From 71c85a26efa61d8d11dda44e14389c7e9dfe44dc Mon Sep 17 00:00:00 2001
From: RohithRaju <rohithraju488@gmail.com>
Date: Wed, 10 Jan 2024 08:03:10 +0000
Subject: [PATCH] update: made changes as per review request

Signed-off-by: RohithRaju <rohithraju488@gmail.com>
---
 driver/bpf/fillers.h                                 |  6 +++---
 .../events/syscall_dispatched_events/bpf.bpf.c       |  6 +++---
 driver/ppm_fillers.c                                 |  6 +++---
 driver/ppm_flag_helpers.h                            | 12 ------------
 4 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
index e87c2c160b..fd0f4e6728 100644
--- a/driver/bpf/fillers.h
+++ b/driver/bpf/fillers.h
@@ -5801,9 +5801,9 @@ FILLER(sys_bpf_x, true)
 	long fd = bpf_syscall_get_retval(data->ctx);
 	bpf_push_s64_to_ring(data, fd);
 
-	/* Parameter 2: cmd (type: PT_INT32) */
-	unsigned long cmd = bpf_syscall_get_argument(data, 0);
-	return bpf_push_s32_to_ring(data, (int32_t)bpf_cmd_to_scap(cmd));
+	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
+	int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0);
+	return bpf_push_u32_to_ring(data, (uint32_t)cmd);
 }
 
 FILLER(sys_unlinkat_x, true)
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
index 5e0c75cb0e..89026e8ba6 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c
@@ -58,9 +58,9 @@ int BPF_PROG(bpf_x,
 	/* Parameter 1: fd (type: PT_FD) */
 	ringbuf__store_s64(&ringbuf, ret);
 
-	/* Parameter 2: cmd (type: PT_INT32) */
-	unsigned long cmd = extract__syscall_argument(regs, 0);
-	ringbuf__store_s32(&ringbuf,(int32_t)bpf_cmd_to_scap(cmd));
+	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
+	int32_t cmd = (int32_t)extract__syscall_argument(regs, 0);
+	ringbuf__store_u32(&ringbuf, (uint32_t)cmd);
 
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 6c7dd86c20..161de73d8e 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -6752,10 +6752,10 @@ int f_sys_bpf_x(struct event_filler_arguments *args)
 	res = val_to_ring(args, fd, 0, false, 0);
 	CHECK_RES(res);
 
-	/* Parameter 2: cmd (type: PT_INT64) */
+	/* Parameter 2: cmd (type: PT_ENUMFLAGS32) */
 	syscall_get_arguments_deprecated(args, 0, 1, &val);
-	cmd = (int32_t)bpf_cmd_to_scap(val);
-	res = val_to_ring(args, cmd, 0, false, 0);
+	cmd = (int32_t)val;
+	res = val_to_ring(args, (uint32_t)cmd, 0, false, 0);
 	CHECK_RES(res);
 	return add_sentinel(args);
 }
diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h
index f0cac04de8..a353e1b13f 100644
--- a/driver/ppm_flag_helpers.h
+++ b/driver/ppm_flag_helpers.h
@@ -2221,16 +2221,4 @@ static __always_inline uint32_t mknod_mode_to_scap(uint32_t modes)
 
 	return res;
 }
-
-static __always_inline uint32_t bpf_cmd_to_scap (unsigned long cmd){
-	/*
-	 * bpf opcodes are defined via enum in uapi/linux/bpf.h.
-	 * It is userspace API (thus stable) and arch-independent.
-	 * Therefore we map them 1:1; if any unmapped flag arrives,
-	 * we will just print its value to userspace without mapping it to a string flag.
-	 * We then need to append new flags to both flags_table and ppm_events_public PPM_ flags.
-	 */
-
-	return cmd;
-}
 #endif /* PPM_FLAG_HELPERS_H_ */
\ No newline at end of file