feat!: drop setre{uid,gid} enter evts gen, testing and parsing code

As the `setre{uid,gid}` exit events contain all the information
needed, drop `setre{uid,gid}` enter events generation from all
drivers, and all related testing and parsing code.

BREAKING CHANGE: drop `setre{uid,gid}` enter evts gen and parsing

Signed-off-by: Leonardo Di Giovanna <[email protected]>

Author: ekoops

driver/fillers_table.c

@@ -379,12 +379,12 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = {
         [PPME_SYSCALL_PROCESS_VM_WRITEV_X] = {FILLER_REF(sys_process_vm_writev_x)},
         [PPME_SYSCALL_DELETE_MODULE_E] = {FILLER_REF(sys_empty)},
         [PPME_SYSCALL_DELETE_MODULE_X] = {FILLER_REF(sys_delete_module_x)},
-        [PPME_SYSCALL_SETREUID_E] = {FILLER_REF(sys_empty)},
+        [PPME_SYSCALL_SETREUID_E] = {FILLER_DISABLED},
         [PPME_SYSCALL_SETREUID_X] = {FILLER_REF(sys_autofill),
                                      3,
                                      APT_REG,
                                      {{AF_ID_RETVAL}, {0}, {1}}},
-        [PPME_SYSCALL_SETREGID_E] = {FILLER_REF(sys_empty)},
+        [PPME_SYSCALL_SETREGID_E] = {FILLER_DISABLED},
         [PPME_SYSCALL_SETREGID_X] = {FILLER_REF(sys_autofill),
                                      3,
                                      APT_REG,

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setregid.bpf.c

@@ -8,28 +8,6 @@
 
 #include <helpers/interfaces/fixed_size_event.h>
 
-/*=============================== ENTER EVENT ===========================*/
-
-SEC("tp_btf/sys_enter")
-int BPF_PROG(setregid_e, struct pt_regs *regs, long id) {
-	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, SETREGID_E_SIZE, PPME_SYSCALL_SETREGID_E)) {
-		return 0;
-	}
-
-	ringbuf__store_event_header(&ringbuf);
-
-	/*=============================== COLLECT PARAMETERS  ===========================*/
-
-	/*=============================== COLLECT PARAMETERS  ===========================*/
-
-	ringbuf__submit_event(&ringbuf);
-
-	return 0;
-}
-
-/*=============================== ENTER EVENT ===========================*/
-
 /*=============================== EXIT EVENT ===========================*/
 
 SEC("tp_btf/sys_exit")

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setreuid.bpf.c

@@ -8,28 +8,6 @@
 
 #include <helpers/interfaces/fixed_size_event.h>
 
-/*=============================== ENTER EVENT ===========================*/
-
-SEC("tp_btf/sys_enter")
-int BPF_PROG(setreuid_e, struct pt_regs *regs, long id) {
-	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, SETREUID_E_SIZE, PPME_SYSCALL_SETREUID_E)) {
-		return 0;
-	}
-
-	ringbuf__store_event_header(&ringbuf);
-
-	/*=============================== COLLECT PARAMETERS  ===========================*/
-
-	/*=============================== COLLECT PARAMETERS  ===========================*/
-
-	ringbuf__submit_event(&ringbuf);
-
-	return 0;
-}
-
-/*=============================== ENTER EVENT ===========================*/
-
 /*=============================== EXIT EVENT ===========================*/
 
 SEC("tp_btf/sys_exit")

test/drivers/test_suites/syscall_enter_suite/setregid_e.cpp

@@ -337,9 +337,9 @@ event_prog_t event_prog_table[PPM_EVENT_MAX][MAX_FEATURE_CHECKS] = {
         [PPME_SYSCALL_PROCESS_VM_WRITEV_X] = {{false, "process_vm_writev_x", 0}},
         [PPME_SYSCALL_DELETE_MODULE_E] = {{false, "delete_module_e", 0}},
         [PPME_SYSCALL_DELETE_MODULE_X] = {{false, "delete_module_x", 0}},
-        [PPME_SYSCALL_SETREUID_E] = {{false, "setreuid_e", 0}},
+        [PPME_SYSCALL_SETREUID_E] = {{true, NULL}},
         [PPME_SYSCALL_SETREUID_X] = {{false, "setreuid_x", 0}},
-        [PPME_SYSCALL_SETREGID_E] = {{false, "setregid_e", 0}},
+        [PPME_SYSCALL_SETREGID_E] = {{true, NULL}},
         [PPME_SYSCALL_SETREGID_X] = {{false, "setregid_x", 0}},
         // TODO(ekoops): remove the following entries once the sys_enter dispatcher is dropped.
         // The following entries are added in order to avoid the common generic_e enter event