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
+@@ -1244,6 +1251,7 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
unsigned long bufsize;
char *targetbuf = args->str_storage;
u32 targetbuflen = STR_STORAGE_SIZE;
@@ -162,7 +180,7 @@
unsigned long val;
u32 notcopied_len;
compat_size_t tocopy_len;
-@@ -1282,9 +1306,14 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
+@@ -1289,9 +1297,10 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
/*
* Retrieve the FD. It will be used for dynamic snaplen
calculation.
*/
@@ -170,17 +188,13 @@
- syscall_get_arguments(current, args->regs, 0,
1, &val);
- else
+ if (!args->is_socketcall) {
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, args->regs, 0,
6, syscall_args);
-+#else
-+ syscall_get_arguments(current, args->regs,
syscall_args);
-+#endif
++ ppm_syscall_get_arguments(current, args->regs,
syscall_args);
+ val = syscall_args[0];
+ } else
val = args->socketcall_args[0];
args->fd = (int)val;
-@@ -1368,6 +1397,7 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
+@@ -1375,6 +1384,7 @@ int32_t compat_parse_readv_writev_bufs(struct
event_filler_arguments *args, cons
int f_sys_autofill(struct event_filler_arguments *args)
{
int res;
@@ -188,7 +202,7 @@
unsigned long val;
u32 j;
int64_t retval;
-@@ -1386,11 +1416,12 @@ int f_sys_autofill(struct event_filler_arguments *args)
+@@ -1393,11 +1403,8 @@ int f_sys_autofill(struct event_filler_arguments *args)
/*
* Regular argument
*/
@@ -197,25 +211,21 @@
- evinfo->autofill_args[j].id,
- 1,
- &val);
-+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0))
-+ syscall_get_arguments(current, args->regs, 0,
6, syscall_args);
-+#else
-+ syscall_get_arguments(current, args->regs,
syscall_args);
-+#endif
++ ppm_syscall_get_arguments(current, args->regs,
syscall_args);
+ val = syscall_args[evinfo->autofill_args[j].id];
}
res = val_to_ring(args, val, 0, true, 0);
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
-index ccf092f..c9c4e67 100644
+index 82d0b162a..883827afd 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
-@@ -48,6 +48,23 @@ or GPL2.txt for full copies of the license.
+@@ -56,6 +56,23 @@ static inline struct inode *file_inode(struct file *f)
#define merge_64(hi, lo) ((((unsigned long long)(hi)) << 32) + ((lo) &
0xffffffffUL))
+/*
-+ * Linux 5.1 kernels modify the syscall_get_arguments_deprecated function to
always
++ * Linux 5.1 kernels modify the syscall_get_arguments function to always
+ * return all arguments rather than allowing the caller to select which
+ * arguments are desired. This wrapper replicates the original
+ * functionality.
@@ -234,7 +244,7 @@
int f_sys_generic(struct event_filler_arguments *args)
{
int res;
-@@ -107,7 +124,7 @@ int f_sys_single(struct event_filler_arguments *args)
+@@ -115,7 +132,7 @@ int f_sys_single(struct event_filler_arguments *args)
int res;
unsigned long val;
@@ -243,7 +253,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -147,7 +164,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
+@@ -195,7 +212,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
/*
* name
*/
@@ -252,7 +262,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -156,7 +173,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
+@@ -204,7 +221,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
* Flags
* Note that we convert them into the ppm portable representation
before pushing them to the ring
*/
@@ -261,7 +271,7 @@
res = val_to_ring(args, open_flags_to_scap(flags), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -164,7 +181,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
+@@ -212,7 +229,7 @@ int f_sys_open_x(struct event_filler_arguments *args)
/*
* mode
*/
@@ -270,7 +280,7 @@
res = val_to_ring(args, open_modes_to_scap(flags, modes), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -182,7 +199,7 @@ int f_sys_read_x(struct event_filler_arguments *args)
+@@ -237,7 +254,7 @@ int f_sys_read_x(struct event_filler_arguments *args)
/*
* Retrieve the FD. It will be used for dynamic snaplen calculation.
*/
@@ -279,7 +289,7 @@
args->fd = (int)val;
/*
-@@ -203,7 +220,7 @@ int f_sys_read_x(struct event_filler_arguments *args)
+@@ -258,7 +275,7 @@ int f_sys_read_x(struct event_filler_arguments *args)
val = 0;
bufsize = 0;
} else {
@@ -288,7 +298,7 @@
/*
* The return value can be lower than the value provided by the
user,
-@@ -233,7 +250,7 @@ int f_sys_write_x(struct event_filler_arguments *args)
+@@ -288,7 +305,7 @@ int f_sys_write_x(struct event_filler_arguments *args)
/*
* Retrieve the FD. It will be used for dynamic snaplen calculation.
