elastic
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎GPL/Events/Process/Probe.bpf.c‎
Lines changed: 52 additions & 31 deletions b/‎GPL/Events/Process/Probe.bpf.c‎
Lines changed: 52 additions & 31 deletions
diff --git a/‎GPL/HostIsolation/TcFilter/BPFTcFilterTests.cpp‎
Lines changed: 6 additions & 8 deletions b/‎GPL/HostIsolation/TcFilter/BPFTcFilterTests.cpp‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎Makefile‎
Lines changed: 1 addition & 1 deletion b/‎Makefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎contrib/libbpf/.github/actions/build-selftests/action.yml‎
Lines changed: 3 additions & 2 deletions b/‎contrib/libbpf/.github/actions/build-selftests/action.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎contrib/libbpf/.github/actions/build-selftests/build_selftests.sh‎
Lines changed: 3 additions & 3 deletions b/‎contrib/libbpf/.github/actions/build-selftests/build_selftests.sh‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎contrib/libbpf/.github/actions/build-selftests/helpers.sh‎
Lines changed: 8 additions & 14 deletions b/‎contrib/libbpf/.github/actions/build-selftests/helpers.sh‎
Lines changed: 8 additions & 14 deletions
@@ -37,7 +37,7 @@ jobs:
     with:
       architecture: x86_64
       runner: ubuntu-latest
-      kernels: '[ "amazonlinux2", "debian", "fedora", "kali1", "kali3", "kali4", "kali5-7", "kali8-9", "mainline", "rocky", "ubuntu-aws", "ubuntu-azure", "ubuntu-gcp", "ubuntu-gke", "ubuntu-oem", "ubuntu-oracle" ]'
+      kernels: '[ "amazonlinux2", "centos", "debian", "fedora", "kali1", "kali3", "kali4", "kali5-7", "kali8-9", "mainline", "rocky", "ubuntu-aws", "ubuntu-azure", "ubuntu-gcp", "ubuntu-gke", "ubuntu-oem", "ubuntu-oracle" ]'
     secrets: inherit
   multikernel-tester-aarch64:
     name: Test (aarch64)
 
@@ -292,10 +292,51 @@ int BPF_KPROBE(kprobe__commit_creds, struct cred *new)
 
 #define MAX_NR_SEGS 8
 
+static int output_tty_event(struct ebpf_tty_dev *slave, const void *base, size_t base_len)
+{
+    struct ebpf_process_tty_write_event *event;
+    struct ebpf_varlen_field *field;
+    const struct task_struct *task;
+    int ret = 0;
+
+    event = get_event_buffer();
+    if (!event) {
+        ret = 1;
+        goto out;
+    }
+
+    task                     = (struct task_struct *)bpf_get_current_task();
+    event->hdr.type          = EBPF_EVENT_PROCESS_TTY_WRITE;
+    event->hdr.ts            = bpf_ktime_get_ns();
+    u64 len_cap              = base_len > TTY_OUT_MAX ? TTY_OUT_MAX : base_len;
+    event->tty_out_truncated = base_len > TTY_OUT_MAX ? base_len - TTY_OUT_MAX : 0;
+    event->tty               = *slave;
+    ebpf_pid_info__fill(&event->pids, task);
+    ebpf_ctty__fill(&event->ctty, task);
+    bpf_get_current_comm(event->comm, TASK_COMM_LEN);
+
+    // Variable length fields
+    ebpf_vl_fields__init(&event->vl_fields);
+
+    // tty_out
+    field = ebpf_vl_field__add(&event->vl_fields, EBPF_VL_FIELD_TTY_OUT);
+    if (bpf_probe_read_user(field->data, len_cap, base)) {
+        ret = 1;
+        goto out;
+    }
+
+    ebpf_vl_field__set_size(&event->vl_fields, field, len_cap);
+    bpf_ringbuf_output(&ringbuf, event, EVENT_SIZE(event), 0);
+out:
+    return ret;
+}
+
 static int tty_write__enter(struct kiocb *iocb, struct iov_iter *from)
 {
-    if (is_consumer())
+
+    if (is_consumer()) {
         goto out;
+    }
 
     struct file *f               = BPF_CORE_READ(iocb, ki_filp);
     struct tty_file_private *tfp = (struct tty_file_private *)BPF_CORE_READ(f, private_data);
@@ -327,44 +368,24 @@ static int tty_write__enter(struct kiocb *iocb, struct iov_iter *from)
         goto out;
     }
 
