diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-30 16:53:10 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-30 16:53:10 +0300 |
| commit | 2e018ccde462cd9083cfaf9e74c50cec19518815 (patch) | |
| tree | 4c0f0cc8a7664a63a7159c78a15161d294e71f77 /internal/generate | |
| parent | 7f0ef4c1b2a2fa7945d70cf2f76475e25a766abd (diff) | |
test(kill): lock in KindNull enter and UNCLASSIFIED ret
Audit of kill(2) (pid_t pid, int sig): the pid at args[0] is a process/
process-group identifier and sig a signal number, neither an fd nor a
path, so the enter tracepoint is KindNull and the int 0/-1 return is a
status code (UNCLASSIFIED), not a transferred byte count. Classification
and docs (Signals/null) already matched and need no change.
Add TestClassifyExitKillUnclassifiedRet (the return-value lock-in its
signal siblings tkill/tgkill/rt_sigqueueinfo already have) and harden
TestClassifyKillExplicitNull to assert no PathnameField is captured,
documenting the deliberate contrast with pidfd_send_signal (KindFd/IPC,
args[0] is a real pidfd).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/generate')
| -rw-r--r-- | internal/generate/classify_test.go | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index 879cb00..06cf1d7 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -1955,11 +1955,48 @@ func TestClassifySwapoff(t *testing.T) { } } +// TestClassifyKillExplicitNull locks in the kill(2) enter classification using +// the syscall's REAL tracepoint fields. kill(pid_t pid, int sig) sends signal +// sig to a process (or process group); both arguments are integers — a process/ +// process-group identifier and a signal number — NOT a file descriptor and NOT +// a filesystem path. The audit concern is that args[0] ("pid") could be mistaken +// for an fd: it must not be. kill has no fd or path argument, so its enter format +// must classify as KindNull (null_event), matching its signal siblings tkill/ +// tgkill/rt_sigqueueinfo and the explicit name-only mapping in classify.go. +// (Its pidfd-taking sibling pidfd_send_signal differs deliberately: args[0] +// there is a real pidfd file descriptor, so that one is KindFd/FamilyIPC.) func TestClassifyKillExplicitNull(t *testing.T) { r := classifyFromData(t, FormatKill) if r.Kind != KindNull { t.Errorf("kill: got kind %d, want KindNull", r.Kind) } + // Neither the pid nor the sig argument must be captured as a path/fd. + if r.PathnameField != "" { + t.Errorf("kill: unexpected PathnameField %q, want empty", r.PathnameField) + } +} + +// TestClassifyExitKillUnclassifiedRet locks in that the kill exit tracepoint is +// classified as KindRet and Unclassified. kill(2) returns int (0 on success, -1 +// on error) — that return is a status code, NOT a transferred byte count — so +// its exit format carries a single "ret" field and must map to a plain ret_event +// (KindRet) whose ret_type stays UNCLASSIFIED. This matches its signal siblings +// (tkill/tgkill/rt_sigqueueinfo); misclassifying it as a READ/WRITE/TRANSFER +// byte count would be a real bug. +func TestClassifyExitKillUnclassifiedRet(t *testing.T) { + r := ClassifyFormat(&Format{ + Name: "sys_exit_kill", + ExternalFields: []Field{ + {Type: "long", Name: "__syscall_nr"}, + {Type: "long", Name: "ret"}, + }, + }) + if r.Kind != KindRet { + t.Fatalf("exit_kill: got kind %d, want KindRet", r.Kind) + } + if got := ClassifyRet("sys_exit_kill"); got != Unclassified { + t.Errorf("ClassifyRet(sys_exit_kill) = %q, want UNCLASSIFIED", got) + } } func TestClassifyNullExitByName(t *testing.T) { |