Skip to content

9.0.0+driver

Choose a tag to compare

View all tags
@ekoops ekoops released this 16 Oct 13:34
· 3 commits to release/0.22.x since this release
9.0.0+driver
5666ef4

API
SCHEMA

Latest Compatible Kernel

Driver Testing Matrix amd64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Driver Testing Matrix arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

v9.0.0+driver

Released on 2025-10-16

Breaking Changes ⚠️

  • feat(driver/modern_bpf)!: remove forgotten pwrite64_e prog [#2626] - @ekoops
  • feat!: add PPME_SYSCALL_CLOSE_E fd param to PPME_SYSCALL_CLOSE_X [#2475] - @ekoops
  • feat!: drop rename{,at,at2} enter evts gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop splice enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop munmap enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop mmap/mmap2 enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop fcntl enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop symlink{,at} enter events gen, testing and parsing code [#2599] - @ekoops
  • feat!: drop setuid enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop ptrace enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop mkdir enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop mkdirat enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop fchdir enter events gen, testing and parsing code [#2594] - @terror96
  • feat!: drop llseek enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lseek enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop select enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop poll enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop epoll_wait enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop fstat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lstat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop stat64 enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop fstat enter events gen, testing and parsing code [#2591] - @ekoops
  • feat!: drop lstat enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop stat enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop futex enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop eventfd enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop pipe enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop getsockopt enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop setsockopt enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop socketpair enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop getpeername enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: drop getsockname enter events gen, testing and parsing code [#2590] - @ekoops
  • feat!: bump schema version to 4.0.0 [#2675] - @ekoops
  • chore(driver)!: drop dead PPME_SCAPEVENT_E fillers and code [#2671] - @ekoops
  • chore!: mark PPME_SCAPEVENT_X with EC_UNKNOWN and set name to NA [#2671] - @ekoops
  • feat!: make PPME_GENERIC_E "scap converter"-managed [#2636] - @ekoops
  • feat!: drop unused enter events scap stats counters [#2634] - @ekoops
  • feat(driver/bpf)!: use sys_enter probe only for TOCTOU mitigation [#2627] - @ekoops
  • feat(driver)!: use syscall_enter probe only for TOCTOU mitigation [#2627] - @ekoops
  • feat!: drop modern probe sys_enter and remaining syscall enter progs [#2627] - @ekoops
  • feat!: drop execve enter evts gen code [#2624] - @ekoops
  • feat!: drop execveat enter evts gen code [#2624] - @ekoops
  • feat!: finish mount/umount enter event gen support removal in kmod [#2625] - @ekoops
  • feat!: drop clone enter evts gen, testing and parsing code [#2623] - @ekoops
  • feat!: drop clone3 enter evts gen, testing and parsing code [#2623] - @ekoops
  • feat!: drop fork enter evts gen, testing and parsing code [#2623] - @ekoops
  • feat!: drop vfork enter evts gen, testing and parsing code [#2623] - @ekoops
  • feat!: drop read enter events gen, testing and parsing code [#2622] - @terror96
  • feat!: drop write enter events gen, testing and parsing code [#2622] - @terror96
  • feat!: drop close enter evts gen, testing and parsing code [#2620] - @ekoops
  • feat!: drop ioctl enter evts gen, testing and parsing code [#2620] - @ekoops
  • feat!: drop sendfile enter evts gen, testing and parsing code [#2620] - @ekoops
  • feat!: drop accept{,4} enter evts gen, testing and parsing code [#2620] - @ekoops
  • feat!: drop send enter evts gen, testing and parsing code [#2618] - @ekoops
  • feat!: drop sendto enter evts gen, testing and parsing code [#2618] - @ekoops
  • feat!: drop recv enter evts gen, testing and parsing code [#2618] - @ekoops
  • feat!: drop recvfrom enter evts gen, testing and parsing code [#2618] - @ekoops
