summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--internal/c/generated_tracepoints.c2
-rw-r--r--internal/generate/bpfhandler.go8
-rw-r--r--internal/generate/codegen_test.go11
3 files changed, 20 insertions, 1 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 58c993f..479e926 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -9049,7 +9049,7 @@ int handle_sys_enter_execveat(struct syscall_trace_enter *ctx) {
__builtin_memset(&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm));
bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[1]);
bpf_get_current_comm(&ev->comm, sizeof(ev->comm));
- ev->dirfd = -1;
+ ev->dirfd = (__s32)ctx->args[0];
ev->flags = (__s32)ctx->args[4];
bpf_ringbuf_submit(ev, 0);
diff --git a/internal/generate/bpfhandler.go b/internal/generate/bpfhandler.go
index 5489d88..9365c52 100644
--- a/internal/generate/bpfhandler.go
+++ b/internal/generate/bpfhandler.go
@@ -151,6 +151,12 @@ func generateExtraMqOpen(f *Format) string {
func generateExtraExec(f *Format) string {
filenameIdx := f.FieldNumber("filename")
dirfdIdx := f.FieldNumber("dfd")
+ if dirfdIdx < 0 {
+ dirfdIdx = f.FieldNumber("fd")
+ }
+ if dirfdIdx < 0 {
+ dirfdIdx = f.FieldNumber("dirfd")
+ }
flagsIdx := f.FieldNumber("flags")
if filenameIdx < 0 {
filenameIdx = 0
@@ -161,6 +167,8 @@ func generateExtraExec(f *Format) string {
b.WriteString(" bpf_get_current_comm(&ev->comm, sizeof(ev->comm));\n")
if dirfdIdx > -1 {
fmt.Fprintf(&b, " ev->dirfd = (__s32)ctx->args[%d];\n", dirfdIdx)
+ } else if f.Name == "sys_enter_execveat" {
+ b.WriteString(" ev->dirfd = (__s32)ctx->args[0];\n")
} else {
b.WriteString(" ev->dirfd = -1;\n")
}
diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go
index 95ced4d..c653ad0 100644
--- a/internal/generate/codegen_test.go
+++ b/internal/generate/codegen_test.go
@@ -75,6 +75,17 @@ func TestGenerateExecHandler(t *testing.T) {
requireContains(t, output, "ev->flags = (__s32)ctx->args[4];")
}
+func TestGenerateExecHandlerDirfdFallbackForExecveat(t *testing.T) {
+ enter := strings.ReplaceAll(FormatExecveat, "dfd", "fd")
+ output := generateFromPair(t, enter, FormatExitExecveat)
+
+ requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_execveat")`)
+ requireContains(t, output, "ev->dirfd = (__s32)ctx->args[0];")
+ if strings.Contains(output, "ev->dirfd = -1;") {
+ t.Fatal("execveat handler unexpectedly falls back to ev->dirfd = -1")
+ }
+}
+
func TestGenerateOpenat2Handler(t *testing.T) {
f := mustParseOne(t, FormatOpenat2)
r := ClassifyFormat(&f)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 13:31:46 +0000