*/
@@ -297,7 +307,7 @@
args->fd = (int)val;
/*
-@@ -248,13 +265,13 @@ int f_sys_write_x(struct event_filler_arguments *args)
+@@ -303,13 +320,13 @@ int f_sys_write_x(struct event_filler_arguments *args)
/*
* data
*/
@@ -313,7 +323,7 @@
args->enforce_snaplen = true;
res = val_to_ring(args, val, bufsize, true, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -693,7 +710,7 @@ int f_proc_startupdate(struct event_filler_arguments *args)
+@@ -748,7 +765,7 @@ int f_proc_startupdate(struct event_filler_arguments *args)
*/
args->str_storage[0] = 0;
@@ -322,7 +332,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat))
args_len =
compat_accumulate_argv_or_env((compat_uptr_t)val,
-@@ -865,9 +882,9 @@ cgroups_error:
+@@ -920,9 +937,9 @@ int f_proc_startupdate(struct event_filler_arguments *args)
*/
if (args->event_type == PPME_SYSCALL_CLONE_20_X) {
#ifdef CONFIG_S390
@@ -334,7 +344,7 @@
#endif
} else
val = 0;
-@@ -940,7 +957,7 @@ cgroups_error:
+@@ -995,7 +1012,7 @@ int f_proc_startupdate(struct event_filler_arguments
*args)
/*
* The call failed, so get the env from the arguments
*/
@@ -343,7 +353,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat))
env_len =
compat_accumulate_argv_or_env((compat_uptr_t)val,
-@@ -1009,7 +1026,7 @@ int f_sys_execve_e(struct event_filler_arguments *args)
+@@ -1064,7 +1081,7 @@ int f_sys_execve_e(struct event_filler_arguments *args)
/*
* filename
*/
@@ -352,7 +362,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (res == PPM_FAILURE_INVALID_USER_MEMORY)
res = val_to_ring(args, (unsigned long)"<NA>", 0, false, 0);
-@@ -1041,7 +1058,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments
*args)
+@@ -1096,7 +1113,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments
*args)
* addr
*/
if (!args->is_socketcall)
@@ -361,7 +371,7 @@
else
val = args->socketcall_args[1];
-@@ -1051,7 +1068,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments
*args)
+@@ -1106,7 +1123,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments
*args)
* Get the address len
*/
if (!args->is_socketcall)
@@ -370,7 +380,7 @@
else
val = args->socketcall_args[2];
-@@ -1109,7 +1126,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
+@@ -1164,7 +1181,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
* in the stack, and therefore we can consume them.
*/
if (!args->is_socketcall) {
@@ -379,7 +389,7 @@
fd = (int)val;
} else
fd = (int)args->socketcall_args[0];
-@@ -1119,7 +1136,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
+@@ -1174,7 +1191,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
* Get the address
*/
if (!args->is_socketcall)
@@ -388,7 +398,7 @@
else
val = args->socketcall_args[1];
-@@ -1129,7 +1146,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
+@@ -1184,7 +1201,7 @@ int f_sys_connect_x(struct event_filler_arguments *args)
* Get the address len
*/
if (!args->is_socketcall)
@@ -397,7 +407,7 @@
else
val = args->socketcall_args[2];
-@@ -1194,7 +1211,7 @@ int f_sys_socketpair_x(struct event_filler_arguments
*args)
+@@ -1249,7 +1266,7 @@ int f_sys_socketpair_x(struct event_filler_arguments
*args)
* fds
*/
if (!args->is_socketcall)
@@ -406,7 +416,7 @@
else
val = args->socketcall_args[3];
#ifdef CONFIG_COMPAT
-@@ -1427,9 +1444,9 @@ int f_sys_setsockopt_x(struct event_filler_arguments
*args)
+@@ -1482,9 +1499,9 @@ int f_sys_setsockopt_x(struct event_filler_arguments
*args)
{
int res;
int64_t retval;
@@ -418,7 +428,7 @@
retval = (int64_t)(long)syscall_get_return_value(current, args->regs);
/* retval */
-@@ -1471,9 +1488,9 @@ int f_sys_getsockopt_x(struct event_filler_arguments
*args)
+@@ -1526,9 +1543,9 @@ int f_sys_getsockopt_x(struct event_filler_arguments
*args)
int res;
int64_t retval;
uint32_t optlen;
@@ -430,7 +440,7 @@
retval = (int64_t)(long)syscall_get_return_value(current, args->regs);
/* retval */
-@@ -1575,7 +1592,7 @@ int f_sys_accept_x(struct event_filler_arguments *args)
+@@ -1630,7 +1647,7 @@ int f_sys_accept_x(struct event_filler_arguments *args)
* queuepct
*/
if (!args->is_socketcall)
@@ -439,7 +449,7 @@
else
srvskfd = args->socketcall_args[0];
-@@ -1617,7 +1634,7 @@ int f_sys_send_e_common(struct event_filler_arguments
*args, int *fd)
+@@ -1672,7 +1689,7 @@ int f_sys_send_e_common(struct event_filler_arguments
*args, int *fd)
* fd
*/
if (!args->is_socketcall)
@@ -448,7 +458,7 @@
else
val = args->socketcall_args[0];
-@@ -1631,7 +1648,7 @@ int f_sys_send_e_common(struct event_filler_arguments
*args, int *fd)
+@@ -1686,7 +1703,7 @@ int f_sys_send_e_common(struct event_filler_arguments
*args, int *fd)
* size
*/
if (!args->is_socketcall)
@@ -457,7 +467,7 @@
else
size = args->socketcall_args[2];
-@@ -1678,7 +1695,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args)
+@@ -1733,7 +1750,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args)
* Get the address
*/
if (!args->is_socketcall)
@@ -466,7 +476,7 @@
else
val = args->socketcall_args[4];
-@@ -1688,7 +1705,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args)
+@@ -1743,7 +1760,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args)
* Get the address len
*/
if (!args->is_socketcall)
@@ -475,7 +485,7 @@
else
val = args->socketcall_args[5];
-@@ -1736,7 +1753,7 @@ int f_sys_send_x(struct event_filler_arguments *args)
+@@ -1791,7 +1808,7 @@ int f_sys_send_x(struct event_filler_arguments *args)
* Retrieve the FD. It will be used for dynamic snaplen calculation.
