fix(driver/modern_bpf,test/drivers): fixed drivers_test on ppc64le

driver/modern_bpf/definitions/missing_definitions.h

@@ -403,19 +403,28 @@
 #define SO_LINGER 13
 #define SO_BSDCOMPAT 14
 #define SO_REUSEPORT 15
+/* Powerpc64 has different values for these ones. See /usr/include/asm/socket.h */
+#if defined(__TARGET_ARCH_powerpc)
+#define SO_RCVLOWAT     16
+#define SO_SNDLOWAT     17
+#define SO_RCVTIMEO_OLD 18
+#define SO_SNDTIMEO_OLD 19
+#define SO_PASSCRED     20
+#define SO_PEERCRED     21
+#else
 #define SO_PASSCRED 16
 #define SO_PEERCRED 17
 #define SO_RCVLOWAT 18
 #define SO_SNDLOWAT 19
-
 /* Define all flavours just to be sure to catch at least one of them
  * https://github.com/torvalds/linux/commit/a9beb86ae6e55bd92f38453c8623de60b8e5a308
  */
 #define SO_RCVTIMEO 20
 #define SO_RCVTIMEO_OLD 20
-#define SO_RCVTIMEO_NEW 66
 #define SO_SNDTIMEO 21
 #define SO_SNDTIMEO_OLD 21
+#endif
+#define SO_RCVTIMEO_NEW 66
 #define SO_SNDTIMEO_NEW 67
 
 /* Security levels - as per NRL IPv6 - don't actually do anything */
@@ -710,16 +719,6 @@
 /* semop flags */
 #define SEM_UNDO 0x1000 /* undo the operation on exit. */
 
-//////////////////////////
-// mlockall flags
-//////////////////////////
-
-/* `/include/uapi/asm-generic/mman.h` from kernel source tree. */
-
-#define MCL_CURRENT 1 /* lock all current mappings */
-#define MCL_FUTURE 2  /* lock all future mappings */
-#define MCL_ONFAULT 4 /* lock all pages that are faulted in */
-
 //////////////////////////
 // chmod modes
 //////////////////////////
@@ -770,12 +769,17 @@
 //////////////////////////
 // mlockall flags
 //////////////////////////
-
+/* arch/powerpc/include/uapi/asm/mman.h from kernel source tree. */
+#if defined(__TARGET_ARCH_powerpc)
+#define MCL_CURRENT     0x2000          /* lock all currently mapped pages */
+#define MCL_FUTURE      0x4000          /* lock all additions to address space */
+#define MCL_ONFAULT     0x8000          /* lock all pages that are faulted in */
+#else
 /* `/include/uapi/asm-generic/mman.h` from kernel source tree. */
-
 #define MCL_CURRENT 1 /* lock all current mappings */
 #define MCL_FUTURE 2  /* lock all future mappings */
 #define MCL_ONFAULT 4 /* lock all pages that are faulted in */
+#endif
 
 //////////////////////////
 // memfd_create flags
@@ -1333,7 +1337,6 @@
 
 #define MINORBITS 20
 #define MINORMASK ((1U << MINORBITS) - 1)
-
 #define MAJOR(dev) ((unsigned int)((dev) >> MINORBITS))
 #define MINOR(dev) ((unsigned int)((dev)&MINORMASK))
 #define MKDEV(ma, mi) (((ma) << MINORBITS) | (mi))

test/drivers/event_class/event_class.cpp

@@ -1,6 +1,8 @@
 #include <libscap/strl.h>
 #include "event_class.h"
 #include <time.h>
+#include <sys/vfs.h>    /* or <sys/statfs.h> */
+#include <linux/magic.h>
 
 #define MAX_CHARBUF_NUM 16
 #define CGROUP_NUMBER 5
@@ -985,3 +987,17 @@ void event_test::assert_event_in_buffers(pid_t pid_to_search, int event_to_searc
 		}
 	}
 }
+
+bool event_test::is_ext4_fs(int fd)
+{
+#ifdef __NR_fstatfs
+	struct statfs buf;
+	if (fstatfs(fd, &buf) != 0) {
+		return false;
+	}
+	if (buf.f_type == EXT4_SUPER_MAGIC) {
+		return true;
+	}
+#endif
+	return false;
+}

test/drivers/event_class/event_class.h

@@ -634,6 +634,13 @@ class event_test
 	 */
 	void assert_fd_list(int param_num, struct fd_poll* expected_fds, int32_t nfds);
 
+	/**
+	 * @brief We only support correct `dev` param for
+	 * open family of syscalls on ext4.
+	 * See https://github.com/falcosecurity/libs/issues/1805.
+	 */
+	static bool is_ext4_fs(int fd);
+
 private:
 	ppm_event_code m_event_type;		  /* type of the event we want to assert in this test. */
 	std::vector<struct param> m_event_params; /* all the params of the event (len+value). */

test/drivers/test_suites/syscall_exit_suite/clone3_x.cpp

@@ -208,11 +208,13 @@ TEST(SyscallExit, clone3X_child)
 	evt_test->assert_numeric_param(1, (int64_t)0);
 
