update(driver): address review requests

Signed-off-by: rohith-raju <rohithraju488@gmail.com>
falcosecurity · Jul 18, 2023 · bf66008 · bf66008
1 parent 42d6c18
commit bf66008
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 58 deletions.
diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
@@ -6999,37 +6999,26 @@ FILLER(sys_prctl_x, true)
 
 FILLER(sys_memfd_create_x,true)
 {
-	int retval;
-	unsigned long val;
-	unsigned long flags;
-	unsigned long res;
-
 	/* Parameter 1: ret (type: PT_FD) */
-	retval = bpf_syscall_get_retval(data->ctx);
-	res = bpf_push_s64_to_ring(data, retval);
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, retval);
 	CHECK_RES(res);
 
 	/* Parameter 2: name (type: PT_CHARBUF) */
-	val = bpf_syscall_get_argument(data, 0);
-	res = bpf_val_to_ring(data, val);
+	long name = bpf_syscall_get_argument(data, 0);
+	res = bpf_val_to_ring(data, name);
 	CHECK_RES(res);
 
 	/* Parameter 3: flags (type: PT_UINT32) */
-	val = bpf_syscall_get_argument(data, 1);
-	flags = memfd_create_flags_to_scap(val);
-	return bpf_push_u32_to_ring(data, flags);
+	u32 flags = bpf_syscall_get_argument(data, 1);
+	return bpf_push_u32_to_ring(data, memfd_create_flags_to_scap(flags));
 }
 
 FILLER(sys_pidfd_getfd_x, true)
 {
-	int  retval;
-	unsigned long val;
-	unsigned long res;
-	unsigned long flags;
-
 	/* Parameter 1: ret (type: PT_FD) */
-	retval = bpf_syscall_get_retval(data->ctx);
-	res = bpf_push_s64_to_ring(data, retval);
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, retval);
 	CHECK_RES(res);
 
 	/* Parameter 2: pidfd (type: PT_FD) */
@@ -7043,24 +7032,20 @@ FILLER(sys_pidfd_getfd_x, true)
 	CHECK_RES(res);
 
 	/* Parameter 4: flags (type: PT_FLAGS32) */
-	val = bpf_syscall_get_argument(data,2);
+	u32 flags = bpf_syscall_get_argument(data,2);
 	 /*
      The flags argument is reserved for future use.  Currently, it must be specified as 0.
      See https://elixir.bootlin.com/linux/latest/source/kernel/pid.c#L709
     */
-	return bpf_push_u32_to_ring(data, val);
+	return bpf_push_u32_to_ring(data, flags);
 }
 
 FILLER(sys_pidfd_open_x, true)
 {
-	int retval;
-	unsigned long val;
-	unsigned long res;
-	unsigned long flags;
 
 	/* Parameter 1: ret (type: PT_FD) */
-	retval = bpf_syscall_get_retval(data->ctx);
-	res = bpf_push_s64_to_ring(data, retval);
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, retval);
 	CHECK_RES(res);
 
 	/* Parameter 2: pid (type: PT_PID)*/
@@ -7069,9 +7054,8 @@ FILLER(sys_pidfd_open_x, true)
 	CHECK_RES(res);
 
 	/* Parameter 3: flags (type: PT_FLAGS32)*/
-	val = bpf_syscall_get_argument(data, 1);
-	flags = pidfd_open_flags_to_scap(val);
-	return bpf_push_u32_to_ring(data, flags);
+	u32 flags = bpf_syscall_get_argument(data, 1);
+	return bpf_push_u32_to_ring(data, pidfd_open_flags_to_scap(flags));
 
 }
 #endif
diff --git a/driver/modern_bpf/definitions/missing_definitions.h b/driver/modern_bpf/definitions/missing_definitions.h
@@ -749,7 +749,7 @@
 //////////////////////////
 // pidfd_open flags
 //////////////////////////
-# define PIDFD_NONBLOCK 1U
+# define PIDFD_NONBLOCK O_NONBLOCK  
 
 /*=============================== FLAGS ===========================*/
 

diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h
@@ -2098,7 +2098,6 @@ extern const struct ppm_param_info sockopt_dynamic_param[];
 extern const struct ppm_param_info ptrace_dynamic_param[];
 extern const struct ppm_param_info bpf_dynamic_param[];
 
-
 /*!
   \brief Process information as returned by the PPM_IOCTL_GET_PROCLIST IOCTL.
 */

diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
@@ -8090,7 +8090,7 @@ int f_sys_memfd_create_x(struct event_filler_arguments *args)
 {
 	unsigned long val;
 	int res;
-	int retval;
+	long retval;
 