  • feat!: drop listen enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop bind enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop socket enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop pwrite enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop pread enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop writev enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop readv enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop pwritev enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop preadv enter evts gen, testing and parsing code [#2614] - @ekoops
  • feat!: drop sendmsg enter events gen, testing and parsing code [#2613] - @terror96
  • feat!: drop sengmmsg enter events gen, testing and parsing code [#2613] - @terror96
  • feat!: drop recvmsg enter events gen, testing and parsing code [#2613] - @terror96
  • feat!: drop recvmmsg enter events gen, testing and parsing code [#2613] - @terror96
  • feat!: drop shutdown enter evts gen, testing and parsing code [#2611] - @ekoops
  • feat!: drop process_vm_{read,write}v enter evts gen/testing/parsing [#2611] - @ekoops
  • feat!: drop pipe2 enter evts gen, testing and parsing code [#2611] - @ekoops
  • feat!: drop open_by_handle_at enter evts gen, testing and parsing [#2611] - @ekoops
  • feat!: drop bpf enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop delete_module enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop newfstatat enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop memfd_create enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop prctl enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop eventfd2 enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop fsconfig enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop userfaultfd enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop seccomp enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop unshare enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop chroot enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop chdir enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop getcwd enter evts gen, testing and parsing code [#2610] - @ekoops
  • feat!: drop setsid enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop quotactl enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop *chmod* enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop signalfd{,4} enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop {s,g}etrlimit enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop mknod{,at} enter evts gen, testing and parsing code [#2609] - @ekoops
  • feat!: drop setre{uid,gid} enter evts gen, testing and parsing code [#2608] - @ekoops
  • ea89917 feat!: drop umount2 enter evts gen, testing and parsing code [#2608] - @ekoops
  • 3898688 feat!: drop {,f}init_module enter evts gen, testing and parsing code [#2608] - @ekoops
  • 60480cf feat!: drop pidfd_{getfd,open} enter evts gen, testing and parsing [#2608] - @ekoops
  • a2dd66c feat!: drop *chown* enter evts gen, testing and parsing code [#2608] - @ekoops
  • ce7c479 feat!: drop io_uring_* enter evts gen, testing and parsing code [#2608] - @ekoops
  • feat!: drop mprotect enter evts gen, testing and parsing code [#2607] - @ekoops
  • feat!: drop copy_file_range enter evts gen, testing and parsing code [#2607] - @ekoops
  • feat!: drop capset enter evts gen, testing and parsing code [#2607] - @ekoops
  • feat!: drop epoll_create{,1} enter evts gen, testing and parsing [#2607] - @ekoops
  • feat!: drop munlock{,all} enter evts gen, testing and parsing code [#2607] - @ekoops
  • feat!: drop mlock{,2,all} enter evts gen, testing and parsing code [#2607] - @ekoops
  • feat!: drop access enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop setgid enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop timerfd_create enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop nanosleep enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop inotify_init{,1} enter evts gen, testing and parsing [#2606] - @ekoops
  • feat!: drop dup{,2,3} enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop {,t,tg}kill enter evts gen, testing and parsing code [#2606] - @ekoops
  • feat!: drop setpgid enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop rmdir enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop link enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop unlink enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop linkat enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop unlinkat enter events gen, testing and parsing code [#2604] - @terror96
  • feat!: drop prlimit enter evts gen, testing and parsing code [#2601] - @ekoops
  • feat!: drop get{uid,gid} enter evts gen, testing and parsing code [#2601] - @ekoops
  • feat!: drop gete{uid,gid} enter evts gen, testing and parsing code [#2601] - @ekoops
  • feat!: drop getres{uid,gid} enter evts gen, testing and parsing code [#2601] - @ekoops
  • feat!: drop setres{uid,gid} enter evts gen, testing and parsing code [#2601] - @ekoops

