From: Jan Rękorajski Date: Thu, 23 May 2019 07:29:55 +0000 (+0200) Subject: - upstream fix for ekrnel 5.1 X-Git-Tag: auto/th/sysdig-0.24.2-2 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=c12e2ab260736e4e8f4f267530d1183e0a263edb;p=packages%2Fsysdig.git - upstream fix for ekrnel 5.1 - rel 2 --- diff --git a/kernel-5.1.patch b/kernel-5.1.patch index cd77c74..45836d1 100644 --- a/kernel-5.1.patch +++ b/kernel-5.1.patch @@ -1,12 +1,1598 @@ ---- sysdig-0.24.2/driver/ppm_flag_helpers.h~ 2018-12-21 21:38:44.000000000 +0100 -+++ sysdig-0.24.2/driver/ppm_flag_helpers.h 2019-05-07 19:25:30.678391028 +0200 -@@ -13,6 +13,9 @@ - #include - #include - #include -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) -+#include +diff --git a/driver/main.c b/driver/main.c +index a2b0b645..fc876858 100644 +--- a/driver/main.c ++++ b/driver/main.c +@@ -216,6 +216,15 @@ do { \ + pr_info(fmt, ##__VA_ARGS__); \ + } while (0) + ++inline void ppm_syscall_get_arguments(struct task_struct *task, struct pt_regs *regs, unsigned long *args) ++{ ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0)) ++ syscall_get_arguments(task, regs, 0, 6, args); ++#else ++ syscall_get_arguments(task, regs, args); +#endif ++} ++ + /* compat tracepoint functions */ + static int compat_register_trace(void *func, const char *probename, struct tracepoint *tp) + { +@@ -1284,11 +1293,10 @@ static const unsigned char compat_nas[21] = { + #ifdef _HAS_SOCKETCALL + static enum ppm_event_type parse_socketcall(struct event_filler_arguments *filler_args, struct pt_regs *regs) + { +- unsigned long __user args[2]; ++ unsigned long __user args[6] = {}; + unsigned long __user *scargs; + int socketcall_id; +- +- syscall_get_arguments(current, regs, 0, 2, args); ++ ppm_syscall_get_arguments(current, regs, args); + socketcall_id = args[0]; + scargs = (unsigned long __user *)args[1]; + +@@ -1403,6 +1411,7 @@ static inline void record_drop_x(struct ppm_consumer_t *consumer, struct timespe + static inline int drop_nostate_event(enum ppm_event_type event_type, + struct pt_regs *regs) + { ++ unsigned long args[6] = {}; + unsigned long arg = 0; + int close_fd = -1; + struct files_struct *files; +@@ -1424,7 +1433,8 @@ static inline int drop_nostate_event(enum ppm_event_type event_type, + * The invalid fd events don't matter to userspace in dropping mode, + * so we do this before the UF_NEVER_DROP check + */ +- syscall_get_arguments(current, regs, 0, 1, &arg); ++ ppm_syscall_get_arguments(current, regs, args); ++ arg = args[0]; + close_fd = (int)arg; + + files = current->files; +@@ -1444,7 +1454,8 @@ static inline int drop_nostate_event(enum ppm_event_type event_type, + case PPME_SYSCALL_FCNTL_E: + case PPME_SYSCALL_FCNTL_X: + // cmd arg +- syscall_get_arguments(current, regs, 1, 1, &arg); ++ ppm_syscall_get_arguments(current, regs, args); ++ arg = args[1]; + if (arg != F_DUPFD && arg != F_DUPFD_CLOEXEC) + drop = true; + break; +diff --git a/driver/ppm.h b/driver/ppm.h +index 6ecc2b71..6077fa42 100644 +--- a/driver/ppm.h ++++ b/driver/ppm.h +@@ -113,4 +113,6 @@ extern const struct syscall_evt_pair g_syscall_ia32_table[]; + extern const enum ppm_syscall_code g_syscall_ia32_code_routing_table[]; + #endif + ++extern void ppm_syscall_get_arguments(struct task_struct *task, struct pt_regs *regs, unsigned long *args); ++ + #endif /* PPM_H_ */ +diff --git a/driver/ppm_events.c b/driver/ppm_events.c +index 71759088..fd96acd8 100644 +--- a/driver/ppm_events.c ++++ b/driver/ppm_events.c +@@ -240,14 +249,16 @@ inline u32 compute_snaplen(struct event_filler_arguments *args, char *buf, u32 l + if (err == 0) { + if(args->event_type == PPME_SOCKET_SENDTO_X) + { ++ unsigned long syscall_args[6] = {}; + unsigned long val; + struct sockaddr __user * usrsockaddr; + /* + * Get the address + */ +- if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 4, 1, &val); +- else ++ if (!args->is_socketcall) { ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[4]; ++ } else + val = args->socketcall_args[4]; + + usrsockaddr = (struct sockaddr __user *)val; +@@ -261,9 +272,10 @@ inline u32 compute_snaplen(struct event_filler_arguments *args, char *buf, u32 l + /* + * Get the address len + */ +- if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 5, 1, &val); +- else ++ if (!args->is_socketcall) { ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[5]; ++ } else + val = args->socketcall_args[5]; + + if (val != 0) { +@@ -279,6 +291,7 @@ inline u32 compute_snaplen(struct event_filler_arguments *args, char *buf, u32 l + } + } + } else if (args->event_type == PPME_SOCKET_SENDMSG_X) { ++ unsigned long syscall_args[6] = {}; + unsigned long val; + struct sockaddr __user * usrsockaddr; + int addrlen; +@@ -291,9 +304,10 @@ inline u32 compute_snaplen(struct event_filler_arguments *args, char *buf, u32 l + struct msghdr mh; + #endif + +- if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); +- else ++ if (!args->is_socketcall) { ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[1]; ++ } else + val = args->socketcall_args[1]; + + #ifdef CONFIG_COMPAT +@@ -1102,6 +1118,7 @@ int32_t parse_readv_writev_bufs(struct event_filler_arguments *args, const struc + unsigned long bufsize; + char *targetbuf = args->str_storage; + u32 targetbuflen = STR_STORAGE_SIZE; ++ unsigned long syscall_args[6] = {}; + unsigned long val; + u32 notcopied_len; + size_t