diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-30 22:16:33 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-30 22:16:33 +0300 |
| commit | c5ef17c2b728eae057fae43db020d1023e5cc634 (patch) | |
| tree | 3daee5dd2e6e86c61ce1c67b35f24c3801e4ff33 /internal/generate/codegen_test.go | |
| parent | 04881431fb051fc9915184c54dffdcbb9aa5c65e (diff) | |
test(pipe): lock in pipe/pipe2 IPC classification and fd-pair exit reads
Audit of pipe(2)/pipe2(2) (task dx) confirmed the tracing implementation is
correct: KindPipe (not KindFd, since args[0] is an output ptr to int[2], not an
fd), FamilyIPC, and an UNCLASSIFIED int return. Enter stashes the output ptr
(flags=0 for pipe, args[1] for pipe2); exit reads the fd pair via
bpf_probe_read_user guarded by ret==0, mirroring the socketpair pipe-like
pattern. The only gaps were missing lock-in tests, now added:
- codegen: assert the exit handler reads the fd pair from the stashed output
buffer (ret==0 guard, bpf_probe_read_user, fd0/fd1) and that the flag-less
pipe variant hardcodes flags=0 and never reads args[1].
- classify: pipe/pipe2 are never KindFd and stay UNCLASSIFIED on ret.
- runtime: a failed pipe (ret==-1) tracks no descriptors and attaches no file.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/generate/codegen_test.go')
| -rw-r--r-- | internal/generate/codegen_test.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index 58ed60c..9545447 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -1650,6 +1650,41 @@ func TestGeneratePipeHandler(t *testing.T) { requireContains(t, output, "ev->ret = ctx->ret;") } +// TestGeneratePipeHandlerExitReadsFdPair locks in the pipe-specific exit path: +// args[0] is an OUTPUT pointer to int[2], not an fd. The two created fds are +// only valid AFTER the syscall returns, so the exit handler must read them from +// the stashed userspace buffer with bpf_probe_read_user, guarded by ret == 0 +// (a failed pipe(2) leaves the buffer untouched). This mirrors the socketpair +// audit (task c00) pipe-like pattern. +func TestGeneratePipeHandlerExitReadsFdPair(t *testing.T) { + output := generateFromPair(t, FormatPipe2, FormatExitPipe2) + + // Exit reads the fd pair from the stashed output pointer only on success. + requireContains(t, output, "if (ctx->ret == 0 && pending->upipefd != 0) {") + requireContains(t, output, "int pipefd[2];") + requireContains(t, output, "bpf_probe_read_user(&pipefd, sizeof(pipefd), (void *)pending->upipefd)") + requireContains(t, output, "fd0 = (__s32)pipefd[0];") + requireContains(t, output, "fd1 = (__s32)pipefd[1];") + requireContains(t, output, "bpf_map_delete_elem(&pipe_ctx_map, &tid);") + requireContains(t, output, "ev->fd0 = fd0;") + requireContains(t, output, "ev->fd1 = fd1;") +} + +// TestGeneratePlainPipeHandlerZeroFlags locks in that the flag-less pipe(2) +// variant hardcodes flags = 0 and never reads args[1] (which does not exist for +// pipe; only pipe2 has a flags argument at args[1]). +func TestGeneratePlainPipeHandlerZeroFlags(t *testing.T) { + output := generateFromPair(t, FormatPipe, FormatExitPipe) + + requireContains(t, output, "struct pipe_event *ev") + requireContains(t, output, "ev->event_type = ENTER_PIPE_EVENT;") + requireContains(t, output, "pending.upipefd = ctx->args[0];") + requireContains(t, output, "pending.flags = 0;") + requireNotContains(t, output, "pending.flags = (__s32)ctx->args[1];") + requireContains(t, output, "SEC(\"tracepoint/syscalls/sys_exit_pipe\")") + requireContains(t, output, "ev->event_type = EXIT_PIPE_EVENT;") +} + func TestGenerateEventfdHandler(t *testing.T) { output := generateFromPair(t, FormatEventfd2, FormatExitEventfd2) |