Major Changes

  • new(driver): update exit events PPME_SYSCALL_FCHDIR_X with enter params [#2453] - @terror96

Bug Fixes

  • fix(driver): fixed build of old bpf probe against linux 6.15-rc1. [#2341] - @FedeDP

Non user-facing changes

  • fix(driver/modern_bpf): remove retval from ttm kprobe signatures [#2587] - @ekoops
  • fix(driver/modern_bpf): fix iovec size eval for emulated ia32 syscalls [#2612] - @ekoops
  • docs(driver/modern_bpf): improve FAQ section to TOCTOU mit README.md [#2585] - @ekoops
  • feat!: isolate modern probe TOCTOU mitigation logic [#2581] - @ekoops
  • feat: add PPME_SOCKET_SENDMSG_E params to PPME_SOCKET_SENDMSG_X [#2436] - @ekoops
  • fix(drivers/modern_bpf): fix socket fd conversion error [#2425] - @ekoops
  • test: improve handling and messaging of task->pids check on kernels >=4.19 [#2600] - @adduali1310
  • fix(driver/bpf): fix sched_process_exec_args conditional definition [#2534] - @ekoops
  • fix(driver/bpf): fix socket_x and socketpair_x domain encoding [#2477] - @ekoops
  • feat: add PPME_SYSCALL_LLSEEK_E params to PPME_SYSCALL_LLSEEK_X [#2461] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_SETPGID_X with enter params [#2460] - @terror96
  • new(driver): update exit events PPME_SYSCALL_SETNS_X with enter params [#2456] - @terror96
  • feat: add EPOLLWAIT_E params to EPOLLWAIT_X [#2454] - @ekoops
  • feat: add PPME_SYSCALL_POLL_E params to PPME_SYSCALL_POLL_X [#2455] - @ekoops
  • feat: add PPME_SYSCALL_FUTEX_E params to PPME_SYSCALL_FUTEX_X [#2449] - @ekoops
  • feat: add PPME_SYSCALL_EVENTFD_E params to PPME_SYSCALL_EVENTFD_X [#2445] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_MKDIR_2_X with enter params [#2446] - @terror96
  • feat: add PPME_SOCKET_RECVMSG_E params to PPME_SOCKET_RECVMSG_X [#2443] - @ekoops
  • feat: add PPME_SOCKET_SHUTDOWN_E params to PPME_SOCKET_SHUTDOWN_X [#2426] - @ekoops
  • feat: add SOCKETPAIR_E params to SOCKETPAIR_X [#2430] - @ekoops
  • feat: add RECVFROM_E params to RECVFROM_X [#2422] - @ekoops
  • feat: add RECV_E and tuple params and to RECV_X [#2419] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_SETUID_X with enter params [#2414] - @terror96
  • new(driver): update exit events PPME_SYSCALL_PTRACE_X with enter params [#2417] - @terror96
  • new: extend SEND_X and SENDTO_X with enter events parameters [#2221] - @ekoops
  • feat: add PPME_SYSCALL_UMOUNT2_E params to PPME_SYSCALL_UMOUNT2_X [#2500] - @ekoops
  • fix(driver): cast fds to 32 bits before sending them in dup2 and dup3 [#2497] - @ekoops
  • feat: extend PPME_SYSCALL_EPOLL_CREATE{1}_X with enter parameters [#2498] - @ekoops
  • feat: extend PPME_SYSCALL_MPROTECT_X with enter parameters [#2496] - @ekoops
  • feat: add PPME_SYSCALL_SECCOMP_E params to PPME_SYSCALL_SECCOMP_X [#2495] - @ekoops
  • feat: add PPME_SYSCALL_UNSHARE_E params to PPME_SYSCALL_UNSHARE_X [#2494] - @ekoops
  • feat: add PPME_SYSCALL_ACCESS_E params to PPME_SYSCALL_ACCESS_X [#2493] - @ekoops
  • feat: add PPME_SYSCALL_MOUNT_E params to PPME_SYSCALL_MOUNT_X [#2492] - @ekoops
  • feat: add PPME_SYSCALL_PPOLL_E params to PPME_SYSCALL_PPOLL_X [#2491] - @ekoops
  • feat: extend SEMCTL_X and SEMGET_X with enter parameters [#2490] - @ekoops
  • feat: add PPME_SYSCALL_SEMOP_E params to PPME_SYSCALL_SEMOP_X [#2489] - @ekoops
