diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-21 17:59:33 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-21 17:59:33 +0300 |
| commit | 956b0392dc1206dce49e6904210dfc9ae100d3e2 (patch) | |
| tree | 5c5fb16de87b4cc7c857d6109ebdda0c6db6b404 /internal | |
| parent | 3e00ee8e994147c2dce70bc785fb6fb70f3ecd41 (diff) | |
k7 classify process control and prctl syscalls
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 6 | ||||
| -rw-r--r-- | internal/c/generated_tracepoints_result.txt | 6 | ||||
| -rw-r--r-- | internal/generate/classify.go | 15 | ||||
| -rw-r--r-- | internal/generate/classify_test.go | 35 | ||||
| -rw-r--r-- | internal/generate/codegen_test.go | 4 | ||||
| -rw-r--r-- | internal/generate/kindregistry.go | 1 | ||||
| -rw-r--r-- | internal/tracepoints/dimension_selector_test.go | 15 | ||||
| -rw-r--r-- | internal/tracepoints/generated_tracepoints.go | 6 |
8 files changed, 75 insertions, 13 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index e2035db..8939cd7 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -17740,7 +17740,7 @@ int handle_sys_exit_umask(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_prctl is a struct null_event (kind=null) +/// sys_enter_prctl is a struct null_event (kind=prctl) SEC("tracepoint/syscalls/sys_enter_prctl") int handle_sys_enter_prctl(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -18844,7 +18844,7 @@ int handle_sys_exit_exit_group(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_waitid is a struct null_event (kind=null) +/// sys_enter_waitid is a struct null_event (kind=proc) SEC("tracepoint/syscalls/sys_enter_waitid") int handle_sys_enter_waitid(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -18894,7 +18894,7 @@ int handle_sys_exit_waitid(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_wait4 is a struct null_event (kind=null) +/// sys_enter_wait4 is a struct null_event (kind=proc) SEC("tracepoint/syscalls/sys_enter_wait4") int handle_sys_enter_wait4(struct syscall_trace_enter *ctx) { __u32 pid, tid; diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index ff6598c..e04bdbd 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -218,7 +218,7 @@ sys_enter_pkey_free is a struct null_event (kind=null) sys_enter_pkey_mprotect is a struct mem_event (kind=mem) sys_enter_poll is a struct poll_event (kind=poll) sys_enter_ppoll is a struct poll_event (kind=poll) -sys_enter_prctl is a struct null_event (kind=null) +sys_enter_prctl is a struct null_event (kind=prctl) sys_enter_pread64 is a struct fd_event (kind=fd) sys_enter_preadv is a struct fd_event (kind=fd) sys_enter_preadv2 is a struct fd_event (kind=fd) @@ -361,8 +361,8 @@ sys_enter_utimes is a struct path_event (kind=pathname) sys_enter_vfork is a struct null_event (kind=proc) sys_enter_vhangup is a struct null_event (kind=null) sys_enter_vmsplice is a struct fd_event (kind=fd) -sys_enter_wait4 is a struct null_event (kind=null) -sys_enter_waitid is a struct null_event (kind=null) +sys_enter_wait4 is a struct null_event (kind=proc) +sys_enter_waitid is a struct null_event (kind=proc) sys_enter_write is a struct fd_event (kind=fd) sys_enter_writev is a struct fd_event (kind=fd) sys_exit_accept is a struct accept_event (kind=accept) diff --git a/internal/generate/classify.go b/internal/generate/classify.go index ffac1b3..8ad1d58 100644 --- a/internal/generate/classify.go +++ b/internal/generate/classify.go @@ -38,6 +38,7 @@ const ( KindProc KindBpf KindFutex + KindPrctl ) func (k TracepointKind) MetadataName() string { @@ -106,6 +107,8 @@ func (k TracepointKind) MetadataName() string { return "bpf" case KindFutex: return "futex" + case KindPrctl: + return "prctl" default: return "none" } @@ -403,6 +406,10 @@ func classifyNameOnly(name string) (ClassificationResult, bool) { return ClassificationResult{Kind: KindFd}, true case "sys_enter_process_mrelease": return ClassificationResult{Kind: KindFd}, true + case "sys_enter_wait4": + return ClassificationResult{Kind: KindProc}, true + case "sys_enter_waitid": + return ClassificationResult{Kind: KindProc}, true case "sys_enter_clone": return ClassificationResult{Kind: KindProc}, true case "sys_enter_clone3": @@ -411,6 +418,14 @@ func classifyNameOnly(name string) (ClassificationResult, bool) { return ClassificationResult{Kind: KindProc}, true case "sys_enter_vfork": return ClassificationResult{Kind: KindProc}, true + case "sys_enter_kill": + return ClassificationResult{Kind: KindNull}, true + case "sys_enter_prctl": + return ClassificationResult{Kind: KindPrctl}, true + case "sys_enter_setns": + return ClassificationResult{Kind: KindFd}, true + case "sys_enter_unshare": + return ClassificationResult{Kind: KindNull}, true case "sys_enter_bpf": return ClassificationResult{Kind: KindBpf}, true case "sys_enter_futex": diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index c3c7676..dbc14a0 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -805,6 +805,35 @@ func