Fix remaining BPF verifier failures

1. Mask ret with & 0xFFFF in recvfrom_x, recvmsg_x, and sendmsg_x.
   The BPF verifier on older kernels rejects bpf_probe_read_user calls
   where the size argument (ret) could be negative. The mask bounds the
   value for the verifier. Only applied to programs collector subscribes
   to (kSendRecvSyscalls) — other programs with this pattern are already
   excluded via MODERN_BPF_EXCLUDE_PROGS.

2. Stub out t1_execveat_x and t2_execveat_x with #if 0 (ROX-31971).
   Collector does not subscribe to execveat, but these programs are
   compiled into the skeleton and verified during load. Their complexity
   exceeded the 1M instruction verifier limit on RHCOS 4.16/4.18 and
   RHEL SAP 9.4.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Stringy

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c

@@ -131,6 +131,12 @@ int BPF_PROG(execveat_x, struct pt_regs *regs, long ret) {
 
 SEC("tp_btf/sys_exit")
 int BPF_PROG(t1_execveat_x, struct pt_regs *regs, long ret) {
+	/* ROX-31971: This tail call contributes to exceeding the BPF verifier's
+	 * 1M instruction limit on some kernels (e.g. RHCOS 4.16, RHEL SAP 9.4).
+	 * Collector does not subscribe to execveat, so this code is not needed.
+	 * Kept as a stub so the program symbol exists in the skeleton.
+	 */
+#if 0
 	struct auxiliary_map *auxmap = auxmap__get();
 	if(!auxmap) {
 		return 0;
@@ -254,11 +260,14 @@ int BPF_PROG(t1_execveat_x, struct pt_regs *regs, long ret) {
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
 	bpf_tail_call(ctx, &syscall_exit_extra_tail_table, T2_EXECVEAT_X);
+#endif
 	return 0;
 }
 
 SEC("tp_btf/sys_exit")
 int BPF_PROG(t2_execveat_x, struct pt_regs *regs, long ret) {
+	/* ROX-31971: See comment on t1_execveat_x above. */
+#if 0
 	struct auxiliary_map *auxmap = auxmap__get();
 	if(!auxmap) {
 		return 0;
@@ -289,6 +298,7 @@ int BPF_PROG(t2_execveat_x, struct pt_regs *regs, long ret) {
 	auxmap__finalize_event_header(auxmap);
 
 	auxmap__submit_event(auxmap);
+#endif
 	return 0;
 }
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c

@@ -42,7 +42,7 @@ int BPF_PROG(recvfrom_x, struct pt_regs *regs, long ret) {
 		uint16_t snaplen = maps__get_snaplen();
 		apply_dynamic_snaplen(regs, &snaplen, &snaplen_args);
 		if(snaplen > ret) {
-			snaplen = ret;
+			snaplen = ret & 0xFFFF;
 		}
 
 		/* Parameter 2: data (type: PT_BYTEBUF) */

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c

@@ -46,7 +46,7 @@ int BPF_PROG(recvmsg_x, struct pt_regs *regs, long ret) {
 		uint16_t snaplen = maps__get_snaplen();
 		apply_dynamic_snaplen(regs, &snaplen, &snaplen_args);
 		if(snaplen > ret) {
-			snaplen = ret;
+			snaplen = ret & 0xFFFF;
 		}
 
 		/* Parameter 3: data (type: PT_BYTEBUF) */

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendmsg.bpf.c

@@ -59,7 +59,7 @@ int BPF_PROG(sendmsg_x, struct pt_regs *regs, long ret) {
 		};
 		apply_dynamic_snaplen(regs, &snaplen, &snaplen_args);
 		if(ret > 0 && snaplen > ret) {
-			snaplen = ret;
+			snaplen = ret & 0xFFFF;
 		}
 
 		unsigned long iov_pointer = (unsigned long)msghdr.msg_iov;