From d29bdc79feb118dcbc27a4aa4a0bd14216b1664e Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 21 May 2026 18:02:16 +0300 Subject: o7 classify landlock add-rule and restrict-self as fd --- internal/c/generated_tracepoints.c | 14 ++++++++------ internal/c/generated_tracepoints_result.txt | 4 ++-- internal/generate/classify.go | 4 ++++ internal/generate/classify_test.go | 23 +++++++++++++++++++++++ internal/generate/codegen_test.go | 10 ++++++++++ internal/tracepoints/generated_tracepoints.go | 4 ++-- 6 files changed, 49 insertions(+), 10 deletions(-) diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index 06e486c..4a5bd60 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -2054,7 +2054,7 @@ int handle_sys_exit_landlock_create_ruleset(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_landlock_add_rule is a struct null_event (kind=null) +/// sys_enter_landlock_add_rule is a struct fd_event (kind=fd) SEC("tracepoint/syscalls/sys_enter_landlock_add_rule") int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -2064,15 +2064,16 @@ int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) { if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_ADD_RULE)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_LANDLOCK_ADD_RULE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; @@ -2104,7 +2105,7 @@ int handle_sys_exit_landlock_add_rule(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_landlock_restrict_self is a struct null_event (kind=null) +/// sys_enter_landlock_restrict_self is a struct fd_event (kind=fd) SEC("tracepoint/syscalls/sys_enter_landlock_restrict_self") int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -2114,15 +2115,16 @@ int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) { if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_RESTRICT_SELF)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_LANDLOCK_RESTRICT_SELF; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index 96caaaa..4d44867 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -134,9 +134,9 @@ sys_enter_kexec_file_load is a struct fd_event (kind=fd) sys_enter_kexec_load is a struct null_event (kind=null) sys_enter_keyctl is a struct keyctl_event (kind=keyctl) sys_enter_kill is a struct null_event (kind=null) -sys_enter_landlock_add_rule is a struct null_event (kind=null) +sys_enter_landlock_add_rule is a struct fd_event (kind=fd) sys_enter_landlock_create_ruleset is a struct eventfd_event (kind=eventfd) -sys_enter_landlock_restrict_self is a struct null_event (kind=null) +sys_enter_landlock_restrict_self is a struct fd_event (kind=fd) sys_enter_lchown is a struct path_event (kind=pathname) sys_enter_lgetxattr is a struct path_event (kind=pathname) sys_enter_link is a struct name_event (kind=name) diff --git a/internal/generate/classify.go b/internal/generate/classify.go index e42d4a0..5660eb1 100644 --- a/internal/generate/classify.go +++ b/internal/generate/classify.go @@ -257,6 +257,10 @@ func classifyNameOnly(name string) (ClassificationResult, bool) { return ClassificationResult{Kind: KindEventfd}, true case "sys_exit_landlock_create_ruleset": return ClassificationResult{Kind: KindEventfd}, true + case "sys_enter_landlock_add_rule": + return ClassificationResult{Kind: KindFd}, true + case "sys_enter_landlock_restrict_self": + return ClassificationResult{Kind: KindFd}, true case "sys_enter_fsopen": return ClassificationResult{Kind: KindEventfd}, true case "sys_exit_fsopen": diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index ae77fb0..ece25c6 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -887,6 +887,27 @@ func TestClassifyM7NameOnlyKinds(t *testing.T) { } } +func TestClassifyO7NameOnlyKinds(t *testing.T) { + tests := []string{ + "sys_enter_landlock_add_rule", + "sys_enter_landlock_restrict_self", + } + for _, name := range tests { + t.Run(name, func(t *testing.T) { + r := ClassifyFormat(&Format{ + Name: name, + ExternalFields: []Field{ + {Type: "long", Name: "__syscall_nr"}, + {Type: "long", Name: "arg0"}, + }, + }) + if r.Kind != KindFd { + t.Fatalf("%s: got kind %d, want KindFd", name, r.Kind) + } + }) + } +} + func TestClassify67NameOnlyKinds(t *testing.T) { tests := []struct { name string @@ -1333,6 +1354,8 @@ func TestClassifySyscallPairAccepted(t *testing.T) { {"inotify_init1", syntheticEnter("inotify_init1", 9346), syntheticExit("inotify_init1", 9345), KindEventfd}, {"fanotify_init", syntheticEnter("fanotify_init", 9348), syntheticExit("fanotify_init", 9347), KindEventfd}, {"landlock_create_ruleset", syntheticEnter("landlock_create_ruleset", 9350), syntheticExit("landlock_create_ruleset", 9349), KindEventfd}, + {"landlock_add_rule", syntheticEnter("landlock_add_rule", 9418), syntheticExit("landlock_add_rule", 9417), KindFd}, + {"landlock_restrict_self", syntheticEnter("landlock_restrict_self", 9420), syntheticExit("landlock_restrict_self", 9419), KindFd}, {"fsopen", syntheticEnter("fsopen", 9352), syntheticExit("fsopen", 9351), KindEventfd}, {"pidfd_open", syntheticEnter("pidfd_open", 9320), syntheticExit("pidfd_open", 9319), KindPidfd}, {"pidfd_send_signal", syntheticEnter("pidfd_send_signal", 9322), syntheticExit("pidfd_send_signal", 9321), KindFd}, diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index f469b6c..f44e456 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -43,6 +43,16 @@ func TestGenerateProcessMadviseHandlerUsesFirstArgumentAsFd(t *testing.T) { requireContains(t, output, "ev->fd = (__s32)ctx->args[0];") } +func TestGenerateLandlockAddRuleHandlerUsesFirstArgumentAsFd(t *testing.T) { + output := GenerateTracepointsC(mustParseAll(t, syntheticPair("landlock_add_rule"))) + + requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_landlock_add_rule")`) + requireContains(t, output, "struct fd_event *ev") + requireContains(t, output, "ev->event_type = ENTER_FD_EVENT;") + requireContains(t, output, "ev->trace_id = SYS_ENTER_LANDLOCK_ADD_RULE;") + requireContains(t, output, "ev->fd = (__s32)ctx->args[0];") +} + func TestGenerateOpenHandler(t *testing.T) { output := generateFromPair(t, FormatOpenat, FormatExitOpenat) diff --git a/internal/tracepoints/generated_tracepoints.go b/internal/tracepoints/generated_tracepoints.go index f9b756e..fd3ac75 100644 --- a/internal/tracepoints/generated_tracepoints.go +++ b/internal/tracepoints/generated_tracepoints.go @@ -1245,9 +1245,9 @@ var syscallKinds = map[string]string{ "kexec_load": "null", "keyctl": "keyctl", "kill": "null", - "landlock_add_rule": "null", + "landlock_add_rule": "fd", "landlock_create_ruleset": "eventfd", - "landlock_restrict_self": "null", + "landlock_restrict_self": "fd", "lchown": "pathname", "lgetxattr": "pathname", "link": "name", -- cgit v1.2.3