-    const struct task_struct *task = (struct task_struct *)bpf_get_current_task();
-    u64 nr_segs                    = BPF_CORE_READ(from, nr_segs);
-    nr_segs                        = nr_segs > MAX_NR_SEGS ? MAX_NR_SEGS : nr_segs;
-    const struct iovec *iov        = BPF_CORE_READ(from, iov);
+    u64 nr_segs             = BPF_CORE_READ(from, nr_segs);
+    nr_segs                 = nr_segs > MAX_NR_SEGS ? MAX_NR_SEGS : nr_segs;
+    const struct iovec *iov = BPF_CORE_READ(from, iov);
 
-    for (u8 seg = 0; seg < nr_segs; seg++) {
-        struct ebpf_process_tty_write_event *event = get_event_buffer();
-        if (!event)
-            goto out;
+    if (nr_segs == 0) {
+        u64 count = BPF_CORE_READ(from, count);
+        (void)output_tty_event(&slave, (void *)iov, count);
+        goto out;
+    }
 
+    for (u8 seg = 0; seg < nr_segs; seg++) {
         struct iovec *cur_iov = (struct iovec *)&iov[seg];
         const char *base      = BPF_CORE_READ(cur_iov, iov_base);
         size_t len            = BPF_CORE_READ(cur_iov, iov_len);
-        if (len <= 0)
-            continue;
-
-        event->hdr.type          = EBPF_EVENT_PROCESS_TTY_WRITE;
-        event->hdr.ts            = bpf_ktime_get_ns();
-        u64 len_cap              = len > TTY_OUT_MAX ? TTY_OUT_MAX : len;
-        event->tty_out_truncated = len > TTY_OUT_MAX ? len - TTY_OUT_MAX : 0;
-        event->tty               = slave;
-        ebpf_pid_info__fill(&event->pids, task);
-        ebpf_ctty__fill(&event->ctty, task);
-        bpf_get_current_comm(event->comm, TASK_COMM_LEN);
-
-        // Variable length fields
-        ebpf_vl_fields__init(&event->vl_fields);
-        struct ebpf_varlen_field *field;
 
-        // tty_out
-        field = ebpf_vl_field__add(&event->vl_fields, EBPF_VL_FIELD_TTY_OUT);
-        if (bpf_probe_read_user(field->data, len_cap, (void *)base)) {
-            bpf_printk("tty_write__enter: error reading base\n");
+        if (output_tty_event(&slave, base, len)) {
             goto out;
         }
-        ebpf_vl_field__set_size(&event->vl_fields, field, len_cap);
-
-        bpf_ringbuf_output(&ringbuf, event, EVENT_SIZE(event), 0);
     }
 
 out:
 
@@ -52,25 +52,23 @@ class BPFTcFilterTests : public ::testing::Test
 
     virtual void SetUp() override
     {
-        struct bpf_object_load_attr load_attr = {};
-        struct bpf_program *prog              = nullptr;
-        char *object_path_env                 = getenv(OBJECT_PATH_ENV_VAR);
-        int err                               = 0;
-        m_obj = object_path_env == NULL ? bpf_object__open(DEFAULT_OBJECT_PATH)
-                                        : bpf_object__open(object_path_env);
+        struct bpf_program *prog = nullptr;
+        char *object_path_env    = getenv(OBJECT_PATH_ENV_VAR);
+        int err                  = 0;
+        m_obj                    = object_path_env == NULL ? bpf_object__open(DEFAULT_OBJECT_PATH)
+                                                           : bpf_object__open(object_path_env);
 