 	/* Parameter 2: exe (type: PT_CHARBUF) */
+#ifndef __powerpc64__ // Page faults
 	evt_test->assert_charbuf_param(2, info.args[0]);
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
 	evt_test->assert_charbuf_array_param(3, &info.args[1]);
+#endif
 
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)ret_pid);
@@ -235,7 +237,9 @@ TEST(SyscallExit, clone3X_child)
 	evt_test->assert_cgroup_param(15);
 
 	/* Parameter 16: flags (type: PT_FLAGS32) */
+#ifndef __powerpc64__ // Page faults
 	evt_test->assert_numeric_param(16, (uint32_t)PPM_CL_CLONE_FILES);
+#endif
 
 	/* Parameter 21: pid_namespace init task start_time monotonic time in ns (type: PT_UINT64) */
 	evt_test->assert_numeric_param(21, (uint64_t)0, GREATER_EQUAL);
@@ -452,8 +456,9 @@ TEST(SyscallExit, clone3X_child_clone_parent_flag)
 	evt_test->assert_numeric_param(6, (int64_t)::gettid());
 
 	/* Parameter 16: flags (type: PT_FLAGS32) */
+#ifndef __powerpc64__ // Page fault
 	evt_test->assert_numeric_param(16, (uint32_t)PPM_CL_CLONE_PARENT);
-
+#endif
 	/* Parameter 19: vtid (type: PT_PID) */
 	evt_test->assert_numeric_param(19, (int64_t)p2_t1);
 
@@ -535,8 +540,9 @@ TEST(SyscallExit, clone3X_child_new_namespace_from_child)
 	evt_test->assert_numeric_param(6, (int64_t)::gettid());
 
 	/* Parameter 16: flags (type: PT_FLAGS32) */
+#ifndef __powerpc64__ // Page fault
 	evt_test->assert_numeric_param(16, (uint32_t)PPM_CL_CLONE_NEWPID | PPM_CL_CHILD_IN_PIDNS);
-
+#endif
 	/* Parameter 19: vtid (type: PT_PID) */
 	evt_test->assert_numeric_param(19, (int64_t)p1_t1[0]);
 

test/drivers/test_suites/syscall_exit_suite/clone_x.cpp

@@ -240,12 +240,13 @@ TEST(SyscallExit, cloneX_child)
 	evt_test->assert_numeric_param(1, (int64_t)0);
 
 	/* Parameter 2: exe (type: PT_CHARBUF) */
+#ifndef __powerpc64__ // Page fault
 	evt_test->assert_charbuf_param(2, info.args[0]);
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
 	evt_test->assert_charbuf_array_param(3, &info.args[1]);
-
+#endif
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)ret_pid);
 

test/drivers/test_suites/syscall_exit_suite/creat_x.cpp

@@ -21,6 +21,7 @@ TEST(SyscallExit, creatX_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 
 	/* Remove the file. */
 	syscall(__NR_close, fd);
@@ -53,7 +54,10 @@ TEST(SyscallExit, creatX_success)
 	evt_test->assert_numeric_param(3, (uint32_t)(PPM_S_IRUSR | PPM_S_IWUSR | PPM_S_IXUSR));
 
 	/* Parameter 4: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(4, (uint32_t)dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(4, (uint32_t)dev);
+	}
 
 	/* Parameter 5: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(5, (uint64_t)inode);

test/drivers/test_suites/syscall_exit_suite/fork_x.cpp

@@ -193,12 +193,13 @@ TEST(SyscallExit, forkX_child)
 	evt_test->assert_numeric_param(1, (int64_t)0);
 
 	/* Parameter 2: exe (type: PT_CHARBUF) */
+#ifndef __powerpc64__ // Page fault
 	evt_test->assert_charbuf_param(2, info.args[0]);
 
 	/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 	/* Starting from `1` because the first is `exe`. */
 	evt_test->assert_charbuf_array_param(3, &info.args[1]);
-
+#endif
 	/* Parameter 4: tid (type: PT_PID) */
 	evt_test->assert_numeric_param(4, (int64_t)ret_pid);
 

