fixup! Logs cleanup

coder · Apr 16, 2024 · 6fe6c3e · 6fe6c3e
1 parent aaaf4b9
commit 6fe6c3e
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/bpf/handler-bpfeb.o b/bpf/handler-bpfeb.o
diff --git a/bpf/handler-bpfel.o b/bpf/handler-bpfel.o
diff --git a/bpf/handler.c b/bpf/handler.c
@@ -134,6 +134,8 @@ static void log(const char *fmt, u32 fmt_size, u32 arg0, u32 arg1, u32 arg2) {
 	}
 
 	// Copy the fmt string into the log entry.
+	// NOTE: bpf_snprintf is not supported in some of the lower kernel versions
+	// we claim to support, so we have to do it this way.
 	ret = bpf_probe_read_kernel_str(&entry->fmt, sizeof(entry->fmt), fmt);
 	if (ret < 0) {
 		bpf_printk("could not read fmt into log struct: %d", ret);
@@ -245,7 +247,7 @@ s32 enter_execve(struct exec_info *ctx) {
 
 	// Write the filename in addition to argv[0] because the filename contains
 	// the full path to the file which could be more useful in some situations.
-	ret = bpf_probe_read_user_str(event->filename, sizeof(event->filename), ctx->filename);
+	ret = bpf_probe_read_user_str(&event->filename, sizeof(event->filename), ctx->filename);
 	if (ret < 0) {
 		LOG1("could not read filename into event struct: %d", ret);
 		bpf_ringbuf_discard(event, 0);