diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-29 22:51:12 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-29 22:51:12 +0300 |
| commit | 9789578fe1363ec2f183cffb48f22bd6b656fd1a (patch) | |
| tree | c13d72743255b34908b47348f6ff80ee94514839 | |
| parent | 34821a6dd28ee4bd6282abdca07306605e8f6b1c (diff) | |
test(migrate_pages): lock in UNCLASSIFIED return classification
Audit of migrate_pages(2) confirmed its tracing classification matches
the man page and its NUMA siblings:
- KindNull (null_event): args are pid (a pid, NOT an fd), maxnode, and
two userspace bitmask pointers; the BPF handler emits a null_event and
never reads args[0] as an fd.
- FamilyMemory: consistent with set_mempolicy/mbind/move_pages/
set_mempolicy_home_node (the lone get_mempolicy->Security inconsistency
is tracked separately and out of scope here).
- exit UNCLASSIFIED (ret_event): the return is the count of pages that
could NOT be moved (>=0) or -1, a page tally rather than a transferred
byte count.
Add explicit lock-in assertions for migrate_pages and its sibling
move_pages to TestClassifyRetUnclassified so a future stray
read/write/transfer reclassification trips the test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
| -rw-r--r-- | internal/generate/retclassify_test.go | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/internal/generate/retclassify_test.go b/internal/generate/retclassify_test.go index 4e6a0ad..f1c244d 100644 --- a/internal/generate/retclassify_test.go +++ b/internal/generate/retclassify_test.go @@ -60,6 +60,17 @@ func TestClassifyRetUnclassified(t *testing.T) { // ret_event and must stay UNCLASSIFIED, like its NUMA siblings // set_mempolicy/mbind/migrate_pages/move_pages. "set_mempolicy_home_node", + // migrate_pages(2) moves all pages of a process (selected by pid, NOT an + // fd) between NUMA node sets; on success it returns the number of pages + // that could NOT be moved (>=0, zero meaning all moved), or -1 on error. + // That count is a page tally, not a transferred byte count, so its exit + // must stay UNCLASSIFIED (plain ret_event), like its NUMA siblings + // set_mempolicy/mbind/set_mempolicy_home_node and move_pages. + "migrate_pages", + // move_pages(2) is the per-page NUMA sibling of migrate_pages(2); it also + // returns 0/-1 (with per-page status reported via a userspace array, not + // the return value), so its exit likewise stays UNCLASSIFIED. + "move_pages", // setsid(2) returns the new session ID (a pid_t) on success, or // (pid_t)-1 on error; that return is a session/process identifier, not a // transferred byte count. Its exit must stay UNCLASSIFIED (plain |