         if (libbpf_get_error(m_obj)) {
             FAIL() << "Cannot open ELF object to test, you can pass a custom one with the "
                    << OBJECT_PATH_ENV_VAR << " environment variable";
         }
-        load_attr.obj = m_obj;
 
         prog = bpf_object__find_program_by_name(m_obj, CLASSIFIER_SECTION_NAME);
         ASSERT_FALSE(prog == NULL);
 
         bpf_program__set_type(prog, BPF_PROG_TYPE_SCHED_CLS);
 
-        err = bpf_object__load_xattr(&load_attr);
+        err = bpf_object__load(m_obj);
         if (err) {
             FAIL() << "Could not load the bpf program, please check your permissions";
             return;
 
@@ -19,7 +19,7 @@ CONTAINER_PULL_TAG ?= 20221121-1315
 CONTAINER_LOCAL_TAG ?= ebpf-builder:${USER}-latest
 
 IMAGEPACK_REPOSITORY ?= ghcr.io/elastic/ebpf-imagepack
-IMAGEPACK_PULL_TAG ?= 20220829-2307
+IMAGEPACK_PULL_TAG ?= 20230310-1158
 
 ifdef BUILD_CONTAINER_IMAGE
 	CONTAINER_IMAGE = ${CONTAINER_LOCAL_TAG}
 
@@ -18,9 +18,10 @@ runs:
   steps:
     - shell: bash
       run: |
-        echo "::group::Setup Env"
+        source $GITHUB_ACTION_PATH/../../../ci/vmtest/helpers.sh
+        foldable start "Setup Env"
         sudo apt-get install -y qemu-kvm zstd binutils-dev elfutils libcap-dev libelf-dev libdw-dev python3-docutils
-        echo "::endgroup::"
+        foldable end
     - shell: bash
       run: |
         export KERNEL=${{ inputs.kernel }}
 
@@ -6,9 +6,9 @@ THISDIR="$(cd $(dirname $0) && pwd)"
 
 source ${THISDIR}/helpers.sh
 
-travis_fold start prepare_selftests "Building selftests"
+foldable start prepare_selftests "Building selftests"
 
-LLVM_VER=15
+LLVM_VER=16
 LIBBPF_PATH="${REPO_ROOT}"
 
 PREPARE_SELFTESTS_SCRIPT=${THISDIR}/prepare_selftests-${KERNEL}.sh
@@ -39,4 +39,4 @@ cd ${LIBBPF_PATH}
 rm selftests/bpf/.gitignore
 git add selftests
 
-travis_fold end prepare_selftests
+foldable end prepare_selftests
@@ -1,26 +1,20 @@
+# shellcheck shell=bash
+
 # $1 - start or end
 # $2 - fold identifier, no spaces
 # $3 - fold section description
-travis_fold() {
+foldable() {
   local YELLOW='\033[1;33m'
   local NOCOLOR='\033[0m'
-  if [ -z ${GITHUB_WORKFLOW+x} ]; then
-    echo travis_fold:$1:$2
+  if [ $1 = "start" ]; then
+    line="::group::$2"
     if [ ! -z "${3:-}" ]; then
-      echo -e "${YELLOW}$3${NOCOLOR}"
+      line="$line - ${YELLOW}$3${NOCOLOR}"
     fi
-    echo
   else
-    if [ $1 = "start" ]; then
-      line="::group::$2"
-      if [ ! -z "${3:-}" ]; then
-        line="$line - ${YELLOW}$3${NOCOLOR}"
-      fi
-    else
-      line="::endgroup::"
-    fi
-    echo -e "$line"
+    line="::endgroup::"
   fi
+  echo -e "$line"
 }
 
 __print() {