Use the proper struct for syscall tracepoint probes (#209)

Use the proper struct for tracepoint probes
elastic · Oct 23, 2024 · cd3d8ea · cd3d8ea
1 parent 99cc9df
commit cd3d8ea
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/GPL/Events/Process/Probe.bpf.c b/GPL/Events/Process/Probe.bpf.c
@@ -240,7 +240,7 @@ int BPF_KPROBE(kprobe__taskstats_exit, const struct task_struct *task, int group
 // tracepoint/syscalls/sys_[enter/exit]_[name] tracepoints are not available
 // with BTF type information, so we must use a non-BTF tracepoint
 SEC("tracepoint/syscalls/sys_exit_setsid")
-int tracepoint_syscalls_sys_exit_setsid(struct trace_event_raw_sys_exit *args)
+int tracepoint_syscalls_sys_exit_setsid(struct syscall_trace_exit *args)
 {
     const struct task_struct *task = (struct task_struct *)bpf_get_current_task();
 
@@ -365,7 +365,7 @@ int BPF_KPROBE(kprobe__ptrace_attach,
 }
 
 SEC("tracepoint/syscalls/sys_enter_shmget")
-int tracepoint_syscalls_sys_enter_shmget(struct trace_event_raw_sys_enter *ctx)
+int tracepoint_syscalls_sys_enter_shmget(struct syscall_trace_enter *ctx)
 {
     if (ebpf_events_is_trusted_pid())
         goto out;
@@ -404,7 +404,7 @@ int tracepoint_syscalls_sys_enter_shmget(struct trace_event_raw_sys_enter *ctx)
 }
 
 SEC("tracepoint/syscalls/sys_enter_memfd_create")
-int tracepoint_syscalls_sys_enter_memfd_create(struct trace_event_raw_sys_enter *ctx)
+int tracepoint_syscalls_sys_enter_memfd_create(struct syscall_trace_enter *ctx)
 {
     if (ebpf_events_is_trusted_pid())
         goto out;