TestClassifyJ7NameOnlyKinds(t *testing.T) { } } +func TestClassifyK7NameOnlyKinds(t *testing.T) { + tests := []struct { + name string + want TracepointKind + }{ + {"sys_enter_wait4", KindProc}, + {"sys_enter_waitid", KindProc}, + {"sys_enter_kill", KindNull}, + {"sys_enter_prctl", KindPrctl}, + {"sys_enter_setns", KindFd}, + {"sys_enter_unshare", KindNull}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := ClassifyFormat(&Format{ + Name: tt.name, + ExternalFields: []Field{ + {Type: "long", Name: "__syscall_nr"}, + {Type: "long", Name: "arg0"}, + }, + }) + if r.Kind != tt.want { + t.Fatalf("%s: got kind %d, want %d", tt.name, r.Kind, tt.want) + } + }) + } +} + func TestClassify67NameOnlyKinds(t *testing.T) { tests := []struct { name string @@ -1182,10 +1211,10 @@ func TestClassifySwapoff(t *testing.T) { } } -func TestClassifyKillRequiresGenerationFallback(t *testing.T) { +func TestClassifyKillExplicitNull(t *testing.T) { r := classifyFromData(t, FormatKill) - if r.Kind != KindNone { - t.Errorf("kill: got kind %d, want KindNone before generation fallback", r.Kind) + if r.Kind != KindNull { + t.Errorf("kill: got kind %d, want KindNull", r.Kind) } } diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index cf75324..eb3d82a 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -635,6 +635,7 @@ func TestGenerateAllEventTypes(t *testing.T) { {KindProc, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"}, {KindBpf, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"}, {KindFutex, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"}, + {KindPrctl, "ENTER_NULL_EVENT", "EXIT_NULL_EVENT"}, } for _, tt := range tests { @@ -684,6 +685,7 @@ func TestEventStructNames(t *testing.T) { {KindProc, "null_event"}, {KindBpf, "null_event"}, {KindFutex, "null_event"}, + {KindPrctl, "null_event"}, } for _, tt := range tests { @@ -702,7 +704,7 @@ func TestEnterReject(t *testing.T) { t.Error("KindNone should be enter-rejected") } - accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen, KindSeccomp, KindModule, KindSysVId, KindSysVOp, KindProc, KindBpf, KindFutex} + accepted := []TracepointKind{KindFd, KindOpen, KindMqOpen, KindExec, KindPathname, KindName, KindFcntl, KindNull, KindDup3, KindOpenByHandleAt, KindSocket, KindSocketpair, KindAccept, KindPipe, KindEventfd, KindPidfd, KindEpollCtl, KindTwoFd, KindPoll, KindMem, KindSleep, KindKeyctl, KindPtrace, KindPerfOpen, KindSeccomp, KindModule, KindSysVId, KindSysVOp, KindProc, KindBpf, KindFutex, KindPrctl} for _, k := range accepted { if isEnterRejected(k) { t.Errorf("kind %d should NOT be enter-rejected", k) diff --git a/internal/generate/kindregistry.go b/internal/generate/kindregistry.go index 03977a4..21cdd35 100644 --- a/internal/generate/kindregistry.go +++ b/internal/generate/kindregistry.go @@ -48,6 +48,7 @@ var kindRegistry = map[TracepointKind]kindMeta{ KindProc: {structName: "null_event", enterAccepted: true}, KindBpf: {structName: "null_event", enterAccepted: true}, KindFutex: {structName: "null_event", enterAccepted: true}, + KindPrctl: {structName: "null_event", enterAccepted: true}, // KindNone is intentionally absent: it represents "unclassified" and is // never enter-accepted. lookupKind returns the zero kindMeta (enterAccepted=false) // for any unregistered kind, so KindNone is implicitly rejected. diff --git a/internal/tracepoints/dimension_selector_test.go b/internal/tracepoints/dimension_selector_test.go index 2391ba3..4eb555b 100644 --- a/internal/tracepoints/dimension_selector_test.go +++ b/internal/tracepoints/dimension_selector_test.go @@ -186,6 +186,21 @@ func TestParseSelectorWithDimensionsFutexKindOnly(t *testing.T) { } } +func TestParseSelectorWithDimensionsPrctlKindOnly(t *testing.T) { + sel, err := ParseSelectorWithDimensions("", "", DimensionSelectorConfig{ + TraceKinds: "prctl", + }) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if !sel.ShouldAttach("sys_enter_prctl") { + t.Fatal("expected prctl to be attached for prctl kind") + } + if sel.ShouldAttach("sys_enter_openat") { + t.Fatal("expected openat to be excluded when only prctl kind is enabled") + } +} + func TestParseSelectorWithDimensionsSyscallOnly(t *testing.T) { sel, err := ParseSelectorWithDimensions("", "", DimensionSelectorConfig{ TraceSyscalls: "openat", diff --git a/internal/tracepoints/generated_tracepoints.go b/internal/tracepoints/generated_tracepoints.go index dca04ea..bd641dd 100644 --- a/internal/tracepoints/generated_tracepoints.go +++ b/internal/tracepoints/generated_tracepoints.go @@ -1329,7 +1329,7 @@ var syscallKinds = map[string]string{ "pkey_mprotect": "mem", "poll": "poll", "ppoll": "poll", - "prctl": "null", + "prctl": "prctl", "pread64": "fd", "preadv": "fd", "preadv2": "fd", @@ -1472,8 +1472,8 @@ var syscallKinds = map[string]string{ "vfork": "proc", "vhangup": "null", "vmsplice": "fd", - "wait4": "null", - "waitid": "null", + "wait4": "proc", + "waitid": "proc", "write": "fd", "writev": "fd", } |