From 579151452c48e69b5d111128f199170aa7d7c422 Mon Sep 17 00:00:00 2001
From: Ori Glassman <ori.glassman1@gmail.com>
Date: Tue, 8 Oct 2024 15:10:40 +0300
Subject: [PATCH] fix(events): use umode_t instead of mode_t

events like chmod and mknod used mode_t type which is 32 bit, but should
use umode_t (note the 'u'), which is 16 bit.
---
 pkg/ebpf/c/tracee.bpf.c                 |  4 ++--
 pkg/events/core.go                      | 26 ++++++++++++-------------
 pkg/events/parse_args.go                |  8 +-------
 tests/integration/event_filters_test.go |  6 +++---
 4 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/pkg/ebpf/c/tracee.bpf.c b/pkg/ebpf/c/tracee.bpf.c
index db42ecb4ce7b..36c88fad8021 100644
--- a/pkg/ebpf/c/tracee.bpf.c
+++ b/pkg/ebpf/c/tracee.bpf.c
@@ -2500,14 +2500,14 @@ int BPF_KPROBE(trace_debugfs_create_file)
         return 0;
 
     char *name = (char *) PT_REGS_PARM1(ctx);
-    mode_t mode = (unsigned short) PT_REGS_PARM2(ctx);
+    umode_t mode = (unsigned short) PT_REGS_PARM2(ctx);
     struct dentry *dentry = (struct dentry *) PT_REGS_PARM3(ctx);
     void *dentry_path = get_dentry_path_str(dentry);
     unsigned long proc_ops_addr = (unsigned long) PT_REGS_PARM5(ctx);
 
     save_str_to_buf(&p.event->args_buf, name, 0);
     save_str_to_buf(&p.event->args_buf, dentry_path, 1);
-    save_to_submit_buf(&p.event->args_buf, &mode, sizeof(mode_t), 2);
+    save_to_submit_buf(&p.event->args_buf, &mode, sizeof(umode_t), 2);
     save_to_submit_buf(&p.event->args_buf, (void *) &proc_ops_addr, sizeof(u64), 3);
 
     return events_perf_submit(&p, 0);
diff --git a/pkg/events/core.go b/pkg/events/core.go
index d7a39a7bc603..8e8c59ad8509 100644
--- a/pkg/events/core.go
+++ b/pkg/events/core.go
@@ -263,7 +263,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
 			{Type: "int", Name: "flags"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -2242,7 +2242,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{"syscalls", "fs", "fs_dir_ops"},
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -2289,7 +2289,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{"default", "syscalls", "fs", "fs_file_ops"},
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -2409,7 +2409,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{"default", "syscalls", "fs", "fs_file_attr"},
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -2433,7 +2433,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{"default", "syscalls", "fs", "fs_file_attr"},
 		params: []trace.ArgMeta{
 			{Type: "int", Name: "fd"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -3418,7 +3418,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{"syscalls", "fs", "fs_file_ops"},
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 			{Type: "dev_t", Name: "dev"},
 		},
 		dependencies: Dependencies{
@@ -5981,7 +5981,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "name"},
 			{Type: "int", Name: "oflag"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 			{Type: "struct mq_attr*", Name: "attr"},
 		},
 		dependencies: Dependencies{
@@ -6412,7 +6412,7 @@ var CoreEvents = map[ID]Definition{
 			{Type: "int", Name: "dirfd"},
 			{Type: "const char*", Name: "pathname"},
 			{Type: "int", Name: "flags"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -6437,7 +6437,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "int", Name: "dirfd"},
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
@@ -6462,7 +6462,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "int", Name: "dirfd"},
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 			{Type: "dev_t", Name: "dev"},
 		},
 		dependencies: Dependencies{
@@ -6695,7 +6695,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "int", Name: "dirfd"},
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 			{Type: "int", Name: "flags"},
 		},
 		dependencies: Dependencies{
@@ -12066,7 +12066,7 @@ var CoreEvents = map[ID]Definition{
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "file_name"},
 			{Type: "const char*", Name: "path"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 			{Type: "void*", Name: "proc_ops_addr"},
 		},
 	},
@@ -13052,7 +13052,7 @@ var CoreEvents = map[ID]Definition{
 		sets:    []string{},
 		params: []trace.ArgMeta{
 			{Type: "const char*", Name: "pathname"},
-			{Type: "mode_t", Name: "mode"},
+			{Type: "umode_t", Name: "mode"},
 		},
 		dependencies: Dependencies{
 			probes: []Probe{
diff --git a/pkg/events/parse_args.go b/pkg/events/parse_args.go
index 222ad574fb21..61b803c0dc0c 100644
--- a/pkg/events/parse_args.go
+++ b/pkg/events/parse_args.go
@@ -133,13 +133,7 @@ func ParseArgs(event *trace.Event) error {
 				parseOpenFlagArgument(flagsArg, uint64(flags))
 			}
 		}
-	case Mknod, Mknodat, Chmod, Fchmod, Fchmodat, ChmodCommon:
-		if modeArg := GetArg(event, "mode"); modeArg != nil {
-			if mode, isUint32 := modeArg.Value.(uint32); isUint32 {
-				parseInodeMode(modeArg, uint64(mode))
-			}
-		}
-	case SecurityInodeMknod:
+	case Mknod, Mknodat, SecurityInodeMknod, Chmod, Fchmod, Fchmodat, ChmodCommon:
 		if modeArg := GetArg(event, "mode"); modeArg != nil {
 			if mode, isUint16 := modeArg.Value.(uint16); isUint16 {
 				parseInodeMode(modeArg, uint64(mode))
diff --git a/tests/integration/event_filters_test.go b/tests/integration/event_filters_test.go
index e3e9868ea25f..ad58108213ac 100644
--- a/tests/integration/event_filters_test.go
+++ b/tests/integration/event_filters_test.go
@@ -1603,7 +1603,7 @@ func Test_EventFilters(t *testing.T) {
 						expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-data-64"), orPolIDs(64),
 							expectArg("dirfd", int32(0)),
 							expectArg("flags", int32(0)),
-							expectArg("mode", uint32(0)),
+							expectArg("mode", uint16(0)),
 						),
 					},
 					[]string{},
@@ -1615,7 +1615,7 @@ func Test_EventFilters(t *testing.T) {
 					[]trace.Event{
 						expectEvent(anyHost, "fakeprog2", testutils.CPUForTests, anyPID, 0, events.Open, orPolNames("comm-event-data-42"), orPolIDs(42),
 							expectArg("flags", int32(0)),
-							expectArg("mode", uint32(0)),
+							expectArg("mode", uint16(0)),
 						),
 					},
 					[]string{},
@@ -1683,7 +1683,7 @@ func Test_EventFilters(t *testing.T) {
 						expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-retval-64"), orPolIDs(64),
 							expectArg("dirfd", int32(0)),
 							expectArg("flags", int32(0)),
-							expectArg("mode", uint32(0)),
+							expectArg("mode", uint16(0)),
 						),
 					},
 					[]string{},