*/
if (!args->is_socketcall)
@@ -484,7 +494,7 @@
else
val = args->socketcall_args[0];
-@@ -1761,7 +1778,7 @@ int f_sys_send_x(struct event_filler_arguments *args)
+@@ -1816,7 +1833,7 @@ int f_sys_send_x(struct event_filler_arguments *args)
bufsize = 0;
} else {
if (!args->is_socketcall)
@@ -493,7 +503,7 @@
else
val = args->socketcall_args[1];
-@@ -1790,7 +1807,7 @@ int f_sys_recv_x_common(struct event_filler_arguments
*args, int64_t *retval)
+@@ -1845,7 +1862,7 @@ int f_sys_recv_x_common(struct event_filler_arguments
*args, int64_t *retval)
* Retrieve the FD. It will be used for dynamic snaplen calculation.
*/
if (!args->is_socketcall)
@@ -502,7 +512,7 @@
else
val = args->socketcall_args[1];
-@@ -1815,7 +1832,7 @@ int f_sys_recv_x_common(struct event_filler_arguments
*args, int64_t *retval)
+@@ -1870,7 +1887,7 @@ int f_sys_recv_x_common(struct event_filler_arguments
*args, int64_t *retval)
bufsize = 0;
} else {
if (!args->is_socketcall)
@@ -511,7 +521,7 @@
else
val = args->socketcall_args[1];
-@@ -1871,7 +1888,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
+@@ -1926,7 +1943,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
* Get the fd
*/
if (!args->is_socketcall) {
@@ -520,7 +530,7 @@
fd = (int)val;
} else
fd = (int)args->socketcall_args[0];
-@@ -1880,7 +1897,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
+@@ -1935,7 +1952,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
* Get the address
*/
if (!args->is_socketcall)
@@ -529,7 +539,7 @@
else
val = args->socketcall_args[4];
usrsockaddr = (struct sockaddr __user *)val;
-@@ -1889,7 +1906,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
+@@ -1944,7 +1961,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args)
* Get the address len
*/
if (!args->is_socketcall)
@@ -538,7 +548,7 @@
else
val = args->socketcall_args[5];
if (usrsockaddr != NULL && val != 0) {
-@@ -1965,7 +1982,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args)
+@@ -2020,7 +2037,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args)
* fd
*/
if (!args->is_socketcall)
@@ -547,7 +557,7 @@
else
val = args->socketcall_args[0];
-@@ -1978,7 +1995,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args)
+@@ -2033,7 +2050,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args)
* Retrieve the message header
*/
if (!args->is_socketcall)
@@ -556,7 +566,7 @@
else
val = args->socketcall_args[1];
-@@ -2090,7 +2107,7 @@ int f_sys_sendmsg_x(struct event_filler_arguments *args)
+@@ -2145,7 +2162,7 @@ int f_sys_sendmsg_x(struct event_filler_arguments *args)
* Retrieve the message header
*/
if (!args->is_socketcall)
@@ -565,7 +575,7 @@
else
val = args->socketcall_args[1];
-@@ -2163,7 +2180,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args)
+@@ -2218,7 +2235,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args)
* Retrieve the message header
*/
if (!args->is_socketcall)
@@ -574,7 +584,7 @@
else
val = args->socketcall_args[1];
-@@ -2207,7 +2224,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args)
+@@ -2262,7 +2279,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args)
* Get the fd
*/
if (!args->is_socketcall) {
@@ -583,8 +593,26 @@
fd = (int)val;
} else
fd = (int)args->socketcall_args[0];
-@@ -2269,7 +2286,7 @@ int f_sys_pipe_x(struct event_filler_arguments *args)
+@@ -2323,7 +2340,7 @@ int f_sys_creat_x(struct event_filler_arguments *args)
/*
+ * name
+ */
+- syscall_get_arguments(current, args->regs, 0, 1, &val);
++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val);
+ res = val_to_ring(args, val, 0, true, 0);
+ if (unlikely(res != PPM_SUCCESS))
+ return res;
+@@ -2331,7 +2348,7 @@ int f_sys_creat_x(struct event_filler_arguments *args)
+ /*
+ * mode
+ */
+- syscall_get_arguments(current, args->regs, 1, 1, &modes);
++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &modes);
+ res = val_to_ring(args, open_modes_to_scap(O_CREAT, modes), 0, false,
0);
+ if (unlikely(res != PPM_SUCCESS))
+ return res;
+@@ -2365,7 +2382,7 @@ int f_sys_pipe_x(struct event_filler_arguments *args)
+ /*
* fds
*/
- syscall_get_arguments(current, args->regs, 0, 1, &val);
@@ -592,7 +620,7 @@
#ifdef CONFIG_COMPAT
if (!args->compat) {
-@@ -2317,7 +2334,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args)
+@@ -2413,7 +2430,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args)
/*
* initval
*/
@@ -601,7 +629,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2326,7 +2343,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args)
+@@ -2422,7 +2439,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args)
* flags
* XXX not implemented yet
*/
@@ -610,7 +638,7 @@
