Add getcwd tracing support and stabilize comm propagation test

author: Paul Buetow <paul@buetow.org> 2026-02-23 10:34:37 +0200
committer: Paul Buetow <paul@buetow.org> 2026-02-23 10:34:37 +0200
commit: a1eb580aa5b80e913dc722ccf97e42c6987152e8 (patch)
tree: 845b3da7d8d6a0d11e28dea1b82bbf39e0e401b4 /internal/c
parent: 9e7b820cfacb50299720b9d391de907d6f3fbdec (diff)
2 files changed, 48 insertions, 2 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index ae38cbb..5917a85 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -45,7 +45,6 @@
 /// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
 /// Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related
 /// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
-/// Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
 /// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
 /// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
 /// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
@@ -292,6 +291,8 @@
 #define SYS_EXIT_STATFS 1042
 #define SYS_ENTER_FSTATFS 1041
 #define SYS_EXIT_FSTATFS 1040
+#define SYS_ENTER_GETCWD 1037
+#define SYS_EXIT_GETCWD 1036
 #define SYS_ENTER_UTIMENSAT 1035
 #define SYS_EXIT_UTIMENSAT 1034
 #define SYS_ENTER_FUTIMESAT 1033
@@ -1382,6 +1383,50 @@ int handle_sys_exit_fstatfs(struct trace_event_raw_sys_exit *ctx) {
     return 0;
 }
 
+/// sys_enter_getcwd is a struct null_event
+SEC("tracepoint/syscalls/sys_enter_getcwd")
+int handle_sys_enter_getcwd(struct trace_event_raw_sys_enter *ctx) {
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
+        return 0;
+
+    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+    if (!ev)
+        return 0;
+
+    ev->event_type = ENTER_NULL_EVENT;
+    ev->trace_id = SYS_ENTER_GETCWD;
+    ev->pid = pid;
+    ev->tid = tid;
+    ev->time = bpf_ktime_get_boot_ns();
+
+    bpf_ringbuf_submit(ev, 0);
+    return 0;
+}
+
+/// sys_exit_getcwd is a struct ret_event (UNCLASSIFIED)
+SEC("tracepoint/syscalls/sys_exit_getcwd")
+int handle_sys_exit_getcwd(struct trace_event_raw_sys_exit *ctx) {
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
+        return 0;
+
+    struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+    if (!ev)
+        return 0;
+
+    ev->event_type = EXIT_RET_EVENT;
+    ev->trace_id = SYS_EXIT_GETCWD;
+    ev->pid = pid;
+    ev->tid = tid;
+    ev->time = bpf_ktime_get_boot_ns();
+    ev->ret = ctx->ret;
+    ev->ret_type = UNCLASSIFIED;
+
+    bpf_ringbuf_submit(ev, 0);
+    return 0;
+}
+
 /// sys_enter_utimensat is a struct path_event
 SEC("tracepoint/syscalls/sys_enter_utimensat")
 int handle_sys_enter_utimensat(struct trace_event_raw_sys_enter *ctx) {
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index e3fdd55..87609e8 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -43,7 +43,6 @@ Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O relat
 Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
 Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related
 Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
-Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
 Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
 Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
 Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
@@ -289,6 +288,7 @@ sys_enter_fstatfs is a struct fd_event
 sys_enter_fsync is a struct fd_event
 sys_enter_ftruncate is a struct fd_event
 sys_enter_futimesat is a struct path_event
+sys_enter_getcwd is a struct null_event
 sys_enter_getdents is a struct fd_event
 sys_enter_getdents64 is a struct fd_event
 sys_enter_getxattr is a struct path_event
@@ -404,6 +404,7 @@ sys_exit_fstatfs is a struct ret_event (UNCLASSIFIED)
 sys_exit_fsync is a struct ret_event (UNCLASSIFIED)
 sys_exit_ftruncate is a struct ret_event (UNCLASSIFIED)
 sys_exit_futimesat is a struct ret_event (UNCLASSIFIED)
+sys_exit_getcwd is a struct ret_event (UNCLASSIFIED)
 sys_exit_getdents is a struct ret_event (READ_CLASSIFIED)
 sys_exit_getdents64 is a struct ret_event (READ_CLASSIFIED)
 sys_exit_getxattr is a struct ret_event (READ_CLASSIFIED)
author	Paul Buetow <paul@buetow.org>	2026-02-23 10:34:37 +0200
committer	Paul Buetow <paul@buetow.org>	2026-02-23 10:34:37 +0200
commit	a1eb580aa5b80e913dc722ccf97e42c6987152e8 (patch)
tree	845b3da7d8d6a0d11e28dea1b82bbf39e0e401b4 /internal/c
parent	9e7b820cfacb50299720b9d391de907d6f3fbdec (diff)