diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h index 4a7f3e6e9b..43f5f63be7 100644 --- a/driver/bpf/fillers.h +++ b/driver/bpf/fillers.h @@ -2597,7 +2597,7 @@ FILLER(proc_startupdate_3, true) break; } - flags = clone_flags_to_scap(flags); + flags = clone_flags_to_scap((int) flags); if(pidns_level != 0) { flags |= PPM_CL_CHILD_IN_PIDNS; @@ -3010,7 +3010,7 @@ FILLER(sys_setns_e, true) /* Parameter 2: nstype (type: PT_FLAGS32) */ unsigned long nstype = bpf_syscall_get_argument(data, 1); - return bpf_push_u32_to_ring(data, clone_flags_to_scap(nstype)); + return bpf_push_u32_to_ring(data, clone_flags_to_scap((int) nstype)); } FILLER(sys_setpgid_e, true) @@ -3031,7 +3031,7 @@ FILLER(sys_unshare_e, true) uint32_t flags; val = bpf_syscall_get_argument(data, 0); - flags = clone_flags_to_scap(val); + flags = clone_flags_to_scap((int) val); return bpf_push_u32_to_ring(data, flags); } @@ -4777,7 +4777,7 @@ FILLER(sys_flock_e, true) CHECK_RES(res); /* Parameter 2: operation (type: PT_FLAGS32) */ - unsigned long operation = bpf_syscall_get_argument(data, 1); + int operation = bpf_syscall_get_argument(data, 1); return bpf_push_u32_to_ring(data, flock_flags_to_scap(operation)); } diff --git a/driver/modern_bpf/helpers/extract/extract_from_kernel.h b/driver/modern_bpf/helpers/extract/extract_from_kernel.h index 6c19d70b1d..7df2c67470 100644 --- a/driver/modern_bpf/helpers/extract/extract_from_kernel.h +++ b/driver/modern_bpf/helpers/extract/extract_from_kernel.h @@ -749,7 +749,7 @@ static __always_inline void extract__loginuid(struct task_struct *task, uint32_t */ static __always_inline unsigned long extract__clone_flags(struct task_struct *task, unsigned long flags) { - unsigned long ppm_flags = clone_flags_to_scap(flags); + unsigned long ppm_flags = clone_flags_to_scap((int) flags); struct pid *pid = extract__task_pid_struct(task, PIDTYPE_PID); struct pid_namespace *ns = extract__namespace_of_pid(pid); unsigned int ns_level; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/flock.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/flock.bpf.c index 3baa27adca..4260238471 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/flock.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/flock.bpf.c @@ -31,7 +31,7 @@ int BPF_PROG(flock_e, /* Parameter 2: operation (type: PT_FLAGS32) */ unsigned long operation = extract__syscall_argument(regs, 1); - ringbuf__store_u32(&ringbuf, flock_flags_to_scap(operation)); + ringbuf__store_u32(&ringbuf, flock_flags_to_scap((int) operation)); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setns.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setns.bpf.c index 92d8a844c8..56aec052d2 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setns.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setns.bpf.c @@ -31,7 +31,7 @@ int BPF_PROG(setns_e, /* Parameter 2: nstype (type: PT_FLAGS32) */ unsigned long nstype = extract__syscall_argument(regs, 1); - ringbuf__store_u32(&ringbuf, clone_flags_to_scap(nstype)); + ringbuf__store_u32(&ringbuf, clone_flags_to_scap((int) nstype)); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/unshare.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/unshare.bpf.c index ac6ab0ddb5..3f4b9a1d67 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/unshare.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/unshare.bpf.c @@ -27,7 +27,7 @@ int BPF_PROG(unshare_e, /* Parameter 1: flags (type: PT_FLAGS32) */ unsigned long flags = extract__syscall_argument(regs, 0); - ringbuf__store_u32(&ringbuf, clone_flags_to_scap(flags)); + ringbuf__store_u32(&ringbuf, clone_flags_to_scap((int) flags)); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c index 9bdacf264f..c57ab27044 100644 --- a/driver/ppm_fillers.c +++ b/driver/ppm_fillers.c @@ -1210,7 +1210,7 @@ int f_proc_startupdate(struct event_filler_arguments *args) if(pidns != &init_pid_ns || pid_ns_for_children(current) != pidns) in_pidns = PPM_CL_CHILD_IN_PIDNS; #endif - res = val_to_ring(args, (uint64_t)clone_flags_to_scap(val) | in_pidns, 0, false, 0); + res = val_to_ring(args, (uint64_t)clone_flags_to_scap((int) val) | in_pidns, 0, false, 0); CHECK_RES(res); /* @@ -6331,7 +6331,7 @@ int f_sys_flock_e(struct event_filler_arguments *args) /* Parameter 2: operation (type: PT_FLAGS32) */ syscall_get_arguments_deprecated(args, 1, 1, &val); - flags = flock_flags_to_scap(val); + flags = flock_flags_to_scap((int) val); res = val_to_ring(args, flags, 0, false, 0); CHECK_RES(res); @@ -6390,7 +6390,7 @@ int f_sys_setns_e(struct event_filler_arguments *args) /* Parameter 2: nstype (type: PT_FLAGS32) */ syscall_get_arguments_deprecated(args, 1, 1, &val); - res = val_to_ring(args, clone_flags_to_scap(val), 0, true, 0); + res = val_to_ring(args, ((int) val), 0, true, 0); CHECK_RES(res); return add_sentinel(args); @@ -6428,7 +6428,7 @@ int f_sys_unshare_e(struct event_filler_arguments *args) * get type, parse as clone flags as it's a subset of it */ syscall_get_arguments_deprecated(args, 0, 1, &val); - flags = clone_flags_to_scap(val); + flags = clone_flags_to_scap((int) val); res = val_to_ring(args, flags, 0, true, 0); CHECK_RES(res); diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h index 72e33b35db..124e0cff80 100644 --- a/driver/ppm_flag_helpers.h +++ b/driver/ppm_flag_helpers.h @@ -470,7 +470,7 @@ static __always_inline uint16_t signalfd4_flags_to_scap(int32_t flags) return res; } -static __always_inline uint32_t clone_flags_to_scap(unsigned long flags) +static __always_inline uint32_t clone_flags_to_scap(int flags) { uint32_t res = 0; @@ -1411,7 +1411,7 @@ static __always_inline uint32_t pf_flags_to_scap(unsigned long flags) return res; } -static __always_inline uint32_t flock_flags_to_scap(unsigned long flags) +static __always_inline uint32_t flock_flags_to_scap(int flags) { uint32_t res = 0; diff --git a/userspace/libscap/engine/gvisor/parsers.cpp b/userspace/libscap/engine/gvisor/parsers.cpp index 71af576817..83d4a6342f 100644 --- a/userspace/libscap/engine/gvisor/parsers.cpp +++ b/userspace/libscap/engine/gvisor/parsers.cpp @@ -1746,7 +1746,7 @@ static parse_result parse_clone(const char *proto, size_t proto_size, scap_sized context_data.cwd().c_str(), context_data.process_name().c_str(), // comm scap_const_sized_buffer{cgroups.c_str(), cgroups.length() + 1}, - clone_flags_to_scap(gvisor_evt.flags()), + clone_flags_to_scap((int) gvisor_evt.flags()), context_data.credentials().effective_uid(), // uid context_data.credentials().effective_gid(), // gid context_data.thread_id(), // vtid