6.0.0+driver

What's Changed

• fix(modern_bpf): fix NULL dereference in signal_deliver filler by @gnosek in #1236
• update(driver): update syscalls tables and driver report. by @github-actions in #1267
• feat(driver): support for init_module, finit_module syscalls by @therealbobo in #1242
• feat(driver): support for mknod/mknodat syscall by @therealbobo in #1270
• chore(driver): realign drivers license by @Andreagit97 in #1275
• chore(kmod,bpf): resolved some type confusion issues by @therealbobo in #1250
• fix(driver): fix build on RHEL 8.9 kernels by @iurly in #1276
• fix(driver, userspace): fix loginuid, euid and tty types to uint32_t by @incertum in #1192
• fix(driver): remove an unused variable in the kmod by @Andreagit97 in #1293
• fix(driver): listen syscall backlog field size by @oheifetz in #1256
• fix(driver): umount2 syscall flags type, add conversion helper function by @oheifetz in #1255
• new(driver): add 2 new scap stats by @Andreagit97 in #1303
• update(driver): add fcntl enter arguments to exit event by @mstemm in #1304
• new(driver): add evt.is_open_create syscall event field by @mrgian in #1299
• new(driver): resolve executable path symlink by @Andreagit97 in #1300
• update(driver): update syscalls tables and driver report. by @github-actions in #1318

New Contributors

• @mprzybylski made their first contribution in #1280
• @mrgian made their first contribution in #1299

Full Changelog: 5.1.0+driver...6.0.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-4.19	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	❌	❌	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	❌	❌	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	❌	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-4.15	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

5.1.0+driver

What's Changed

• fix(driver): fixed 6.4 kernel build by @hhoffstaette in #1110
• fix(driver): correctly convert socketcall codes on 32 bits by @Andreagit97 in #1122
• fix(driver): correctly retrieve src ip+port from UDP recvmsg and recvfrom by @Andreagit97 in #1123
• fix(driver): manage syscalls only defined with socketcall by @Andreagit97 in #1128
• update(driver): update syscalls tables and driver report. by @github-actions in #1132
• new(ci): build latest mainline kernel (even RC!) in latest-kernel job. by @FedeDP in #1090
• chore(driver): avoid useless structure copy in syscall_enter/exit_probe. by @FedeDP in #1133
• cleanup(ci): improve latest-kernel workflow. by @FedeDP in #1137
• chore(driver): avoid static_assert event_table size while building kmod. by @FedeDP in #1146
• fix(driver): fixed kmod build on 6.3 kernels arm64. by @FedeDP in #1147
• fix(tests, bpf): correct build and test case failures on s390x by @hbrueckner in #1150
• fix(driver): remove useless include which causes compilation issues on Centos6 by @Andreagit97 in #1152
• new: Support for memfd_create syscall by @Rohith-Raju in #1127
• tests(driver): add some test to clone3 to check ptid and flags value by @Andreagit97 in #1056
• Feat: Support for pidfd_getfd syscall by @Rohith-Raju in #1145
• fix: introduce a COS workaround to fix regression #1157 by @Andreagit97 in #1160
• new(driver, libscap, libsinsp): Add support for detecting executions from binaries referenced by a memfd by @lrishi in #1066
• fix(driver/modern-bpf): improve CO-RE detection by @Andreagit97 in #1173
• fix(driver): fix build on RHEL 9.3 kernels by @iurly in #1174
• fix(driver): fix memfd detection in the kmod by @Andreagit97 in #1163
• new(drivers): collect reaper_pid from the kernel by @Andreagit97 in #1151
• new(proposals): driver kernel testing framework by @incertum in #1131
• new(ci:) add driverkit tests for arm64 by @FedeDP in #1185
• new(ci): dynamic badge for latest kernel workflow by @FedeDP in #1186
• new(test): add test/vm for localhost VM-based driver kernel compatibility tests by @incertum in #524
• fix(bpf): Compile eBPF probe with -Wno-unknown-attributes by @LucaGuerra in #1210
• Support pidfd_open syscall by @Rohith-Raju in #1187
• Remove ALWAYS_DROP setting for setsid system call by @jcpittman144 in #1213
• new: kernel testing matrix by @FedeDP in #1223
• chore(docs): update gh pages urls and title. by @FedeDP in #1225
• fix(docs): fixed readme link to kenrel_tests workflow. by @FedeDP in #1226
• update(ci/kernel-tests): run kernel tests step by step by @alacuku in #1229
• update(ci): bumped kernel_tests to kernel-testing v0.2.0. by @FedeDP in #1230
• chore(ci): switch kernel_tests repo to falcosecurity org. by @FedeDP in #1231
• update(ci): bumped kernel-testing to v0.2.1. by @FedeDP in #1233
• Port ebpf null fix to 0.12.x branch by @LucaGuerra in #1244
• sync: port #1245 and #1246 to the release-0.12.x branch by @jasondellaluce in #1248
• sync: release 0.12.x by @FedeDP in #1249
• sync: release 0.12.x by @FedeDP in #1261
• sync: release 0.12.x by @FedeDP in #1263
• sync: release 0.12.x by @FedeDP in #1265
• sync: release 0.12.x by @FedeDP in #1269

New Contributors

• @Rohith-Raju made their first contribution in #1135
• @lrishi made their first contribution in #1066
• @simonhf made their first contribution in #1159
• @oheifetz made their first contribution in #1195

Full Changelog: 5.0.1+driver...5.1.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-4.19	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	🟢	🟢	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	❌	❌	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	❌	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-4.15	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Ma...

0.12.0

What's Changed

• sync: release 0.12.x by @FedeDP in #1265
• sync: release 0.12.x by @FedeDP in #1269

Full Changelog: 0.12.0-rc3...0.12.0

0.12.0-rc3

What's Changed

• sync: port #1245 and #1246 to the release-0.12.x branch by @jasondellaluce in #1248
• sync: release 0.12.x by @FedeDP in #1249
• sync: release 0.12.x by @FedeDP in #1261
• sync: release 0.12.x by @FedeDP in #1263

Full Changelog: 0.12.0-rc2...0.12.0-rc3

0.12.0-rc2

fix(modern_bpf): fix NULL dereference in signal_deliver filler

The `signal_deliver` filler can be called with info=NULL
(`SEND_SIG_NOINFO`). Despite all I've been led to believe with eBPF,
this does cause an actual NULL dereference in the kernel,
promptly killing the machine (as the offending thread dies while
holding the spinlock in get_signal).

So let's check the pointer before we dereference it.

Signed-off-by: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
Co-Authored-By: Andrea Terzolo <andreaterzolo3@gmail.com>

0.12.0-rc1

update(ci): bumped kernel-testing to v0.2.1.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

0.11.3

See milestone: https://github.com/falcosecurity/libs/milestone/22

0.11.2

0.11.2

Changelog

See milestone: https://github.com/falcosecurity/libs/milestone/19

0.11.1

0.11.1

Changelog

See milestone: https://github.com/falcosecurity/libs/milestone/18

0.11.0

0.11.0

Changelog

See milestone: https://github.com/falcosecurity/libs/milestone/5