From 5d811ce5826de0f998ce9f0d7841d6dcf7512d33 Mon Sep 17 00:00:00 2001
From: RohithRaju <rohithraju488@gmail.com>
Date: Tue, 23 Jan 2024 08:53:07 +0000
Subject: [PATCH] "Revert: made changes as per review request"

This reverts commit 41208ceaeea0fe5c17944c78a27a0c6b6a67ee1f.

Signed-off-by: RohithRaju <rohithraju488@gmail.com>
---
 driver/bpf/fillers.h                                 |  4 ++--
 .../events/syscall_dispatched_events/bpf.bpf.c       |  6 +++---
 driver/ppm_fillers.c                                 |  8 ++++----
 driver/ppm_flag_helpers.h                            | 12 ++++++++++++
 .../drivers/test_suites/syscall_exit_suite/bpf_x.cpp |  2 +-
 5 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
index fd0f4e6728..c7d0ec1406 100644
--- a/driver/bpf/fillers.h
+++ b/driver/bpf/fillers.h
@@ -5802,8 +5802,8 @@ FILLER(sys_bpf_x, true)
 	bpf_push_s64_to_ring(data, fd);
 
 	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
-	int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0);
-	return bpf_push_u32_to_ring(data, (uint32_t)cmd);
+	unsigned long cmd = bpf_syscall_get_argument(data, 0);
+	return bpf_push_s32_to_ring(data, (int32_t)bpf_cmd_to_scap(cmd));
 }
 
 FILLER(sys_unlinkat_x, true)
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
index 89026e8ba6..5e0c75cb0e 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
@@ -58,9 +58,9 @@ int BPF_PROG(bpf_x,
 	/* Parameter 1: fd (type: PT_FD) */
 	ringbuf__store_s64(&ringbuf, ret);
 
-	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
-	int32_t cmd = (int32_t)extract__syscall_argument(regs, 0);
-	ringbuf__store_u32(&ringbuf, (uint32_t)cmd);
+	/* Parameter 2: cmd (type: PT_INT32) */
+	unsigned long cmd = extract__syscall_argument(regs, 0);
+	ringbuf__store_s32(&ringbuf,(int32_t)bpf_cmd_to_scap(cmd));
 
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 161de73d8e..f50e2cfd7b 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -6733,7 +6733,7 @@ int f_sys_bpf_e(struct event_filler_arguments *args)
 	unsigned long val = 0;
 	syscall_get_arguments_deprecated(args, 0, 1, &val);
 
-	/* Parameter 1: cmd (type: PT_INT64) */
+	/* Parameter 1: cmd (type: PT_ENUMFLAGS32) */
 	cmd = (int32_t)val;
 	res = val_to_ring(args, (int64_t)cmd, 0, false, 0);
 	CHECK_RES(res);
@@ -6752,10 +6752,10 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
 	res = val_to_ring(args, fd, 0, false, 0);
 	CHECK_RES(res);
 
-	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
+	/* Parameter 2: cmd (type: PT_INT64) */
 	syscall_get_arguments_deprecated(args, 0, 1, &val);
-	cmd = (int32_t)val;
-	res = val_to_ring(args, (uint32_t)cmd, 0, false, 0);
+	cmd = (int32_t)bpf_cmd_to_scap(val);
+	res = val_to_ring(args, cmd, 0, false, 0);
 	CHECK_RES(res);
 	return add_sentinel(args);
 }
diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h
index a353e1b13f..f0cac04de8 100644
--- a/driver/ppm_flag_helpers.h
+++ b/driver/ppm_flag_helpers.h
@@ -2221,4 +2221,16 @@ static __always_inline uint32_t mknod_mode_to_scap(uint32_t modes)
 
 	return res;
 }
+
+static __always_inline uint32_t bpf_cmd_to_scap (unsigned long cmd){
+	/*
+	 * bpf opcodes are defined via enum in uapi/linux/bpf.h.
+	 * It is userspace API (thus stable) and arch-independent.
+	 * Therefore we map them 1:1; if any unmapped flag arrives,
+	 * we will just print its value to userspace without mapping it to a string flag.
+	 * We then need to append new flags to both flags_table and ppm_events_public PPM_ flags.
+	 */
+
+	return cmd;
+}
 #endif /* PPM_FLAG_HELPERS_H_ */
\ No newline at end of file
diff --git a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
index 17e74cf554..a69f49466f 100644
--- a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
+++ b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
@@ -147,7 +147,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
 
 	/* Parameter 1: fd (type: PT_FD) */
 	evt_test->assert_numeric_param(1, errno_value);
-	/* Parameter 2: cmd (type: PT_INT32)*/
+	/* Parameter 2: cmd (type: PT_ENUMFLAGS32)*/
 	evt_test->assert_numeric_param(2, PPM_BPF_MAP_CREATE);
 
 	/*=============================== ASSERT PARAMETERS  ===========================*/