diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h index d9ea448581..fa3b9b4181 100644 --- a/driver/bpf/fillers.h +++ b/driver/bpf/fillers.h @@ -3470,15 +3470,6 @@ FILLER(sys_io_uring_register_x, true) return bpf_push_u32_to_ring(data, nr_args); } -FILLER(sys_inotify_init_e, true) -{ - /* Parameter 1: flags (type: PT_FLAGS8) */ - /* We have nothing to extract from the kernel here so we send `0`. - * This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param. - */ - return bpf_push_u8_to_ring(data, 0); -} - FILLER(sys_inotify_init1_x, true) { /* Parameter 1: res (type: PT_ERRNO) */ diff --git a/driver/event_table.c b/driver/event_table.c index c5a7693af3..ce744d4a94 100644 --- a/driver/event_table.c +++ b/driver/event_table.c @@ -187,7 +187,7 @@ const struct ppm_event_info g_event_info[] = { [PPME_SYSCALL_NANOSLEEP_X] = {"nanosleep", EC_SLEEP | EC_SYSCALL, EF_WAITS, 1, {{"res", PT_ERRNO, PF_DEC} } }, [PPME_SYSCALL_TIMERFD_CREATE_E] = {"timerfd_create", EC_TIME | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 2, {{"clockid", PT_UINT8, PF_DEC}, {"flags", PT_FLAGS8, PF_HEX} } }, [PPME_SYSCALL_TIMERFD_CREATE_X] = {"timerfd_create", EC_TIME | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"res", PT_FD, PF_DEC} } }, - [PPME_SYSCALL_INOTIFY_INIT_E] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"flags", PT_FLAGS8, PF_HEX} } }, + [PPME_SYSCALL_INOTIFY_INIT_E] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 0}, [PPME_SYSCALL_INOTIFY_INIT_X] = {"inotify_init", EC_IPC | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE, 1, {{"res", PT_FD, PF_DEC} } }, [PPME_SYSCALL_GETRLIMIT_E] = {"getrlimit", EC_PROCESS | EC_SYSCALL, EF_NONE, 1, {{"resource", PT_ENUMFLAGS8, PF_DEC, rlimit_resources} } }, [PPME_SYSCALL_GETRLIMIT_X] = {"getrlimit", EC_PROCESS | EC_SYSCALL, EF_NONE, 3, {{"res", PT_ERRNO, PF_DEC}, {"cur", PT_INT64, PF_DEC}, {"max", PT_INT64, PF_DEC} } }, diff --git a/driver/fillers_table.c b/driver/fillers_table.c index ffbcc85f29..b31c7af93b 100644 --- a/driver/fillers_table.c +++ b/driver/fillers_table.c @@ -141,7 +141,7 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = { [PPME_SYSCALL_NANOSLEEP_X] = {FILLER_REF(sys_single_x)}, [PPME_SYSCALL_TIMERFD_CREATE_E] = {FILLER_REF(sys_autofill), 2, APT_REG, {{AF_ID_USEDEFAULT, 0}, {AF_ID_USEDEFAULT, 0} } }, [PPME_SYSCALL_TIMERFD_CREATE_X] = {FILLER_REF(sys_single_x)}, - [PPME_SYSCALL_INOTIFY_INIT_E] = {FILLER_REF(sys_inotify_init_e)}, + [PPME_SYSCALL_INOTIFY_INIT_E] = {FILLER_REF(sys_empty)}, [PPME_SYSCALL_INOTIFY_INIT_X] = {FILLER_REF(sys_single_x)}, [PPME_SYSCALL_GETRLIMIT_E] = {FILLER_REF(sys_getrlimit_setrlimit_e)}, [PPME_SYSCALL_GETRLIMIT_X] = {FILLER_REF(sys_getrlimit_setrlrimit_x)}, diff --git a/driver/modern_bpf/definitions/events_dimensions.h b/driver/modern_bpf/definitions/events_dimensions.h index b512d7b096..43be632249 100644 --- a/driver/modern_bpf/definitions/events_dimensions.h +++ b/driver/modern_bpf/definitions/events_dimensions.h @@ -66,7 +66,7 @@ #define RMDIR_E_SIZE HEADER_LEN #define EVENTFD_E_SIZE HEADER_LEN + sizeof(uint64_t) + sizeof(uint32_t) + PARAM_LEN * 2 #define EVENTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN -#define INOTIFY_INIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN +#define INOTIFY_INIT_E_SIZE HEADER_LEN #define INOTIFY_INIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN #define TIMERFD_CREATE_E_SIZE HEADER_LEN + sizeof(uint8_t) * 2 + PARAM_LEN * 2 #define TIMERFD_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/inotify_init.