test/drivers/test_suites/syscall_exit_suite/open_by_handle_at_x.cpp

@@ -8,7 +8,7 @@
 
 #define MAX_FSPATH_LEN	4096
 
-void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *fspath, uint32_t *dev, uint64_t *inode, int use_mountpoint)
+void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *fspath, uint32_t *dev, uint64_t *inode, bool *is_ext4, int use_mountpoint)
 {
 	/*
 	 * 0. Create (temporary) mount point (if use_mountpoint).
@@ -107,6 +107,7 @@ void do___open_by_handle_atX_success(int *open_by_handle_fd, int *dirfd, char *f
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, *open_by_handle_fd, &file_stat), NOT_EQUAL, -1);
 	*dev = (uint32_t)file_stat.st_dev;
 	*inode = file_stat.st_ino;
+	*is_ext4 = event_test::is_ext4_fs(*open_by_handle_fd);
 #endif
 	/*
 	 * 7. Cleaning phase.
@@ -158,7 +159,8 @@ TEST(SyscallExit, open_by_handle_atX_success)
 	char fspath[MAX_FSPATH_LEN];
 	uint32_t dev;
 	uint64_t inode;
-	do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, 0);
+	bool is_ext4;
+	do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, &is_ext4, 0);
 
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
@@ -190,7 +192,10 @@ TEST(SyscallExit, open_by_handle_atX_success)
 
 #ifdef __NR_fstat
 	/* Parameter 5: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(5, dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(5, dev);
+	}
 
 	/* Parameter 6: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(6, inode);
@@ -215,7 +220,8 @@ TEST(SyscallExit, open_by_handle_atX_success_mp)
 	char fspath[MAX_FSPATH_LEN];
 	uint32_t dev;
 	uint64_t inode;
-	do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, 1);
+	bool is_ext4;
+	do___open_by_handle_atX_success(&open_by_handle_fd, &dirfd, fspath, &dev, &inode, &is_ext4, 1);
 
 	/*=============================== TRIGGER SYSCALL  ===========================*/
 
@@ -248,7 +254,10 @@ TEST(SyscallExit, open_by_handle_atX_success_mp)
 
 #ifdef __NR_fstat
 	/* Parameter 5: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(5, dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(5, dev);
+	}
 
 	/* Parameter 6: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(6, inode);

test/drivers/test_suites/syscall_exit_suite/open_x.cpp

@@ -30,6 +30,7 @@ TEST(SyscallExit, openX_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 	close(fd);
 
 	if(notmpfile)
@@ -69,7 +70,10 @@ TEST(SyscallExit, openX_success)
 	evt_test->assert_numeric_param(4, (uint32_t)mode);
 
 	/* Parameter 5: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(5, (uint32_t)dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(5, (uint32_t)dev);
+	}
 
 	/* Parameter 6: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(6, inode);

test/drivers/test_suites/syscall_exit_suite/openat2_x.cpp

@@ -30,6 +30,7 @@ TEST(SyscallExit, openat2X_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 #endif
 	close(fd);
 
@@ -70,7 +71,10 @@ TEST(SyscallExit, openat2X_success)
 
 #ifdef __NR_fstat
 	/* Parameter 7: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(7, dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(7, dev);
+	}
 
 	/* Parameter 8: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(8, inode);
@@ -175,6 +179,7 @@ TEST(SyscallExit, openat2X_create_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 #endif
 	close(fd);
 
@@ -215,7 +220,10 @@ TEST(SyscallExit, openat2X_create_success)
 
 #ifdef __NR_fstat
 	/* Parameter 7: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(7, dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(7, dev);
+	}
 
 	/* Parameter 8: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(8, inode);

test/drivers/test_suites/syscall_exit_suite/openat_x.cpp

@@ -33,6 +33,7 @@ TEST(SyscallExit, openatX_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 	close(fd);
 
 	if(notmpfile)
@@ -74,7 +75,10 @@ TEST(SyscallExit, openatX_success)
 	evt_test->assert_numeric_param(5, (uint32_t)mode);
 
 	/* Parameter 6: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(6, (uint32_t)dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(6, (uint32_t)dev);
+	}
 
 	/* Parameter 7: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(7, inode);
@@ -170,6 +174,7 @@ TEST(SyscallExit, openatX_create_success)
 	assert_syscall_state(SYSCALL_SUCCESS, "fstat", syscall(__NR_fstat, fd, &file_stat), NOT_EQUAL, -1);
 	uint32_t dev = (uint32_t)file_stat.st_dev;
 	uint64_t inode = file_stat.st_ino;
+	const bool is_ext4 = event_test::is_ext4_fs(fd);
 	close(fd);
 
 	/*=============================== TRIGGER SYSCALL  ===========================*/
@@ -205,7 +210,10 @@ TEST(SyscallExit, openatX_create_success)
 	evt_test->assert_numeric_param(5, (uint32_t)mode);
 
 	/* Parameter 6: dev (type: PT_UINT32) */
-	evt_test->assert_numeric_param(6, (uint32_t)dev);
+	if (is_ext4)
+	{
+		evt_test->assert_numeric_param(6, (uint32_t)dev);
+	}
 
 	/* Parameter 7: ino (type: PT_UINT64) */
 	evt_test->assert_numeric_param(7, inode);