val = 0;
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -2344,7 +2361,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args)
+@@ -2440,7 +2457,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args)
* fd
*/
if (!args->is_socketcall)
@@ -619,7 +647,7 @@
else
val = args->socketcall_args[0];
-@@ -2356,7 +2373,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args)
+@@ -2452,7 +2469,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args)
* how
*/
if (!args->is_socketcall)
@@ -628,7 +656,7 @@
else
val = args->socketcall_args[1];
-@@ -2375,7 +2392,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
+@@ -2471,7 +2488,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
/*
* addr
*/
@@ -637,7 +665,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2383,7 +2400,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
+@@ -2479,7 +2496,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
/*
* op
*/
@@ -646,7 +674,7 @@
res = val_to_ring(args, (unsigned long)futex_op_to_scap(val), 0, false,
0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2391,7 +2408,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
+@@ -2487,7 +2504,7 @@ int f_sys_futex_e(struct event_filler_arguments *args)
/*
* val
*/
@@ -655,7 +683,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2407,7 +2424,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
+@@ -2503,7 +2520,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -664,7 +692,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2415,7 +2432,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
+@@ -2511,7 +2528,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
/*
* offset
*/
@@ -673,7 +701,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2423,7 +2440,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
+@@ -2519,7 +2536,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args)
/*
* whence
*/
@@ -682,7 +710,7 @@
res = val_to_ring(args, lseek_whence_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2442,7 +2459,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
+@@ -2538,7 +2555,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -691,7 +719,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2451,8 +2468,8 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
+@@ -2547,8 +2564,8 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
* offset
* We build it by combining the offset_high and offset_low system call
arguments
*/
@@ -702,7 +730,7 @@
offset = (((uint64_t)oh) << 32) + ((uint64_t)ol);
res = val_to_ring(args, offset, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -2461,7 +2478,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
+@@ -2557,7 +2574,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args)
/*
* whence
*/
@@ -711,7 +739,7 @@
res = val_to_ring(args, lseek_whence_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2485,7 +2502,7 @@ static int poll_parse_fds(struct event_filler_arguments
*args, bool enter_event)
+@@ -2581,7 +2598,7 @@ static int poll_parse_fds(struct event_filler_arguments
*args, bool enter_event)
*
* Get the number of fds
*/
@@ -720,7 +748,7 @@
/*
* Check if we have enough space to store both the fd list
-@@ -2495,7 +2512,7 @@ static int poll_parse_fds(struct event_filler_arguments
*args, bool enter_event)
+@@ -2591,7 +2608,7 @@ static int poll_parse_fds(struct event_filler_arguments
*args, bool enter_event)
return PPM_FAILURE_BUFFER_FULL;
/* Get the fds pointer */
@@ -729,7 +757,7 @@
fds = (struct pollfd *)args->str_storage;
#ifdef CONFIG_COMPAT
-@@ -2552,7 +2569,7 @@ int f_sys_poll_e(struct event_filler_arguments *args)
+@@ -2648,7 +2665,7 @@ int f_sys_poll_e(struct event_filler_arguments *args)
/*
* timeout
*/
@@ -738,7 +766,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2607,7 +2624,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args)
+@@ -2703,7 +2720,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args)
/*
* timeout
*/
@@ -747,7 +775,7 @@
/* NULL timeout specified as 0xFFFFFF.... */
if (val == (unsigned long)NULL)
res = val_to_ring(args, (uint64_t)(-1), 0, false, 0);
-@@ -2619,7 +2636,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args)
+@@ -2715,7 +2732,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args)
/*
* sigmask
*/
@@ -756,7 +784,7 @@
if (val != (unsigned long)NULL)
if (0 != ppm_copy_from_user(&val, (void __user *)val,
sizeof(val)))
return PPM_FAILURE_INVALID_USER_MEMORY;
-@@ -2661,7 +2678,7 @@ int f_sys_mount_e(struct event_filler_arguments *args)
+@@ -2757,7 +2774,7 @@ int f_sys_mount_e(struct event_filler_arguments *args)
* Fix mount flags in arg 3.