tocopy_len; +@@ -1147,9 +1164,10 @@ int32_t parse_readv_writev_bufs(struct event_filler_arguments *args, const struc + /* + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ +- if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); +- else ++ if (!args->is_socketcall) { ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[0]; ++ } else + val = args->socketcall_args[0]; + args->fd = (int)val; + +@@ -1233,6 +1251,7 @@ int32_t compat_parse_readv_writev_bufs(struct event_filler_arguments *args, cons + unsigned long bufsize; + char *targetbuf = args->str_storage; + u32 targetbuflen = STR_STORAGE_SIZE; ++ unsigned long syscall_args[6] = {}; + unsigned long val; + u32 notcopied_len; + compat_size_t tocopy_len; +@@ -1278,9 +1297,10 @@ int32_t compat_parse_readv_writev_bufs(struct event_filler_arguments *args, cons + /* + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ +- if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); +- else ++ if (!args->is_socketcall) { ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[0]; ++ } else + val = args->socketcall_args[0]; + args->fd = (int)val; + +@@ -1364,6 +1384,7 @@ int32_t compat_parse_readv_writev_bufs(struct event_filler_arguments *args, cons + int f_sys_autofill(struct event_filler_arguments *args) + { + int res; ++ unsigned long syscall_args[6] = {}; + unsigned long val; + u32 j; + int64_t retval; +@@ -1382,11 +1403,8 @@ int f_sys_autofill(struct event_filler_arguments *args) + /* + * Regular argument + */ +- syscall_get_arguments(current, +- args->regs, +- evinfo->autofill_args[j].id, +- 1, +- &val); ++ ppm_syscall_get_arguments(current, args->regs, syscall_args); ++ val = syscall_args[evinfo->autofill_args[j].id]; + } + + res = val_to_ring(args, val, 0, true, 0); +diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c +index ccf092f1..883827af 100644 +--- a/driver/ppm_fillers.c ++++ b/driver/ppm_fillers.c +@@ -46,6 +47,23 @@ or GPL2.txt for full copies of the license. + + #define merge_64(hi, lo) ((((unsigned long long)(hi)) << 32) + ((lo) & 0xffffffffUL)) + ++/* ++ * Linux 5.1 kernels modify the syscall_get_arguments function to always ++ * return all arguments rather than allowing the caller to select which ++ * arguments are desired. This wrapper replicates the original ++ * functionality. ++ */ ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0)) ++#define syscall_get_arguments_deprecated syscall_get_arguments ++#else ++#define syscall_get_arguments_deprecated(_task, _reg, _start, _len, _args) \ ++ do { \ ++ unsigned long _sga_args[6] = {}; \ ++ syscall_get_arguments(_task, _reg, _sga_args); \ ++ memcpy(_args, &_sga_args[_start], _len); \ ++ } while(0) ++#endif ++ + int f_sys_generic(struct event_filler_arguments *args) + { + int res; +@@ -107,7 +132,7 @@ int f_sys_single(struct event_filler_arguments *args) + int res; + unsigned long val; + +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -147,7 +212,7 @@ int f_sys_open_x(struct event_filler_arguments *args) + /* + * name + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -156,7 +221,7 @@ int f_sys_open_x(struct event_filler_arguments *args) + * Flags + * Note that we convert them into the ppm portable representation before pushing them to the ring + */ +- syscall_get_arguments(current, args->regs, 1, 1, &flags); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &flags); + res = val_to_ring(args, open_flags_to_scap(flags), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -164,7 +229,7 @@ int f_sys_open_x(struct event_filler_arguments *args) + /* + * mode + */ +- syscall_get_arguments(current, args->regs, 2, 1, &modes); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &modes); + res = val_to_ring(args, open_modes_to_scap(flags, modes), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -182,7 +254,7 @@ int f_sys_read_x(struct event_filler_arguments *args) + /* + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + args->fd = (int)val; + + /* +@@ -203,7 +275,7 @@ int f_sys_read_x(struct event_filler_arguments *args) + val = 0; + bufsize = 0; + } else { +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + + /* + * The return value can be lower than the value provided by the user, +@@ -233,7 +305,7 @@ int f_sys_write_x(struct event_filler_arguments *args) + /* + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + args->fd = (int)val; + + /* +@@ -248,13 +320,13 @@ int f_sys_write_x(struct event_filler_arguments *args) + /* + * data + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + bufsize = val; + + /* + * Copy the buffer + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + args->enforce_snaplen = true; + res = val_to_ring(args, val, bufsize, true, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -693,7 +765,7 @@ int f_proc_startupdate(struct event_filler_arguments *args) + */ + args->str_storage[0] = 0; + +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) + args_len = compat_accumulate_argv_or_env((compat_uptr_t)val, +@@ -865,9 +937,9 @@ cgroups_error: + */ + if (args->event_type == PPME_SYSCALL_CLONE_20_X) { + #ifdef CONFIG_S390 +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + #else +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + #endif + } else + val = 0; +@@ -940,7 +1012,7 @@ cgroups_error: + /* + * The call failed, so get the env from the arguments + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) + env_len = compat_accumulate_argv_or_env((compat_uptr_t)val, +@@ -1009,7 +1081,7 @@ int f_sys_execve_e(struct event_filler_arguments *args) + /* + * filename + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (res == PPM_FAILURE_INVALID_USER_MEMORY) + res = val_to_ring(args, (unsigned long)"", 0, false, 0); +@@ -1041,7 +1113,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments *args) + * addr + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -1051,7 +1123,7 @@ int f_sys_socket_bind_x(struct event_filler_arguments *args) + * Get the address len + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + else + val = args->socketcall_args[2]; + +@@ -1109,7 +1181,7 @@ int f_sys_connect_x(struct event_filler_arguments *args) + * in the stack, and therefore we can consume them. + */ + if (!args->is_socketcall) { +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + fd = (int)val; + } else + fd = (int)args->socketcall_args[0]; +@@ -1119,7 +1191,7 @@ int f_sys_connect_x(struct event_filler_arguments *args) + * Get the address + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -1129,7 +1201,7 @@ int f_sys_connect_x(struct event_filler_arguments *args) + * Get the address len + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + else + val = args->socketcall_args[2]; + +@@ -1194,7 +1266,7 @@ int f_sys_socketpair_x(struct event_filler_arguments *args) + * fds + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + else + val = args->socketcall_args[3]; + #ifdef CONFIG_COMPAT +@@ -1427,9 +1499,9 @@ int f_sys_setsockopt_x(struct event_filler_arguments *args) + { + int res; + int64_t retval; +- unsigned long val[5]; ++ unsigned long val[5] = {}; + +- syscall_get_arguments(current, args->regs, 0, 5, val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 5, val); + retval = (int64_t)(long)syscall_get_return_value(current, args->regs); + + /* retval */ +@@ -1471,9 +1543,9 @@ int f_sys_getsockopt_x(struct event_filler_arguments *args) + int res; + int64_t retval; + uint32_t optlen; +- unsigned long val[5]; ++ unsigned long val[5] = {}; + +- syscall_get_arguments(current, args->regs, 0, 5, val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 5, val); + retval = (int64_t)(long)syscall_get_return_value(current, args->regs); + + /* retval */ +@@ -1575,7 +1647,7 @@ int f_sys_accept_x(struct event_filler_arguments *args) + * queuepct + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &srvskfd); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &srvskfd); + else + srvskfd = args->socketcall_args[0]; + +@@ -1617,7 +1689,7 @@ int f_sys_send_e_common(struct event_filler_arguments *args, int *fd) + * fd + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + else + val = args->socketcall_args[0]; + +@@ -1631,7 +1703,7 @@ int f_sys_send_e_common(struct event_filler_arguments *args, int *fd) + * size + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 2, 1, &size); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &size); + else + size = args->socketcall_args[2]; + +@@ -1678,7 +1750,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args) + * Get the address + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 4, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &val); + else + val = args->socketcall_args[4]; + +@@ -1688,7 +1760,7 @@ int f_sys_sendto_e(struct event_filler_arguments *args) + * Get the address len + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 5, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 5, 1, &val); + else + val = args->socketcall_args[5]; + +@@ -1736,7 +1808,7 @@ int f_sys_send_x(struct event_filler_arguments *args) + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + else + val = args->socketcall_args[0]; + +@@ -1761,7 +1833,7 @@ int f_sys_send_x(struct event_filler_arguments *args) + bufsize = 0; + } else { + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -1790,7 +1862,7 @@ int f_sys_recv_x_common(struct event_filler_arguments *args, int64_t *retval) + * Retrieve the FD. It will be used for dynamic snaplen calculation. + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -1815,7 +1887,7 @@ int f_sys_recv_x_common(struct event_filler_arguments *args, int64_t *retval) + bufsize = 0; + } else { + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -1871,7 +1943,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args) + * Get the fd + */ + if (!args->is_socketcall) { +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + fd = (int)val; + } else + fd = (int)args->socketcall_args[0]; +@@ -1880,7 +1952,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args) + * Get the address + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 4, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &val); + else + val = args->socketcall_args[4]; + usrsockaddr = (struct sockaddr __user *)val; +@@ -1889,7 +1961,7 @@ int f_sys_recvfrom_x(struct event_filler_arguments *args) + * Get the address len + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 5, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 5, 1, &val); + else + val = args->socketcall_args[5]; + if (usrsockaddr != NULL && val != 0) { +@@ -1965,7 +2037,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args) + * fd + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + else + val = args->socketcall_args[0]; + +@@ -1978,7 +2050,7 @@ int f_sys_sendmsg_e(struct event_filler_arguments *args) + * Retrieve the message header + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -2090,7 +2162,7 @@ int f_sys_sendmsg_x(struct event_filler_arguments *args) + * Retrieve the message header + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -2163,7 +2235,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args) + * Retrieve the message header + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -2207,7 +2279,7 @@ int f_sys_recvmsg_x(struct event_filler_arguments *args) + * Get the fd + */ + if (!args->is_socketcall) { +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + fd = (int)val; + } else + fd = (int)args->socketcall_args[0]; +@@ -2269,7 +2382,7 @@ int f_sys_pipe_x(struct event_filler_arguments *args) + /* + * fds + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + #ifdef CONFIG_COMPAT + if (!args->compat) { +@@ -2317,7 +2430,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args) + /* + * initval + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2326,7 +2439,7 @@ int f_sys_eventfd_e(struct event_filler_arguments *args) + * flags + * XXX not implemented yet + */ +- /* syscall_get_arguments(current, args->regs, 1, 1, &val); */ ++ /* syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); */ + val = 0; + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -2344,7 +2457,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args) + * fd + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + else + val = args->socketcall_args[0]; - #include "ppm.h" +@@ -2356,7 +2469,7 @@ int f_sys_shutdown_e(struct event_filler_arguments *args) + * how + */ + if (!args->is_socketcall) +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + else + val = args->socketcall_args[1]; + +@@ -2375,7 +2488,7 @@ int f_sys_futex_e(struct event_filler_arguments *args) + /* + * addr + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2383,7 +2496,7 @@ int f_sys_futex_e(struct event_filler_arguments *args) + /* + * op + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, (unsigned long)futex_op_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2391,7 +2504,7 @@ int f_sys_futex_e(struct event_filler_arguments *args) + /* + * val + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2407,7 +2520,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2415,7 +2528,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args) + /* + * offset + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2423,7 +2536,7 @@ int f_sys_lseek_e(struct event_filler_arguments *args) + /* + * whence + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, lseek_whence_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2442,7 +2555,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2451,8 +2564,8 @@ int f_sys_llseek_e(struct event_filler_arguments *args) + * offset + * We build it by combining the offset_high and offset_low system call arguments + */ +- syscall_get_arguments(current, args->regs, 1, 1, &oh); +- syscall_get_arguments(current, args->regs, 2, 1, &ol); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &oh); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &ol); + offset = (((uint64_t)oh) << 32) + ((uint64_t)ol); + res = val_to_ring(args, offset, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -2461,7 +2574,7 @@ int f_sys_llseek_e(struct event_filler_arguments *args) + /* + * whence + */ +- syscall_get_arguments(current, args->regs, 4, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &val); + res = val_to_ring(args, lseek_whence_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2485,7 +2598,7 @@ static int poll_parse_fds(struct event_filler_arguments *args, bool enter_event) + * + * Get the number of fds + */ +- syscall_get_arguments(current, args->regs, 1, 1, &nfds); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &nfds); + + /* + * Check if we have enough space to store both the fd list +@@ -2495,7 +2608,7 @@ static int poll_parse_fds(struct event_filler_arguments *args, bool enter_event) + return PPM_FAILURE_BUFFER_FULL; + + /* Get the fds pointer */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + fds = (struct pollfd *)args->str_storage; + #ifdef CONFIG_COMPAT +@@ -2552,7 +2665,7 @@ int f_sys_poll_e(struct event_filler_arguments *args) + /* + * timeout + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2607,7 +2720,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args) + /* + * timeout + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + /* NULL timeout specified as 0xFFFFFF.... */ + if (val == (unsigned long)NULL) + res = val_to_ring(args, (uint64_t)(-1), 0, false, 0); +@@ -2619,7 +2732,7 @@ int f_sys_ppoll_e(struct event_filler_arguments *args) + /* + * sigmask + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + if (val != (unsigned long)NULL) + if (0 != ppm_copy_from_user(&val, (void __user *)val, sizeof(val))) + return PPM_FAILURE_INVALID_USER_MEMORY; +@@ -2661,7 +2774,7 @@ int f_sys_mount_e(struct event_filler_arguments *args) + * Fix mount flags in arg 3. + * See http://lxr.free-electrons.com/source/fs/namespace.c?v=4.2#L2650 + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + if ((val & PPM_MS_MGC_MSK) == PPM_MS_MGC_VAL) + val &= ~PPM_MS_MGC_MSK; + res = val_to_ring(args, val, 0, false, 0); +@@ -2687,7 +2800,7 @@ int