  • feat: add PPME_SYSCALL_FLOCK_E params to PPME_SYSCALL_FLOCK_X [#2488] - @ekoops
  • feat: extend PPME_SYSCALL_GETDENTS{64}_X defs with enter params [#2487] - @ekoops
  • feat: add PPME_SYSCALL_MUNMAP_E params to PPME_SYSCALL_MUNMAP_X [#2486] - @ekoops
  • feat: add PPME_SYSCALL_MMAP2_E params to PPME_SYSCALL_MMAP2_X [#2485] - @ekoops
  • feat: add PPME_SYSCALL_MMAP_E params to PPME_SYSCALL_MMAP_X [#2484] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_SETRESUID_X with enter params [#2482] - @terror96
  • feat: add GETRLIMIT_E params to GETRLIMIT_X and align setrlimit_x [#2476] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_SETRESGID_X with enter params [#2474] - @terror96
  • feat: add PPME_SYSCALL_BRK_4_E params to PPME_SYSCALL_BRK_4_X [#2473] - @ekoops
  • new(driver): update exit events PPME_SYSCALL_SETGID_X with enter params [#2469] - @terror96
  • feat: add PPME_SYSCALL_IOCTL_3_E params to PPME_SYSCALL_IOCTL_3_X [#2464] - @ekoops
  • feat: add PPME_SYSCALL_FSTAT_E params to PPME_SYSCALL_FSTAT_X [#2466] - @ekoops
  • feat: make PPME_SYSCALL_EXECVE_19_X "scap converter"-managed [#2544] - @ekoops
  • feat: add PPME_SYSCALL_CONNECT_E params to PPME_SYSCALL_CONNECT_X [#2529] - @ekoops
  • feat: add PPME_SYSCALL_PWRITEV_E params to PPME_SYSCALL_PWRITEV_X [#2524] - @ekoops
  • fix(drivers): align and improve connect kernel drivers fillers [#2528] - @ekoops
  • feat: add PPME_SYSCALL_WRITEV_E params to PPME_SYSCALL_WRITEV_X [#2523] - @ekoops
  • feat: add PPME_SYSCALL_LSEEK_E params to PPME_SYSCALL_LSEEK_X [#2522] - @ekoops
  • feat: extend PPME_SYSCALL_{P}READV_X with enter parameters [#2519] - @ekoops
  • feat: extend PPME_SYSCALL_COPY_FILE_RANGE_X with enter parameters [#2517] - @ekoops
  • feat: add PPME_SYSCALL_SPLICE_E params to PPME_SYSCALL_SPLICE_X [#2516] - @ekoops
  • feat: extend PPME_SYSCALL_INOTIFY_INIT_X with enter parameters [#2514] - @ekoops
  • feat: extend PPME_SYSCALL_TIMERFD_CREATE_X with enter parameters [#2513] - @ekoops
  • feat: extend PPME_SYSCALL_NANOSLEEP_X with enter parameters [#2512] - @ekoops
  • feat: extend PPME_SYSCALL_SIGNALFD_X with enter parameters [#2510] - @ekoops
  • fix(driver): cast rets and fds to 32 bits before sending them in dup* [#2509] - @ekoops
  • feat: extend PPME_SOCKET_ACCEPT4_6_X with enter parameters [#2508] - @ekoops
  • feat: extend PPME_SYSCALL_{KILL,TKILL,TGKILL}_X with enter params [#2507] - @ekoops
  • feat: extend PPME_SYSCALL_QUOTACTL_X with enter parameters [#2506] - @ekoops
  • feat: extend PPME_SYSCALL_SIGNALFD4_X with enter parameters [#2503] - @ekoops
  • feat: extend PPME_SYSCALL_SENDFILE_X with enter parameters [#2505] - @ekoops
  • feat: extend PPME_SYSCALL_EVENTFD2_X with enter parameters [#2501] - @ekoops
  • refactor(driver): simplify socketcall handling logic [#2639] - @ekoops
  • refactor: fix some compiler warnings [#2633] - @ekoops
  • refactor(driver): remove forgotten mount/umount enter event cases [#2605] - @ekoops
  • feat!: drop some syscalls enter events gen, testing and parsing code (part 6) [#2602] - @ekoops
  • fix(test/drivers): avoid using invalid pid numbers [#2684] - @terror96

Statistics

MERGED PRS NUMBER
Not user-facing 73
Release note 29
Total 102

Release Manager @ekoops

Contributors

ekoops
Assets 2
Loading