* See http://lxr.free-electrons.com/source/fs/namespace.c?v=4.2#L2650
*/
@@ -765,7 +793,7 @@
if ((val & PPM_MS_MGC_MSK) == PPM_MS_MGC_VAL)
val &= ~PPM_MS_MGC_MSK;
res = val_to_ring(args, val, 0, false, 0);
-@@ -2687,7 +2704,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
+@@ -2783,7 +2800,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
/*
* dirfd
*/
@@ -774,7 +802,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -2699,7 +2716,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
+@@ -2795,7 +2812,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
/*
* name
*/
@@ -783,7 +811,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2708,7 +2725,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
+@@ -2804,7 +2821,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
* Flags
* Note that we convert them into the ppm portable representation
before pushing them to the ring
*/
@@ -792,7 +820,7 @@
res = val_to_ring(args, open_flags_to_scap(flags), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2716,7 +2733,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
+@@ -2812,7 +2829,7 @@ int f_sys_openat_x(struct event_filler_arguments *args)
/*
* mode
*/
@@ -801,7 +829,7 @@
res = val_to_ring(args, open_modes_to_scap(flags, modes), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2738,7 +2755,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
+@@ -2841,7 +2858,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
/*
* dirfd
*/
@@ -810,7 +838,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -2750,7 +2767,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
+@@ -2853,7 +2870,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
/*
* name
*/
@@ -819,7 +847,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2759,7 +2776,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
+@@ -2862,7 +2879,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args)
* flags
* Note that we convert them into the ppm portable representation
before pushing them to the ring
*/
@@ -828,7 +856,7 @@
res = val_to_ring(args, unlinkat_flags_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2782,7 +2799,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
+@@ -2885,7 +2902,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
/*
* olddir
*/
@@ -837,7 +865,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -2794,7 +2811,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
+@@ -2897,7 +2914,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
/*
* oldpath
*/
@@ -846,7 +874,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2802,7 +2819,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
+@@ -2905,7 +2922,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
/*
* newdir
*/
@@ -855,7 +883,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -2814,7 +2831,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
+@@ -2917,7 +2934,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
/*
* newpath
*/
@@ -864,7 +892,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2823,7 +2840,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
+@@ -2926,7 +2943,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args)
* Flags
* Note that we convert them into the ppm portable representation
before pushing them to the ring
*/
@@ -873,7 +901,7 @@
res = val_to_ring(args, linkat_flags_to_scap(flags), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2844,7 +2861,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args)
+@@ -2947,7 +2964,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -882,7 +910,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2852,7 +2869,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args)
+@@ -2955,7 +2972,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args)
/*
* size
*/
@@ -891,7 +919,7 @@
res = val_to_ring(args, size, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2861,11 +2878,11 @@ int f_sys_pread64_e(struct event_filler_arguments
*args)
+@@ -2964,11 +2981,11 @@ int f_sys_pread64_e(struct event_filler_arguments
*args)
* pos
*/
#if defined CONFIG_X86
@@ -907,7 +935,7 @@
#else
#error This architecture/abi not yet supported
#endif
-@@ -2895,7 +2912,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args)
+@@ -2998,7 +3015,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -916,7 +944,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2903,7 +2920,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args)
+@@ -3006,7 +3023,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args)
/*
* size
*/
@@ -925,7 +953,7 @@
res = val_to_ring(args, size, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -2914,17 +2931,17 @@ int f_sys_pwrite64_e(struct event_filler_arguments
*args)
+@@ -3017,17 +3034,17 @@ int f_sys_pwrite64_e(struct event_filler_arguments
*args)
* separate registers that we need to merge.
*/
#ifdef _64BIT_ARGS_SINGLE_REGISTER
@@ -948,7 +976,7 @@
#else
#error This architecture/abi not yet supported
#endif
-@@ -2962,8 +2979,8 @@ int f_sys_readv_preadv_x(struct event_filler_arguments
*args)
+@@ -3065,8 +3082,8 @@ int f_sys_readv_preadv_x(struct event_filler_arguments
*args)
/*
* data and size
*/
@@ -959,7 +987,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat)) {
-@@ -2994,7 +3011,7 @@ int f_sys_writev_e(struct event_filler_arguments *args)
+@@ -3097,7 +3114,7 @@ int f_sys_writev_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -968,7 +996,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3002,12 +3019,12 @@ int f_sys_writev_e(struct event_filler_arguments *args)
+@@ -3105,12 +3122,12 @@ int f_sys_writev_e(struct event_filler_arguments *args)
/*
* size
*/
@@ -983,7 +1011,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat)) {
compat_iov = (const struct compat_iovec __user
*)compat_ptr(val);
-@@ -3050,13 +3067,13 @@ int f_sys_writev_pwritev_x(struct
event_filler_arguments *args)
+@@ -3153,13 +3170,13 @@ int f_sys_writev_pwritev_x(struct
event_filler_arguments *args)
/*
* data and size
*/
@@ -999,7 +1027,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat)) {
compat_iov = (const struct compat_iovec __user
*)compat_ptr(val);
-@@ -3085,7 +3102,7 @@ int f_sys_preadv64_e(struct event_filler_arguments *args)
+@@ -3188,7 +3205,7 @@ int f_sys_preadv64_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -1008,7 +1036,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3100,8 +3117,8 @@ int f_sys_preadv64_e(struct event_filler_arguments *args)
+@@ -3203,8 +3220,8 @@ int f_sys_preadv64_e(struct event_filler_arguments *args)
* requirements apply here. For an overly-detailed discussion about
* this, see https://lwn.net/Articles/311630/
*/
@@ -1019,7 +1047,7 @@
pos64 = merge_64(pos1, pos0);
-@@ -3131,7 +3148,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
+@@ -3234,7 +3251,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -1028,7 +1056,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3139,12 +3156,12 @@ int f_sys_pwritev_e(struct event_filler_arguments
*args)
+@@ -3242,12 +3259,12 @@ int f_sys_pwritev_e(struct event_filler_arguments
*args)
/*
* size
*/
@@ -1043,7 +1071,7 @@
#ifdef CONFIG_COMPAT
if (unlikely(args->compat)) {
compat_iov = (const struct compat_iovec __user
*)compat_ptr(val);
-@@ -3167,7 +3184,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
+@@ -3270,7 +3287,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
* separate registers that we need to merge.