 	/* Parameter 1: ret (type: PT_FD) */
 	retval = (int64_t)syscall_get_return_value(current, args->regs);
@@ -8116,7 +8116,7 @@ int f_sys_pidfd_getfd_x(struct event_filler_arguments *args)
 {
 	unsigned long val;
 	int res;
-	int retval;
+	long retval;
 	s32 fd;
 
 	/* Parameter 1: ret (type: PT_FD) */
@@ -8148,7 +8148,7 @@ int f_sys_pidfd_open_x(struct event_filler_arguments *args)
 {
 	unsigned long val;
 	int res;
-	int retval;
+	long retval;
 	s32 fd;
 
 	/* Parameter 1: ret (type: PT_FD) */

diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h
@@ -25,9 +25,6 @@ or GPL2.txt for full copies of the license.
 #include <linux/capability.h>
 #include <linux/eventpoll.h>
 #include <linux/prctl.h>
-#if (LINUX_VERSION_CODE > KERNEL_VERSION(5, 10, 0))
-#include <linux/pidfd.h>
-#endif
 #include "ppm.h"
 #ifdef __NR_memfd_create
 #include <uapi/linux/memfd.h>
@@ -2084,19 +2081,10 @@ static __always_inline uint32_t splice_flags_to_scap(uint32_t flags)
 static __always_inline uint32_t pidfd_open_flags_to_scap(uint32_t flags)
 {
 	uint32_t res = 0;
-#ifdef PIDFD_NONBLOCK
-	if(flags & PIDFD_NONBLOCK) res |= PPM_PIDFD_NONBLOCK;
-#endif
-
-/*
-	PIDFD_NONBLOCK is available only on kernal versions > 5.10.00, hence used O_NONBLOCK 
-	See https://elixir.bootlin.com/linux/v5.10.185/source/include/uapi/linux/pidfd.h#L10
-*/
-
+// See https://elixir.bootlin.com/linux/v5.10.185/source/include/uapi/linux/pidfd.h#L10
 #ifdef O_NONBLOCK
 	if(flags & O_NONBLOCK) res |= PPM_PIDFD_NONBLOCK;
 #endif
-
 	return res;
 }
 

diff --git a/test/drivers/test_suites/syscall_exit_suite/pidfd_open_x.cpp b/test/drivers/test_suites/syscall_exit_suite/pidfd_open_x.cpp
@@ -1,7 +1,6 @@
 #include "../../event_class/event_class.h"
 
 #include <unistd.h>
-#include <linux/version.h>
 
 
 #ifdef __NR_pidfd_open
@@ -20,7 +19,9 @@ TEST(SyscallExit, pidfd_openX_success)
     */
 
     int flags = 0;
-#if (LINUX_VERSION_CODE > KERNEL_VERSION(5, 10, 0))
+#ifdef PIDFD_NONBLOCK
+    flags = PIDFD_NONBLOCK;
+#else
     flags = O_NONBLOCK;
 #endif 
     pid_t pid = syscall(__NR_fork);
@@ -54,16 +55,11 @@ TEST(SyscallExit, pidfd_openX_success)
     /* Parameter 1: ret (type: PT_FD)*/
     evt_test->assert_numeric_param(1, (int64_t)pidfd);
 
-    /* Parameter 1: pid (type: PT_PID)*/
+    /* Parameter 2: pid (type: PT_PID)*/
     evt_test->assert_numeric_param(2, (int64_t)pid);
 
-    #if (LINUX_VERSION_CODE > KERNEL_VERSION(5, 10, 0))
-    /* Parameter 3: flags (type: PT_FLAGS32) */ 
+    /* Parameter 3: flags (type: PT_FLAGS32) */
     evt_test->assert_numeric_param(3, (uint32_t)PPM_PIDFD_NONBLOCK);
-    #endif
-    /* Parameter 3: flags (type: PT_FLAGS32) */ 
-    evt_test->assert_numeric_param(3, 0);
-
     /*=============================== ASSERT PARAMETERS  ===========================*/
 
 }
@@ -102,7 +98,7 @@ TEST(SyscallExit, pidfd_openX_failure)
     /* Parameter 1: ret (type: PT_FD)*/
     evt_test->assert_numeric_param(1, (int64_t)errno_value);
 
-    /* Parameter 1: pid (type: PT_PID)*/
+    /* Parameter 2: pid (type: PT_PID)*/
     evt_test->assert_numeric_param(2, (int64_t)pid);
 
     /* Parameter 3: flags (type: PT_FLAGS32) */
-Original file line number
+Diff line change
@@ Expand Up @@
     extern const struct ppm_param_info ptrace_dynamic_param[];
     extern const struct ppm_param_info bpf_dynamic_param[];
     /*!
       \brief Process information as returned by the PPM_IOCTL_GET_PROCLIST IOCTL.
     */
@@ Expand Down @@