| Age | Commit message (Collapse) | Author |
|---|
|
pidfd_send_signal (FamilyIPC, KindFd@arg0) and fadvise64 (KindFd,
UNCLASSIFIED fd-based hint) previously had no end-to-end integration
coverage despite correct classification/tracing.
pidfd_send_signal: add a pidfd-send-signal ioworkload scenario that
opens a pidfd for the current process and issues a sig-0 liveness probe
(delivers nothing, safe to target self) via syscall.Syscall6 with the
per-arch nr 424. TestPidfdSendSignal asserts enter_pidfd_send_signal is
captured; pidfd_send_signal added to the pidfd -trace-syscalls list.
fadvise64: add readwrite-fadvise64 and readwrite-fadvise64-ebadf
scenarios using unix.Fadvise(fd, 0, 0, FADV_NORMAL), mirroring the
readahead tests. TestReadwriteFadvise64 asserts enter_fadvise64 with
Bytes==0 (UNCLASSIFIED: offset/len are hints, not bytes transferred) and
positive duration; the ebadf variant asserts enter capture with Bytes==0
on the failing call.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
cachestat(2) had no integration coverage. Add a readwrite-cachestat
ioworkload scenario and TestReadwriteCachestat mirroring the readahead
precedent: open a temp file, write data to populate the page cache, then
issue cachestat via a raw syscall (no glibc/unix wrapper) with a whole-file
cachestat_range and zeroed cachestat output buffer, flags=0. ENOSYS on
kernels < 6.5 is tolerated for portability.
The test asserts enter_cachestat is captured with the fd-resolved file
path, that the UNCLASSIFIED return attributes zero bytes, and that the
syscall duration is positive. golang.org/x/sys is promoted to a direct
dependency. Verified PASS under sudo on kernel 7.0.9.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
Add write-side positional vectored coverage to close the remaining gap
in the pwrite64-family byte-accounting validation. The retbytes/readwrite
integration suite already exercised pwrite64 (scalar) and the read-side
preadv/preadv2, but the WRITE_CLASSIFIED byte attribution for the
vectored positional writes pwritev/pwritev2 was only covered by unit
tests, not end-to-end.
New ioworkload scenarios:
- readwrite-pwritev: issues pwritev (syscall.SYS_PWRITEV) writing a known
two-iovec payload at offset 0 to a temp file.
- readwrite-pwritev2: issues pwritev2 via the explicit syscall number
(328 amd64 / 287 arm64, mirroring preadv2SyscallNr) with offset 0 and
no flags.
New integration tests assert enter_pwritev/enter_pwritev2 fired and that
the attributed retbytes equal the exact iovec total, validating
WRITE_CLASSIFIED end-to-end. Both pass as root.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
readahead(2) was traced (KindFd enter fd_event from args[0], UNCLASSIFIED
exit ret_event) but had no integration or ioworkload scenario coverage,
unlike its sibling sync_file_range. Add readwrite-readahead and
readwrite-readahead-ebadf scenarios plus TestReadwriteReadahead /
TestReadwriteReadaheadEbadf, asserting enter_readahead capture with path
attribution, zero attributed bytes (readahead returns 0/-1, not a byte
count, so it is correctly UNCLASSIFIED), and positive end-to-end duration.
No classification change: inspection confirms KindFd / UNCLASSIFIED is
correct per man 2 readahead; bytesFromRet returns 0 for UNCLASSIFIED so
the 0/-1 return is never misattributed as bytes.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
The retbytes integration coverage exercised read/write/sendto/etc but the
positional read p-variants only had presence assertions (pread64) or no
coverage at all (preadv/preadv2), so their READ_CLASSIFIED byte accounting
was validated only by unit tests, not end-to-end.
Add a positive byte-count assertion to TestReadwritePread and new
readwrite-preadv / readwrite-preadv2 workload scenarios plus integration
tests that read a known payload and assert the attributed byte count,
mirroring the existing pwrite64 assertion. preadv2 lacks a Go
syscall.SYS_PREADV2 constant, so its number is provided per-GOARCH
(amd64=327, arm64=286) following the securitySyscallNumbers pattern.
Addresses the read side of b20.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
|
|
|
|
|
|
|
|
|
Add four negative scenarios that verify ior captures tracepoints even
when syscalls fail:
- readwrite-wronly-read: read from O_WRONLY fd (EBADF)
- readwrite-rdonly-write: write to O_RDONLY fd (EBADF)
- readwrite-pread-invalid: pread64 with negative offset (EINVAL)
- readwrite-pwrite-invalid: pwrite64 with negative offset (EINVAL)
Amp-Thread-ID: https://ampcode.com/threads/T-019c818c-ec91-7673-a5ba-e9b2ba53379b
Co-authored-by: Amp <amp@ampcode.com>
|
|
|