*/
#ifdef _64BIT_ARGS_SINGLE_REGISTER
@@ -1052,7 +1080,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3178,8 +3195,8 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
+@@ -3281,8 +3298,8 @@ int f_sys_pwritev_e(struct event_filler_arguments *args)
* requirements apply here. For an overly-detailed discussion about
* this, see https://lwn.net/Articles/311630/
*/
@@ -1063,7 +1091,7 @@
pos64 = merge_64(pos1, pos0);
-@@ -3196,7 +3213,7 @@ int f_sys_nanosleep_e(struct event_filler_arguments
*args)
+@@ -3299,7 +3316,7 @@ int f_sys_nanosleep_e(struct event_filler_arguments
*args)
unsigned long val;
int res;
@@ -1072,7 +1100,7 @@
res = timespec_parse(args, val);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3213,7 +3230,7 @@ int f_sys_getrlimit_setrlimit_e(struct
event_filler_arguments *args)
+@@ -3316,7 +3333,7 @@ int f_sys_getrlimit_setrlimit_e(struct
event_filler_arguments *args)
/*
* resource
*/
@@ -1081,7 +1109,7 @@
ppm_resource = rlimit_resource_to_scap(val);
-@@ -3248,7 +3265,7 @@ int f_sys_getrlimit_setrlrimit_x(struct
event_filler_arguments *args)
+@@ -3351,7 +3368,7 @@ int f_sys_getrlimit_setrlrimit_x(struct
event_filler_arguments *args)
* Copy the user structure and extract cur and max
*/
if (retval >= 0 || args->event_type == PPME_SYSCALL_SETRLIMIT_X) {
@@ -1090,7 +1118,7 @@
#ifdef CONFIG_COMPAT
if (!args->compat) {
-@@ -3296,7 +3313,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args)
+@@ -3399,7 +3416,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args)
/*
* pid
*/
@@ -1099,7 +1127,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -3305,7 +3322,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args)
+@@ -3408,7 +3425,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args)
/*
* resource
*/
@@ -1108,7 +1136,7 @@
ppm_resource = rlimit_resource_to_scap(val);
-@@ -3342,7 +3359,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args)
+@@ -3445,7 +3462,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args)
* Copy the user structure and extract cur and max
*/
if (retval >= 0) {
@@ -1117,7 +1145,7 @@
#ifdef CONFIG_COMPAT
if (!args->compat) {
-@@ -3370,7 +3387,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args)
+@@ -3473,7 +3490,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args)
newmax = -1;
}
@@ -1126,7 +1154,7 @@
#ifdef CONFIG_COMPAT
if (!args->compat) {
-@@ -3525,7 +3542,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args)
+@@ -3628,7 +3645,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -1135,7 +1163,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3533,7 +3550,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args)
+@@ -3636,7 +3653,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args)
/*
* cmd
*/
@@ -1144,7 +1172,7 @@
res = val_to_ring(args, fcntl_cmd_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3547,7 +3564,7 @@ static inline int parse_ptrace_addr(struct
event_filler_arguments *args, u16 req
+@@ -3650,7 +3667,7 @@ static inline int parse_ptrace_addr(struct
event_filler_arguments *args, u16 req
uint64_t dst;
u8 idx;
@@ -1153,7 +1181,7 @@
switch (request) {
default:
idx = PPM_PTRACE_IDX_UINT64;
-@@ -3564,7 +3581,7 @@ static inline int parse_ptrace_data(struct
event_filler_arguments *args, u16 req
+@@ -3667,7 +3684,7 @@ static inline int parse_ptrace_data(struct
event_filler_arguments *args, u16 req
uint64_t dst;
u8 idx;
@@ -1162,7 +1190,7 @@
switch (request) {
case PPM_PTRACE_PEEKTEXT:
case PPM_PTRACE_PEEKDATA:
-@@ -3612,7 +3629,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args)
+@@ -3715,7 +3732,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args)
/*
* request
*/
@@ -1171,7 +1199,7 @@
res = val_to_ring(args, ptrace_requests_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3620,7 +3637,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args)
+@@ -3723,7 +3740,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args)
/*
* pid
*/
@@ -1180,7 +1208,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3658,7 +3675,7 @@ int f_sys_ptrace_x(struct event_filler_arguments *args)
+@@ -3761,7 +3778,7 @@ int f_sys_ptrace_x(struct event_filler_arguments *args)
/*
* request
*/
@@ -1189,7 +1217,7 @@
request = ptrace_requests_to_scap(val);
res = parse_ptrace_addr(args, request);
-@@ -3724,7 +3741,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3827,7 +3844,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* addr
*/
@@ -1198,7 +1226,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3732,7 +3749,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3835,7 +3852,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* length
*/
@@ -1207,7 +1235,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3740,7 +3757,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3843,7 +3860,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* prot
*/
@@ -1216,7 +1244,7 @@
res = val_to_ring(args, prot_flags_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3748,7 +3765,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3851,7 +3868,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* flags
*/
@@ -1225,7 +1253,7 @@
res = val_to_ring(args, mmap_flags_to_scap(val), 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3756,7 +3773,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3859,7 +3876,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* fd