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/inotify_init.bpf.c index cd671bc34b..d404bf29f0 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/inotify_init.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/inotify_init.bpf.c @@ -24,12 +24,7 @@ int BPF_PROG(inotify_init_e, /*=============================== COLLECT PARAMETERS ===========================*/ - /* Parameter 1: flags (type: PT_FLAGS8) */ - /* We have nothing to extract from the kernel here so we send `0`. - * This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param. - */ - u8 flags = 0; - ringbuf__store_u8(&ringbuf, flags); + // Here we have no parameters to collect. /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c index 7b99686160..5fae92b595 100644 --- a/driver/ppm_fillers.c +++ b/driver/ppm_fillers.c @@ -5489,18 +5489,6 @@ int f_sys_io_uring_register_x (struct event_filler_arguments *args) return add_sentinel(args); } -int f_sys_inotify_init_e(struct event_filler_arguments *args) -{ - /* Parameter 1: flags (type: PT_FLAGS8) */ - /* We have nothing to extract from the kernel here so we send `0`. - * This is done to preserve the `PPME_SYSCALL_INOTIFY_INIT_E` event with 1 param. - */ - int res = val_to_ring(args, 0, 0, true, 0); - CHECK_RES(res); - - return add_sentinel(args); -} - int f_sys_inotify_init1_x(struct event_filler_arguments *args) { int res = 0; diff --git a/driver/ppm_fillers.h b/driver/ppm_fillers.h index 8a881fcfee..621f302804 100644 --- a/driver/ppm_fillers.h +++ b/driver/ppm_fillers.h @@ -171,7 +171,6 @@ or GPL2.txt for full copies of the license. FN(sys_umount2_e) \ FN(sys_umount2_x) \ FN(sys_pipe2_x) \ - FN(sys_inotify_init_e) \ FN(sys_inotify_init1_x) \ FN(sys_eventfd2_e) \ FN(sys_eventfd2_x) \ diff --git a/test/drivers/test_suites/syscall_enter_suite/inotify_init_e.cpp b/test/drivers/test_suites/syscall_enter_suite/inotify_init_e.cpp index 80215d33d4..c136e4ec9e 100644 --- a/test/drivers/test_suites/syscall_enter_suite/inotify_init_e.cpp +++ b/test/drivers/test_suites/syscall_enter_suite/inotify_init_e.cpp @@ -31,11 +31,10 @@ TEST(SyscallEnter, inotify_initE) /*=============================== ASSERT PARAMETERS ===========================*/ - /* Parameter 1: flags (type: PT_FLAGS8) */ - evt_test->assert_numeric_param(1, (uint8_t)0); + // Here we have no parameters to assert. /*=============================== ASSERT PARAMETERS ===========================*/ - evt_test->assert_num_params_pushed(1); + evt_test->assert_num_params_pushed(0); } #endif diff --git a/userspace/libsinsp/test/events_file.ut.cpp b/userspace/libsinsp/test/events_file.ut.cpp index a3ac4c6c45..9821179ce4 100644 --- a/userspace/libsinsp/test/events_file.ut.cpp +++ b/userspace/libsinsp/test/events_file.ut.cpp @@ -190,7 +190,7 @@ TEST_F(sinsp_with_test_input, creates_fd_generic) ASSERT_EQ(get_field_as_string(evt, "fd.num"), "6"); fd = 7; - add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 1, 0); + add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 0); evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_X, 1, fd); ASSERT_EQ(get_field_as_string(evt, "fd.type"), "inotify"); ASSERT_EQ(get_field_as_string(evt, "fd.typechar"), "i"); @@ -404,7 +404,7 @@ TEST_F(sinsp_with_test_input, inotify_init) int64_t res = 15; uint8_t flags = 79; - add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 1, flags); + add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_E, 0); evt = add_event_advance_ts(increasing_ts(), 1, PPME_SYSCALL_INOTIFY_INIT_X, 1, res); ASSERT_EQ(get_field_as_string(evt, "fd.num"), std::to_string(res));