From cb55f8f8134aa65e436fca2c925740b282fe45d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geyslan=20Greg=C3=B3rio?= Date: Wed, 15 Jan 2025 17:25:10 -0300 Subject: [PATCH] fix(parsers): fix openFlagsValues O_LARGEFILE O_LARGEFILE is different on arm64 and amd64, 0400000 and 00100000 respectively. --- pkg/events/parsers/data_parsers.go | 66 ++++++++---------------- pkg/events/parsers/data_parsers_amd64.go | 33 ++++++++++++ pkg/events/parsers/data_parsers_arm64.go | 33 ++++++++++++ 3 files changed, 87 insertions(+), 45 deletions(-) diff --git a/pkg/events/parsers/data_parsers.go b/pkg/events/parsers/data_parsers.go index 9b9adf6767e6..8caa375a0010 100644 --- a/pkg/events/parsers/data_parsers.go +++ b/pkg/events/parsers/data_parsers.go @@ -73,10 +73,11 @@ func buildStringFromValues(sb *strings.Builder, argValues []SystemFunctionArgume // Parsers // -// Use always raw values for the constants, since unix/syscall constants are not -// always set to the same values. -// For example, `O_LARGEFILE` is defined as 0x8000 (00100000) in C include, -// but as 0x0 in unix package. +// Always use raw values for constants instead of relying on Go's unix/syscall library constants. +// These constants are derived from UAPI definitions but may vary based on predefined macros +// (e.g., _LARGEFILE64_SOURCE, _FILE_OFFSET_BITS) during compilation. For instance, `O_LARGEFILE` +// is defined as 0x8000 (00100000) in some C headers but as 0x0 in Go's unix package. +// To avoid discrepancies, always verify the Linux kernel headers for the correct values. var ( // from linux/sched.h @@ -151,21 +152,22 @@ func ParseCloneFlags(flags uint64) (string, error) { var ( // from asm-generic/fcntl.h - O_ACCMODE = SystemFunctionArgument{rawValue: 00000003, stringValue: "O_ACCMODE"} - O_RDONLY = SystemFunctionArgument{rawValue: 00000000, stringValue: "O_RDONLY"} - O_WRONLY = SystemFunctionArgument{rawValue: 00000001, stringValue: "O_WRONLY"} - O_RDWR = SystemFunctionArgument{rawValue: 00000002, stringValue: "O_RDWR"} - O_CREAT = SystemFunctionArgument{rawValue: 00000100, stringValue: "O_CREAT"} - O_EXCL = SystemFunctionArgument{rawValue: 00000200, stringValue: "O_EXCL"} - O_NOCTTY = SystemFunctionArgument{rawValue: 00000400, stringValue: "O_NOCTTY"} - O_TRUNC = SystemFunctionArgument{rawValue: 00001000, stringValue: "O_TRUNC"} - O_APPEND = SystemFunctionArgument{rawValue: 00002000, stringValue: "O_APPEND"} - O_NONBLOCK = SystemFunctionArgument{rawValue: 00004000, stringValue: "O_NONBLOCK"} - O_DSYNC = SystemFunctionArgument{rawValue: 00010000, stringValue: "O_DSYNC"} - O_SYNC = SystemFunctionArgument{rawValue: 04010000, stringValue: "O_SYNC"} - FASYNC = SystemFunctionArgument{rawValue: 00020000, stringValue: "FASYNC"} - O_DIRECT = SystemFunctionArgument{rawValue: 00040000, stringValue: "O_DIRECT"} - O_LARGEFILE = SystemFunctionArgument{rawValue: 00100000, stringValue: "O_LARGEFILE"} + // NOT sequential values + O_ACCMODE = SystemFunctionArgument{rawValue: 00000003, stringValue: "O_ACCMODE"} + O_RDONLY = SystemFunctionArgument{rawValue: 00000000, stringValue: "O_RDONLY"} + O_WRONLY = SystemFunctionArgument{rawValue: 00000001, stringValue: "O_WRONLY"} + O_RDWR = SystemFunctionArgument{rawValue: 00000002, stringValue: "O_RDWR"} + O_CREAT = SystemFunctionArgument{rawValue: 00000100, stringValue: "O_CREAT"} + O_EXCL = SystemFunctionArgument{rawValue: 00000200, stringValue: "O_EXCL"} + O_NOCTTY = SystemFunctionArgument{rawValue: 00000400, stringValue: "O_NOCTTY"} + O_TRUNC = SystemFunctionArgument{rawValue: 00001000, stringValue: "O_TRUNC"} + O_APPEND = SystemFunctionArgument{rawValue: 00002000, stringValue: "O_APPEND"} + O_NONBLOCK = SystemFunctionArgument{rawValue: 00004000, stringValue: "O_NONBLOCK"} + O_DSYNC = SystemFunctionArgument{rawValue: 00010000, stringValue: "O_DSYNC"} + O_SYNC = SystemFunctionArgument{rawValue: 04010000, stringValue: "O_SYNC"} + FASYNC = SystemFunctionArgument{rawValue: 00020000, stringValue: "FASYNC"} + O_DIRECT = SystemFunctionArgument{rawValue: 00040000, stringValue: "O_DIRECT"} + // gap O_DIRECTORY = SystemFunctionArgument{rawValue: 00200000, stringValue: "O_DIRECTORY"} O_NOFOLLOW = SystemFunctionArgument{rawValue: 00400000, stringValue: "O_NOFOLLOW"} O_NOATIME = SystemFunctionArgument{rawValue: 01000000, stringValue: "O_NOATIME"} @@ -174,32 +176,6 @@ var ( O_TMPFILE = SystemFunctionArgument{rawValue: 020000000, stringValue: "O_TMPFILE"} ) -var openFlagsValues = []SystemFunctionArgument{ - // O_ACCMODE, // macro for access mode, so not included - - // special cases checked before the loop in ParseOpenFlagArgument - // O_RDONLY, - // O_WRONLY, - // O_RDWR, - O_CREAT, - O_EXCL, - O_NOCTTY, - O_TRUNC, - O_APPEND, - O_NONBLOCK, - O_DSYNC, - O_SYNC, - FASYNC, - O_DIRECT, - O_LARGEFILE, - O_DIRECTORY, - O_NOFOLLOW, - O_NOATIME, - O_CLOEXEC, - O_PATH, - O_TMPFILE, -} - // ParseOpenFlagArgument parses the `flags` bitmask argument of the `open` syscall. // http://man7.org/linux/man-pages/man2/open.2.html // https://elixir.bootlin.com/linux/v5.5.3/source/include/uapi/asm-generic/fcntl.h diff --git a/pkg/events/parsers/data_parsers_amd64.go b/pkg/events/parsers/data_parsers_amd64.go index 89658fe5e0cd..6a5fb1f7ef45 100644 --- a/pkg/events/parsers/data_parsers_amd64.go +++ b/pkg/events/parsers/data_parsers_amd64.go @@ -7,6 +7,39 @@ import ( "golang.org/x/sys/unix" ) +var ( + // from asm-generic/fcntl.h + // NOT sequential values + // gap + O_LARGEFILE = SystemFunctionArgument{rawValue: 00100000, stringValue: "O_LARGEFILE"} +) + +var openFlagsValues = []SystemFunctionArgument{ + // O_ACCMODE, // macro for access mode, so not included + + // special cases checked before the loop in ParseOpenFlagArgument + // O_RDONLY, + // O_WRONLY, + // O_RDWR, + O_CREAT, + O_EXCL, + O_NOCTTY, + O_TRUNC, + O_APPEND, + O_NONBLOCK, + O_DSYNC, + O_SYNC, + FASYNC, + O_DIRECT, + O_LARGEFILE, + O_DIRECTORY, + O_NOFOLLOW, + O_NOATIME, + O_CLOEXEC, + O_PATH, + O_TMPFILE, +} + var ( // from linux/ptrace.h and sys/ptrace.h // NOT sequential values diff --git a/pkg/events/parsers/data_parsers_arm64.go b/pkg/events/parsers/data_parsers_arm64.go index 9f73a80538fc..8d9d8c17a7ba 100644 --- a/pkg/events/parsers/data_parsers_arm64.go +++ b/pkg/events/parsers/data_parsers_arm64.go @@ -3,6 +3,39 @@ package parsers +var ( + // from asm/fcntl.h + // NOT sequential values + // gap + O_LARGEFILE = SystemFunctionArgument{rawValue: 0400000, stringValue: "O_LARGEFILE"} +) + +var openFlagsValues = []SystemFunctionArgument{ + // O_ACCMODE, // macro for access mode, so not included + + // special cases checked before the loop in ParseOpenFlagArgument + // O_RDONLY, + // O_WRONLY, + // O_RDWR, + O_CREAT, + O_EXCL, + O_NOCTTY, + O_TRUNC, + O_APPEND, + O_NONBLOCK, + O_DSYNC, + O_SYNC, + FASYNC, + O_DIRECT, + O_LARGEFILE, + O_DIRECTORY, + O_NOFOLLOW, + O_NOATIME, + O_CLOEXEC, + O_PATH, + O_TMPFILE, +} + var ( // from linux/ptrace.h and sys/ptrace.h // NOT sequential values