*/
@@ -1234,7 +1262,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3764,7 +3781,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
+@@ -3867,7 +3884,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args)
/*
* offset/pgoffset
*/
@@ -1243,7 +1271,7 @@
res = val_to_ring(args, val, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3786,7 +3803,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
+@@ -3889,7 +3906,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
/*
* olddirfd
*/
@@ -1252,7 +1280,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -3798,7 +3815,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
+@@ -3901,7 +3918,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
/*
* oldpath
*/
@@ -1261,7 +1289,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3806,7 +3823,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
+@@ -3909,7 +3926,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
/*
* newdirfd
*/
@@ -1270,7 +1298,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -3818,7 +3835,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
+@@ -3921,7 +3938,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args)
/*
* newpath
*/
@@ -1279,7 +1307,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3840,7 +3857,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
+@@ -3943,7 +3960,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
/*
* oldpath
*/
@@ -1288,7 +1316,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3848,7 +3865,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
+@@ -3951,7 +3968,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
/*
* newdirfd
*/
@@ -1297,7 +1325,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -3860,7 +3877,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
+@@ -3963,7 +3980,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments
*args)
/*
* newpath
*/
@@ -1306,7 +1334,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3896,7 +3913,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
+@@ -3999,7 +4016,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
/*
* out_fd
*/
@@ -1315,7 +1343,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3904,7 +3921,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
+@@ -4007,7 +4024,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
/*
* in_fd
*/
@@ -1324,7 +1352,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3912,7 +3929,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
+@@ -4015,7 +4032,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
/*
* offset
*/
@@ -1333,7 +1361,7 @@
if (val != 0) {
#ifdef CONFIG_COMPAT
-@@ -3937,7 +3954,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
+@@ -4040,7 +4057,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args)
/*
* size
*/
@@ -1342,7 +1370,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -3963,7 +3980,7 @@ int f_sys_sendfile_x(struct event_filler_arguments *args)
+@@ -4066,7 +4083,7 @@ int f_sys_sendfile_x(struct event_filler_arguments *args)
/*
* offset
*/
@@ -1351,7 +1379,7 @@
if (val != 0) {
#ifdef CONFIG_COMPAT
-@@ -3999,7 +4016,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args)
+@@ -4102,7 +4119,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args)
/*
* extract cmd
*/
@@ -1360,7 +1388,7 @@
cmd = quotactl_cmd_to_scap(val);
res = val_to_ring(args, cmd, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -4016,7 +4033,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args)
+@@ -4119,7 +4136,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args)
* extract id
*/
id = 0;
@@ -1369,7 +1397,7 @@
if ((cmd == PPM_Q_GETQUOTA) ||
(cmd == PPM_Q_SETQUOTA) ||
(cmd == PPM_Q_XGETQUOTA) ||
-@@ -4059,7 +4076,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
+@@ -4162,7 +4179,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
/*
* extract cmd
*/
@@ -1378,7 +1406,7 @@
cmd = quotactl_cmd_to_scap(val);
/*
-@@ -4073,7 +4090,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
+@@ -4176,7 +4193,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
/*
* Add special
*/
@@ -1387,7 +1415,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4081,7 +4098,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
+@@ -4184,7 +4201,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args)
/*
* get addr
*/
@@ -1396,7 +1424,7 @@
/*
* get quotafilepath only for QUOTAON
-@@ -4259,7 +4276,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
+@@ -4362,7 +4379,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
/*
* ruid
*/
@@ -1405,7 +1433,7 @@
#ifdef CONFIG_COMPAT
if (!args->compat) {
#endif
-@@ -4279,7 +4296,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
+@@ -4382,7 +4399,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
/*
* euid
*/
@@ -1414,7 +1442,7 @@
len = ppm_copy_from_user(&uid, (void *)val, sizeof(uint32_t));
if (unlikely(len != 0))
return PPM_FAILURE_INVALID_USER_MEMORY;
-@@ -4291,7 +4308,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
+@@ -4394,7 +4411,7 @@ int f_sys_getresuid_and_gid_x(struct
event_filler_arguments *args)
/*
* suid
*/
@@ -1423,7 +1451,7 @@
len = ppm_copy_from_user(&uid, (void *)val, sizeof(uint32_t));
if (unlikely(len != 0))
