diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-30 22:25:49 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-30 22:25:49 +0300 |
| commit | 136c4dfb6846595b98cf2b04a93525ce91d86d5e (patch) | |
| tree | 32c4eb7a6203879796c4598d82f51c028a182971 /internal/c/generated_tracepoints.c | |
| parent | db7c18b976c6bb87ca3dbbfdf436c1945aab3289 (diff) | |
generate: treat rt_sigreturn as noreturn (suppress dead exit handler)
rt_sigreturn(2) restores the pre-signal execution context off the signal
stack frame and resumes the interrupted instruction; it never returns to
the instruction after the syscall. man sigreturn(2) states plainly that
"sigreturn() never returns", and tracing against /sys/kernel/tracing
confirms it: sys_enter_rt_sigreturn fires once per signal-handler return
while sys_exit_rt_sigreturn never fires.
The generator previously emitted a dead handle_sys_exit_rt_sigreturn (it
can never run) and recorded a per-tid syscall_enter_state_map entry on the
enter path that nothing would ever delete (no exit fires), leaking entries
in the bounded map on every signal-handler return.
Add rt_sigreturn to noreturnSyscalls so codegen suppresses the dead exit
handler and routes the enter handler through ior_on_noreturn_syscall_enter
(sampling decision only, no map write), exactly like exit/exit_group. The
enter null_event is still emitted, and the FamilySignals/KindNull
classification is unchanged. Regenerated the C/Go artifacts and the result
baseline accordingly, and generalized the related comments.
Lock-in tests: TestRtSigreturnIsNoreturn asserts rt_sigreturn is noreturn;
TestRtSigSiblingsAreNotNoreturn guards that the returning rt_sig* siblings
are not; TestGenerateExitNoreturnHandlers now also covers rt_sigreturn.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/c/generated_tracepoints.c')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 29 |
1 files changed, 1 insertions, 28 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index a8437df..5c72813 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -732,7 +732,6 @@ #define SYS_ENTER_IOPL 93 #define SYS_EXIT_IOPL 92 #define SYS_ENTER_RT_SIGRETURN 57 -#define SYS_EXIT_RT_SIGRETURN 56 /// sys_enter_socket is a struct socket_event (kind=socket) SEC("tracepoint/syscalls/sys_enter_socket") @@ -19659,7 +19658,7 @@ int handle_sys_enter_rt_sigreturn(struct syscall_trace_enter *ctx) { if (filter(&pid, &tid)) return 0; - if (!ior_on_syscall_enter(tid, SYS_ENTER_RT_SIGRETURN)) + if (!ior_on_noreturn_syscall_enter(SYS_ENTER_RT_SIGRETURN)) return 0; struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); @@ -19676,29 +19675,3 @@ int handle_sys_enter_rt_sigreturn(struct syscall_trace_enter *ctx) { return 0; } -/// sys_exit_rt_sigreturn is a struct ret_event (UNCLASSIFIED) (kind=ret) -SEC("tracepoint/syscalls/sys_exit_rt_sigreturn") -int handle_sys_exit_rt_sigreturn(struct syscall_trace_exit *ctx) { - __u32 pid, tid; - if (filter(&pid, &tid)) - return 0; - - if (!ior_on_syscall_exit(tid, SYS_ENTER_RT_SIGRETURN, ctx->ret)) - return 0; - - struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); - if (!ev) - return 0; - - ev->event_type = EXIT_RET_EVENT; - ev->trace_id = SYS_EXIT_RT_SIGRETURN; - ev->pid = pid; - ev->tid = tid; - ev->time = bpf_ktime_get_boot_ns(); - ev->ret = ctx->ret; - ev->ret_type = UNCLASSIFIED; - - bpf_ringbuf_submit(ev, 0); - return 0; -} - |