f_sys_openat_x(struct event_filler_arguments *args) + /* + * dirfd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -2699,7 +2812,7 @@ int f_sys_openat_x(struct event_filler_arguments *args) + /* + * name + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2708,7 +2821,7 @@ int f_sys_openat_x(struct event_filler_arguments *args) + * Flags + * Note that we convert them into the ppm portable representation before pushing them to the ring + */ +- syscall_get_arguments(current, args->regs, 2, 1, &flags); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &flags); + res = val_to_ring(args, open_flags_to_scap(flags), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2716,7 +2829,7 @@ int f_sys_openat_x(struct event_filler_arguments *args) + /* + * mode + */ +- syscall_get_arguments(current, args->regs, 3, 1, &modes); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &modes); + res = val_to_ring(args, open_modes_to_scap(flags, modes), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2738,7 +2858,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args) + /* + * dirfd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -2750,7 +2870,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args) + /* + * name + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2759,7 +2879,7 @@ int f_sys_unlinkat_x(struct event_filler_arguments *args) + * flags + * Note that we convert them into the ppm portable representation before pushing them to the ring + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, unlinkat_flags_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2782,7 +2902,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args) + /* + * olddir + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -2794,7 +2914,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args) + /* + * oldpath + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2802,7 +2922,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args) + /* + * newdir + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -2814,7 +2934,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args) + /* + * newpath + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2823,7 +2943,7 @@ int f_sys_linkat_x(struct event_filler_arguments *args) + * Flags + * Note that we convert them into the ppm portable representation before pushing them to the ring + */ +- syscall_get_arguments(current, args->regs, 4, 1, &flags); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &flags); + res = val_to_ring(args, linkat_flags_to_scap(flags), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2844,7 +2964,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2852,7 +2972,7 @@ int f_sys_pread64_e(struct event_filler_arguments *args) + /* + * size + */ +- syscall_get_arguments(current, args->regs, 2, 1, &size); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &size); + res = val_to_ring(args, size, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2861,11 +2981,11 @@ int f_sys_pread64_e(struct event_filler_arguments *args) + * pos + */ + #if defined CONFIG_X86 +- syscall_get_arguments(current, args->regs, 3, 1, &pos0); +- syscall_get_arguments(current, args->regs, 4, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos1); + #elif defined CONFIG_ARM && CONFIG_AEABI +- syscall_get_arguments(current, args->regs, 4, 1, &pos0); +- syscall_get_arguments(current, args->regs, 5, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 5, 1, &pos1); + #else + #error This architecture/abi not yet supported + #endif +@@ -2895,7 +3015,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2903,7 +3023,7 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args) + /* + * size + */ +- syscall_get_arguments(current, args->regs, 2, 1, &size); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &size); + res = val_to_ring(args, size, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -2914,17 +3034,17 @@ int f_sys_pwrite64_e(struct event_filler_arguments *args) + * separate registers that we need to merge. + */ + #ifdef _64BIT_ARGS_SINGLE_REGISTER +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; + #else + #if defined CONFIG_X86 +- syscall_get_arguments(current, args->regs, 3, 1, &pos0); +- syscall_get_arguments(current, args->regs, 4, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos1); + #elif defined CONFIG_ARM && CONFIG_AEABI +- syscall_get_arguments(current, args->regs, 4, 1, &pos0); +- syscall_get_arguments(current, args->regs, 5, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 5, 1, &pos1); + #else + #error This architecture/abi not yet supported + #endif +@@ -2962,8 +3082,8 @@ int f_sys_readv_preadv_x(struct event_filler_arguments *args) + /* + * data and size + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); +- syscall_get_arguments(current, args->regs, 2, 1, &iovcnt); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &iovcnt); + + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) { +@@ -2994,7 +3114,7 @@ int f_sys_writev_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3002,12 +3122,12 @@ int f_sys_writev_e(struct event_filler_arguments *args) + /* + * size + */ +- syscall_get_arguments(current, args->regs, 2, 1, &iovcnt); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &iovcnt); + + /* + * Copy the buffer + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) { + compat_iov = (const struct compat_iovec __user *)compat_ptr(val); +@@ -3050,13 +3170,13 @@ int f_sys_writev_pwritev_x(struct event_filler_arguments *args) + /* + * data and size + */ +- syscall_get_arguments(current, args->regs, 2, 1, &iovcnt); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &iovcnt); + + + /* + * Copy the buffer + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) { + compat_iov = (const struct compat_iovec __user *)compat_ptr(val); +@@ -3085,7 +3205,7 @@ int f_sys_preadv64_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3100,8 +3220,8 @@ int f_sys_preadv64_e(struct event_filler_arguments *args) + * requirements apply here. For an overly-detailed discussion about + * this, see https://lwn.net/Articles/311630/ + */ +- syscall_get_arguments(current, args->regs, 3, 1, &pos0); +- syscall_get_arguments(current, args->regs, 4, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos1); + + pos64 = merge_64(pos1, pos0); + +@@ -3131,7 +3251,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3139,12 +3259,12 @@ int f_sys_pwritev_e(struct event_filler_arguments *args) + /* + * size + */ +- syscall_get_arguments(current, args->regs, 2, 1, &iovcnt); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &iovcnt); + + /* + * Copy the buffer + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + #ifdef CONFIG_COMPAT + if (unlikely(args->compat)) { + compat_iov = (const struct compat_iovec __user *)compat_ptr(val); +@@ -3167,7 +3287,7 @@ int f_sys_pwritev_e(struct event_filler_arguments *args) + * separate registers that we need to merge. + */ + #ifdef _64BIT_ARGS_SINGLE_REGISTER +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3178,8 +3298,8 @@ int f_sys_pwritev_e(struct event_filler_arguments *args) + * requirements apply here. For an overly-detailed discussion about + * this, see https://lwn.net/Articles/311630/ + */ +- syscall_get_arguments(current, args->regs, 3, 1, &pos0); +- syscall_get_arguments(current, args->regs, 4, 1, &pos1); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &pos0); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &pos1); + + pos64 = merge_64(pos1, pos0); + +@@ -3196,7 +3316,7 @@ int f_sys_nanosleep_e(struct event_filler_arguments *args) + unsigned long val; + int res; + +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = timespec_parse(args, val); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3213,7 +3333,7 @@ int f_sys_getrlimit_setrlimit_e(struct event_filler_arguments *args) + /* + * resource + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + ppm_resource = rlimit_resource_to_scap(val); + +@@ -3248,7 +3368,7 @@ int f_sys_getrlimit_setrlrimit_x(struct event_filler_arguments *args) + * Copy the user structure and extract cur and max + */ + if (retval >= 0 || args->event_type == PPME_SYSCALL_SETRLIMIT_X) { +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + + #ifdef CONFIG_COMPAT + if (!args->compat) { +@@ -3296,7 +3416,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args) + /* + * pid + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -3305,7 +3425,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args) + /* + * resource + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + + ppm_resource = rlimit_resource_to_scap(val); + +@@ -3342,7 +3462,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args) + * Copy the user structure and extract cur and max + */ + if (retval >= 0) { +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + + #ifdef CONFIG_COMPAT + if (!args->compat) { +@@ -3370,7 +3490,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args) + newmax = -1; + } + +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + + #ifdef CONFIG_COMPAT + if (!args->compat) { +@@ -3525,7 +3645,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3533,7 +3653,7 @@ int f_sys_fcntl_e(struct event_filler_arguments *args) + /* + * cmd + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, fcntl_cmd_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3547,7 +3667,7 @@ static inline int parse_ptrace_addr(struct event_filler_arguments *args, u16 req + uint64_t dst; + u8 idx; + +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + switch (request) { + default: + idx = PPM_PTRACE_IDX_UINT64; +@@ -3564,7 +3684,7 @@ static inline int parse_ptrace_data(struct event_filler_arguments *args, u16 req + uint64_t dst; + u8 idx; + +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + switch (request) { + case PPM_PTRACE_PEEKTEXT: + case PPM_PTRACE_PEEKDATA: +@@ -3612,7 +3732,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args) + /* + * request + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, ptrace_requests_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3620,7 +3740,7 @@ int f_sys_ptrace_e(struct event_filler_arguments *args) + /* + * pid + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3658,7 +3778,7 @@ int f_sys_ptrace_x(struct event_filler_arguments *args) + /* + * request + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + request = ptrace_requests_to_scap(val); + + res = parse_ptrace_addr(args, request); +@@ -3724,7 +3844,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * addr + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3732,7 +3852,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * length + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3740,7 +3860,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * prot + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, prot_flags_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3748,7 +3868,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * flags + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, mmap_flags_to_scap(val), 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3756,7 +3876,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * fd + */ +- syscall_get_arguments(current, args->regs, 4, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 4, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3764,7 +3884,7 @@ int f_sys_mmap_e(struct event_filler_arguments *args) + /* + * offset/pgoffset + */ +- syscall_get_arguments(current, args->regs, 5, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 5, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3786,7 +3906,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args) + /* + * olddirfd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -3798,7 +3918,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args) + /* + * oldpath + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3806,7 +3926,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args) + /* + * newdirfd + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -3818,7 +3938,7 @@ int f_sys_renameat_x(struct event_filler_arguments *args) + /* + * newpath + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3840,7 +3960,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments *args) + /* + * oldpath + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3848,7 +3968,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments *args) + /* + * newdirfd + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -3860,7 +3980,7 @@ int f_sys_symlinkat_x(struct event_filler_arguments *args) + /* + * newpath + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3896,7 +4016,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args) + /* + * out_fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3904,7 +4024,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args) + /* + * in_fd + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3912,7 +4032,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args) + /* + * offset + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + + if (val != 0) { + #ifdef CONFIG_COMPAT +@@ -3937,7 +4057,7 @@ int f_sys_sendfile_e(struct event_filler_arguments *args) + /* + * size + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -3963,7 +4083,7 @@ int f_sys_sendfile_x(struct event_filler_arguments *args) + /* + * offset + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + + if (val != 0) { + #ifdef CONFIG_COMPAT +@@ -3999,7 +4119,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args) + /* + * extract cmd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + cmd = quotactl_cmd_to_scap(val); + res = val_to_ring(args, cmd, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -4016,7 +4136,7 @@ int f_sys_quotactl_e(struct event_filler_arguments *args) + * extract id + */ + id = 0; +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + if ((cmd == PPM_Q_GETQUOTA) || + (cmd == PPM_Q_SETQUOTA) || + (cmd == PPM_Q_XGETQUOTA) || +@@ -4059,7 +4179,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args) + /* + * extract cmd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + cmd = quotactl_cmd_to_scap(val); + + /* +@@ -4073,7 +4193,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args) + /* + * Add special + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4081,7 +4201,7 @@ int f_sys_quotactl_x(struct event_filler_arguments *args) + /* + * get addr + */ +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + + /* + * get quotafilepath only for QUOTAON +@@ -4259,7 +4379,7 @@ int f_sys_getresuid_and_gid_x(struct event_filler_arguments *args) + /* + * ruid + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + #ifdef CONFIG_COMPAT + if (!args->compat) { + #endif +@@ -4279,7 +4399,7 @@ int f_sys_getresuid_and_gid_x(struct event_filler_arguments *args) + /* + * euid + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + len = ppm_copy_from_user(&uid, (void *)val, sizeof(uint32_t)); + if (unlikely(len != 0)) + return PPM_FAILURE_INVALID_USER_MEMORY; +@@ -4291,7 +4411,7 @@ int f_sys_getresuid_and_gid_x(struct event_filler_arguments *args) + /* + * suid + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + len = ppm_copy_from_user(&uid, (void *)val, sizeof(uint32_t)); + if (unlikely(len != 0)) + return PPM_FAILURE_INVALID_USER_MEMORY; +@@ -4309,12 +4429,12 @@ int f_sys_flock_e(struct event_filler_arguments *args) + int res; + u32 flags; + +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; + +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + flags = flock_flags_to_scap(val); + res = val_to_ring(args, flags, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -4332,7 +4452,7 @@ int f_sys_setns_e(struct event_filler_arguments *args) + /* + * parse fd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4340,7 +4460,7 @@ int f_sys_setns_e(struct event_filler_arguments *args) + /* + * get type, parse as clone flags as it's a subset of it + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + flags = clone_flags_to_scap(val); + res = val_to_ring(args, flags, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -4358,7 +4478,7 @@ int f_sys_unshare_e(struct event_filler_arguments *args) + /* + * get type, parse as clone flags as it's a subset of it + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + flags = clone_flags_to_scap(val); + res = val_to_ring(args, flags, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) +@@ -4459,7 +4579,7 @@ int f_sys_semop_x(struct event_filler_arguments *args) + * actually this could be read in the enter function but + * we also need to know the value to access the sembuf structs + */ +- syscall_get_arguments(current, args->regs, 2, 1, &nsops); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &nsops); + res = val_to_ring(args, nsops, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4467,7 +4587,7 @@ int f_sys_semop_x(struct event_filler_arguments *args) + /* + * sembuf + */ +- syscall_get_arguments(current, args->regs, 1, 1, (unsigned long *) &ptr); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, (unsigned long *) &ptr); + + if (nsops && ptr) { + /* max length of sembuf array in g_event_info = 2 */ +@@ -4506,7 +4626,7 @@ int f_sys_semget_e(struct event_filler_arguments *args) + /* + * key + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4514,7 +4634,7 @@ int f_sys_semget_e(struct event_filler_arguments *args) + /* + * nsems + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4522,7 +4642,7 @@ int f_sys_semget_e(struct event_filler_arguments *args) + /* + * semflg + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, semget_flags_to_scap(val), 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4538,7 +4658,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args) + /* + * semid + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4546,7 +4666,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args) + /* + * semnum + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4554,7 +4674,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args) + /* + * cmd + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, semctl_cmd_to_scap(val), 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4563,7 +4683,7 @@ int f_sys_semctl_e(struct event_filler_arguments *args) + * optional argument semun/val + */ + if (val == SETVAL) +- syscall_get_arguments(current, args->regs, 3, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 3, 1, &val); + else + val = 0; + res = val_to_ring(args, val, 0, true, 0); +@@ -4581,7 +4701,7 @@ int f_sys_access_e(struct event_filler_arguments *args) + /* + * mode + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, access_flags_to_scap(val), 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4609,7 +4729,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args) + /* + * fd, depending on cmd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &cmd); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &cmd); + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 18, 0) + if(cmd == BPF_MAP_CREATE || cmd == BPF_PROG_LOAD) + #else +@@ -4642,7 +4762,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args) + /* + * dirfd + */ +- syscall_get_arguments(current, args->regs, 0, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 0, 1, &val); + + if ((int)val == AT_FDCWD) + val = PPM_AT_FDCWD; +@@ -4654,7 +4774,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args) + /* + * path + */ +- syscall_get_arguments(current, args->regs, 1, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 1, 1, &val); + res = val_to_ring(args, val, 0, true, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +@@ -4662,7 +4782,7 @@ int f_sys_mkdirat_x(struct event_filler_arguments *args) + /* + * mode + */ +- syscall_get_arguments(current, args->regs, 2, 1, &val); ++ syscall_get_arguments_deprecated(current, args->regs, 2, 1, &val); + res = val_to_ring(args, val, 0, false, 0); + if (unlikely(res != PPM_SUCCESS)) + return res; +diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h +index 6e9ac21c..1c3b9251 100644 +--- a/driver/ppm_flag_helpers.h ++++ b/driver/ppm_flag_helpers.h +@@ -9,8 +9,7 @@ or GPL2.txt for full copies of the license. + + #ifndef PPM_FLAG_HELPERS_H_ + #define PPM_FLAG_HELPERS_H_ +- +-#include ++#include + #include + #include diff --git a/sysdig.spec b/sysdig.spec index f1666d0..f456290 100644 --- a/sysdig.spec +++ b/sysdig.spec @@ -22,7 +22,7 @@ exit 1 %undefine with_luajit %endif -%define rel 1 +%define rel 2 %define pname sysdig Summary: sysdig, a system-level exploration and troubleshooting tool Summary(pl.UTF-8): sysdig - narzędzie do przeglądu i rozwiązywania problemów na poziomie systemowym @@ -48,6 +48,7 @@ BuildRequires: libstdc++-devel >= 6:4.4 %{?with_luajit:BuildRequires: luajit-devel >= 2.0.3} BuildRequires: ncurses-devel >= 5.9 BuildRequires: openssl-devel >= 1.0.2 +BuildRequires: tbb-devel BuildRequires: zlib-devel >= 1.2.8 %{!?with_luajit:BuildConflicts: luajit-devel} %{?with_kernel:%{expand:%buildrequires_kernel kernel%%{_alt_kernel}-module-build >= 3:2.6.20.2}} @@ -171,6 +172,7 @@ cd build -DDIR_ETC=%{_sysconfdir} \ -DSYSDIG_VERSION=%{version}-%{rel} \ -DBUILD_DRIVER=OFF \ + -DUSE_BUNDLED_DEPS=OFF \ -DUSE_BUNDLED_B64=OFF \ -DUSE_BUNDLED_CURL=OFF \ -DUSE_BUNDLED_JQ=OFF \ @@ -178,6 +180,7 @@ cd build -DUSE_BUNDLED_LUAJIT=OFF \ -DUSE_BUNDLED_NCURSES=OFF \ -DUSE_BUNDLED_OPENSSL=OFF \ + -DUSE_BUNDLED_TBB=OFF \ -DUSE_BUNDLED_ZLIB=OFF cd ..