Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ROX-21022 Bumps falco and module version for RHEL 9.3 fix #1442

Merged
merged 9 commits into from
Dec 5, 2023
Merged

ROX-21022 Bumps falco and module version for RHEL 9.3 fix #1442

merged 9 commits into from
Dec 5, 2023

Conversation

Stringy
Copy link
Collaborator

@Stringy Stringy commented Nov 21, 2023

Description

On newer RHEL 9.3 kernels, lazy preemption has been added, which changes the sys_enter_args fields (see below.) This PR bumps the falco commit to include extra padding to cover these fields.

OLD format:

format:
        field:unsigned short common_type;       offset:0;       size:2; signed:0;
        field:unsigned char common_flags;       offset:2;       size:1; signed:0;
        field:unsigned char common_preempt_count;       offset:3;       size:1; signed:0;
        field:int common_pid;   offset:4;       size:4; signed:1;

        field:int __syscall_nr; offset:8;       size:4; signed:1;
        field:int fd;   offset:16;      size:8; signed:0;
        field:struct sockaddr * uservaddr;      offset:24;      size:8; signed:0;
        field:int addrlen;      offset:32;      size:8; signed:0;

NEW format:

format:
        field:unsigned short common_type;       offset:0;       size:2; signed:0;
        field:unsigned char common_flags;       offset:2;       size:1; signed:0;
        field:unsigned char common_preempt_count;       offset:3;       size:1; signed:0;
        field:int common_pid;   offset:4;       size:4; signed:1;
        field:unsigned char common_preempt_lazy_count;  offset:8;       size:1; signed:0;

        field:int __syscall_nr; offset:12;      size:4; signed:1;
        field:int fd;   offset:16;      size:8; signed:0;
        field:struct sockaddr * uservaddr;      offset:24;      size:8; signed:0;
        field:int addrlen;      offset:32;      size:8; signed:0;

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

Tested on RHEL 9.3 VM.

@Stringy Stringy requested a review from a team as a code owner November 21, 2023 10:43
@Stringy Stringy force-pushed the giles/fix-rhel-9.3-syscall-padding branch from 9b3f92e to 6959211 Compare November 21, 2023 10:45
@Stringy Stringy mentioned this pull request Nov 21, 2023
Merged
ovalenti
ovalenti approved these changes Dec 1, 2023
View reviewed changes
Copy link
Contributor

@ovalenti ovalenti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding of the fix is rather limited, but I don't see any problem here.

Thanks for finding that out 👊

@Stringy Stringy merged commit 2c5b9cf into master Dec 5, 2023
155 of 158 checks passed
@Stringy Stringy deleted the giles/fix-rhel-9.3-syscall-padding branch December 5, 2023 14:27
@robbycochran robbycochran changed the title Bumps falco and module version for RHEL 9.3 fix ROX-21022 Bumps falco and module version for RHEL 9.3 fix Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ovalenti ovalenti ovalenti approved these changes

Assignees
No one assigned
Labels
all-integration-tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Stringy @ovalenti