diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/eventloop_ipc_test.go | 41 | ||||
| -rw-r--r-- | internal/generate/classify_test.go | 35 | ||||
| -rw-r--r-- | internal/generate/codegen_test.go | 35 |
3 files changed, 111 insertions, 0 deletions
diff --git a/internal/eventloop_ipc_test.go b/internal/eventloop_ipc_test.go index 53b8be7..7557bdf 100644 --- a/internal/eventloop_ipc_test.go +++ b/internal/eventloop_ipc_test.go @@ -42,6 +42,47 @@ func TestHandlePipeExitTracksReturnedFds(t *testing.T) { verifyFileDescriptor(t, el, 53, "pipe:524288:52:53") } +// TestHandlePipeExitFailureTracksNoFds locks in the pipe(2) failure path: +// when the syscall returns -1 the kernel writes nothing into the output buffer, +// so the BPF exit handler leaves fd0/fd1 at -1 and the runtime must not register +// any descriptor. Tracking a bogus fd here would attribute later reads/writes to +// a pipe that was never created. +func TestHandlePipeExitFailureTracksNoFds(t *testing.T) { + el := mustNewEventLoop(t, eventLoopConfig{}) + + enter := &types.PipeEvent{ + EventType: types.ENTER_PIPE_EVENT, + TraceId: types.SYS_ENTER_PIPE, + Time: 100, + Pid: 72, + Tid: 73, + Flags: 0, + Fd0: -1, + Fd1: -1, + Ret: 0, + } + exit := &types.PipeEvent{ + EventType: types.EXIT_PIPE_EVENT, + TraceId: types.SYS_EXIT_PIPE, + Time: 200, + Pid: 72, + Tid: 73, + Flags: 0, + Fd0: -1, + Fd1: -1, + Ret: -1, + } + ep := &event.Pair{EnterEv: enter, ExitEv: exit} + + if ok := el.handlePipeExit(ep, enter); !ok { + t.Fatal("handlePipeExit returned false") + } + verifyFdNotTracked(t, el, -1) + if ep.File != nil { + t.Errorf("expected no file attached to failed pipe pair, got %q", ep.File.Name()) + } +} + func TestHandleEventfdExitTracksReturnedFd(t *testing.T) { el := mustNewEventLoop(t, eventLoopConfig{}) diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index 3aea4fe..514c2e8 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -890,6 +890,41 @@ func TestClassifyExitPipe2(t *testing.T) { } } +// TestClassifyPipeNotFd locks in that pipe(2) is NOT classified as KindFd. +// pipe's args[0] is an OUTPUT pointer to int[2] (the two created fds are written +// there by the kernel and are only valid AFTER the syscall returns), NOT an fd +// argument. Capturing args[0] as an fd would attribute the pipe to a bogus +// descriptor; pipe must use the pipe-specific KindPipe path that reads the fd +// pair from the userspace buffer at exit. Same pitfall as socketpair (task c00). +func TestClassifyPipeNotFd(t *testing.T) { + for _, name := range []string{"pipe", "pipe2"} { + r := classifyFromData(t, map[string]string{ + "pipe": FormatPipe, + "pipe2": FormatPipe2, + }[name]) + if r.Kind == KindFd { + t.Fatalf("%s classified as KindFd: args[0] is an output ptr, not an fd", name) + } + if r.Kind != KindPipe { + t.Errorf("%s: got kind %d, want KindPipe", name, r.Kind) + } + } +} + +// TestClassifyPipeUnclassifiedRet locks in that the pipe and pipe2 exit +// tracepoints stay UNCLASSIFIED. pipe(2)/pipe2(2) return int (0 on success, +// -1 on error) — a status code, NOT a transferred byte count. They must not be +// in retClassifications and must never map to READ/WRITE/TRANSFER, which would +// misreport phantom bytes. The created fds are surfaced via fd0/fd1 in the +// pipe_event, not via the return value. +func TestClassifyPipeUnclassifiedRet(t *testing.T) { + for _, name := range []string{"sys_exit_pipe", "sys_exit_pipe2"} { + if got := ClassifyRet(name); got != Unclassified { + t.Errorf("ClassifyRet(%s) = %q, want UNCLASSIFIED", name, got) + } + } +} + func TestClassifyEventfd(t *testing.T) { r := classifyFromData(t, FormatEventfd) if r.Kind != KindEventfd { diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index 58ed60c..9545447 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -1650,6 +1650,41 @@ func TestGeneratePipeHandler(t *testing.T) { requireContains(t, output, "ev->ret = ctx->ret;") } +// TestGeneratePipeHandlerExitReadsFdPair locks in the pipe-specific exit path: +// args[0] is an OUTPUT pointer to int[2], not an fd. The two created fds are +// only valid AFTER the syscall returns, so the exit handler must read them from +// the stashed userspace buffer with bpf_probe_read_user, guarded by ret == 0 +// (a failed pipe(2) leaves the buffer untouched). This mirrors the socketpair +// audit (task c00) pipe-like pattern. +func TestGeneratePipeHandlerExitReadsFdPair(t *testing.T) { + output := generateFromPair(t, FormatPipe2, FormatExitPipe2) + + // Exit reads the fd pair from the stashed output pointer only on success. + requireContains(t, output, "if (ctx->ret == 0 && pending->upipefd != 0) {") + requireContains(t, output, "int pipefd[2];") + requireContains(t, output, "bpf_probe_read_user(&pipefd, sizeof(pipefd), (void *)pending->upipefd)") + requireContains(t, output, "fd0 = (__s32)pipefd[0];") + requireContains(t, output, "fd1 = (__s32)pipefd[1];") + requireContains(t, output, "bpf_map_delete_elem(&pipe_ctx_map, &tid);") + requireContains(t, output, "ev->fd0 = fd0;") + requireContains(t, output, "ev->fd1 = fd1;") +} + +// TestGeneratePlainPipeHandlerZeroFlags locks in that the flag-less pipe(2) +// variant hardcodes flags = 0 and never reads args[1] (which does not exist for +// pipe; only pipe2 has a flags argument at args[1]). +func TestGeneratePlainPipeHandlerZeroFlags(t *testing.T) { + output := generateFromPair(t, FormatPipe, FormatExitPipe) + + requireContains(t, output, "struct pipe_event *ev") + requireContains(t, output, "ev->event_type = ENTER_PIPE_EVENT;") + requireContains(t, output, "pending.upipefd = ctx->args[0];") + requireContains(t, output, "pending.flags = 0;") + requireNotContains(t, output, "pending.flags = (__s32)ctx->args[1];") + requireContains(t, output, "SEC(\"tracepoint/syscalls/sys_exit_pipe\")") + requireContains(t, output, "ev->event_type = EXIT_PIPE_EVENT;") +} + func TestGenerateEventfdHandler(t *testing.T) { output := generateFromPair(t, FormatEventfd2, FormatExitEventfd2) |