return PPM_FAILURE_INVALID_USER_MEMORY;
-@@ -4309,12 +4326,12 @@ int f_sys_flock_e(struct event_filler_arguments *args)
+@@ -4412,12 +4429,12 @@ int f_sys_flock_e(struct event_filler_arguments *args)
int res;
u32 flags;
@@ -1438,7 +1466,7 @@
flags = flock_flags_to_scap(val);
res = val_to_ring(args, flags, 0, false, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -4332,7 +4349,7 @@ int f_sys_setns_e(struct event_filler_arguments *args)
+@@ -4435,7 +4452,7 @@ int f_sys_setns_e(struct event_filler_arguments *args)
/*
* parse fd
*/
@@ -1447,7 +1475,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4340,7 +4357,7 @@ int f_sys_setns_e(struct event_filler_arguments *args)
+@@ -4443,7 +4460,7 @@ int f_sys_setns_e(struct event_filler_arguments *args)
/*
* get type, parse as clone flags as it's a subset of it
*/
@@ -1456,7 +1484,7 @@
flags = clone_flags_to_scap(val);
res = val_to_ring(args, flags, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -4358,7 +4375,7 @@ int f_sys_unshare_e(struct event_filler_arguments *args)
+@@ -4461,7 +4478,7 @@ int f_sys_unshare_e(struct event_filler_arguments *args)
/*
* get type, parse as clone flags as it's a subset of it
*/
@@ -1465,7 +1493,7 @@
flags = clone_flags_to_scap(val);
res = val_to_ring(args, flags, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
-@@ -4459,7 +4476,7 @@ int f_sys_semop_x(struct event_filler_arguments *args)
+@@ -4562,7 +4579,7 @@ int f_sys_semop_x(struct event_filler_arguments *args)
* actually this could be read in the enter function but
* we also need to know the value to access the sembuf structs
*/
@@ -1474,7 +1502,7 @@
res = val_to_ring(args, nsops, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4467,7 +4484,7 @@ int f_sys_semop_x(struct event_filler_arguments *args)
+@@ -4570,7 +4587,7 @@ int f_sys_semop_x(struct event_filler_arguments *args)
/*
* sembuf
*/
@@ -1483,7 +1511,7 @@
if (nsops && ptr) {
/* max length of sembuf array in g_event_info = 2 */
-@@ -4506,7 +4523,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
+@@ -4609,7 +4626,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
/*
* key
*/
@@ -1492,7 +1520,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4514,7 +4531,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
+@@ -4617,7 +4634,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
/*
* nsems
*/
@@ -1501,7 +1529,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4522,7 +4539,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
+@@ -4625,7 +4642,7 @@ int f_sys_semget_e(struct event_filler_arguments *args)
/*
* semflg
*/
@@ -1510,7 +1538,7 @@
res = val_to_ring(args, semget_flags_to_scap(val), 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4538,7 +4555,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
+@@ -4641,7 +4658,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
/*
* semid
*/
@@ -1519,7 +1547,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4546,7 +4563,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
+@@ -4649,7 +4666,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
/*
* semnum
*/
@@ -1528,7 +1556,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4554,7 +4571,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
+@@ -4657,7 +4674,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
/*
* cmd
*/
@@ -1537,7 +1565,7 @@
res = val_to_ring(args, semctl_cmd_to_scap(val), 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4563,7 +4580,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
+@@ -4666,7 +4683,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args)
* optional argument semun/val
*/
if (val == SETVAL)
@@ -1546,7 +1574,7 @@
else
val = 0;
res = val_to_ring(args, val, 0, true, 0);
-@@ -4581,7 +4598,7 @@ int f_sys_access_e(struct event_filler_arguments *args)
+@@ -4684,7 +4701,7 @@ int f_sys_access_e(struct event_filler_arguments *args)
/*
* mode
*/
@@ -1555,7 +1583,7 @@
res = val_to_ring(args, access_flags_to_scap(val), 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4609,7 +4626,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
+@@ -4712,7 +4729,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
/*
* fd, depending on cmd
*/
@@ -1564,7 +1592,7 @@
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 18, 0)
if(cmd == BPF_MAP_CREATE || cmd == BPF_PROG_LOAD)
#else
-@@ -4642,7 +4659,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
+@@ -4745,7 +4762,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
/*
* dirfd
*/
@@ -1573,7 +1601,7 @@
if ((int)val == AT_FDCWD)
val = PPM_AT_FDCWD;
-@@ -4654,7 +4671,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
+@@ -4757,7 +4774,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
/*
* path
*/
@@ -1582,7 +1610,7 @@
res = val_to_ring(args, val, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
return res;
-@@ -4662,7 +4679,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
+@@ -4765,7 +4782,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args)
/*
* mode
*/
@@ -1592,7 +1620,7 @@
if (unlikely(res != PPM_SUCCESS))
return res;
diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h
-index 6e9ac21..1c3b925 100644
+index 6e9ac21c5..1c3b9251e 100644
--- a/driver/ppm_flag_helpers.h
+++ b/driver/ppm_flag_helpers.h
@@ -9,8 +9,7 @@ or GPL2.txt for full copies of the license.
