From 92ca9482e44432b85ce09ebdd8a1b4d199b1c77b Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 6 Jun 2026 10:05:22 +0300 Subject: test: add end-to-end coverage for getrandom (READ byte count) and flock (KindFd) Two previously-untested syscalls now have integration coverage: - getrandom (Security family, READ_CLASSIFIED): new security-getrandom scenario fills a 32-byte buffer via unix.Getrandom, looping past any signal-interrupted short reads so the cumulative byte count is strictly positive. TestSecurityGetrandom asserts enter_getrandom MinCount>=1, bytes>=1 (locking in the READ byte-count classification end-to-end), and a positive duration. - flock (FamilyFS, KindFd@args[0], UNCLASSIFIED): new flock-basic scenario opens a temp file, takes LOCK_EX then LOCK_UN via syscall.Flock, and closes it. TestFlockBasic asserts enter_flock with PathContains the temp filename, confirming the fd resolves to the file path via the procfd cache. Both scenarios use raw unix/syscall calls so the exact sys_enter tracepoints fire, and are registered in cmd/ioworkload/scenarios.go. Co-Authored-By: Claude Opus 4.8 --- integrationtests/flock_test.go | 22 ++++++++++++++++++++++ integrationtests/security_test.go | 23 +++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 integrationtests/flock_test.go (limited to 'integrationtests') diff --git a/integrationtests/flock_test.go b/integrationtests/flock_test.go new file mode 100644 index 0000000..667f0fb --- /dev/null +++ b/integrationtests/flock_test.go @@ -0,0 +1,22 @@ +package integrationtests + +import "testing" + +// TestFlockBasic asserts end-to-end tracing of the FamilyFS flock syscall. The +// flock-basic scenario opens a temp file, takes an exclusive advisory lock +// (LOCK_EX) and releases it (LOCK_UN), then closes the file. +// +// flock is captured as KindFd at args[0]; ior resolves that fd to the +// underlying file path via the procfd cache, so the enter_flock record carries +// the temp filename. Its return value is UNCLASSIFIED, so we only assert the +// enter path (path + count), not a byte total. +func TestFlockBasic(t *testing.T) { + runScenario(t, "flock-basic", []ExpectedEvent{ + { + PathContains: "flockfile.txt", + Tracepoint: "enter_flock", + Comm: "ioworkload", + MinCount: 1, + }, + }) +} diff --git a/integrationtests/security_test.go b/integrationtests/security_test.go index 8d41691..f4d38ea 100644 --- a/integrationtests/security_test.go +++ b/integrationtests/security_test.go @@ -62,6 +62,29 @@ func TestSecurityKeysPtracePerf(t *testing.T) { } } +var getrandomTraceArgs = []string{"-trace-syscalls", "getrandom"} + +// TestSecurityGetrandom asserts end-to-end tracing of the getrandom syscall +// (Security family, READ_CLASSIFIED). The security-getrandom scenario fills a +// 32-byte buffer via unix.Getrandom, looping until the full buffer is filled. +// +// getrandom reports the number of random bytes written into buf as its return +// value, which ior records as the exit byte count. The scenario loops past any +// signal-interrupted short reads, so the cumulative byte count is strictly +// positive; we assert bytes>=1 (the per-call count can be split across reads, +// so a conservative >=1 minimum is the safe invariant) plus a positive +// duration. The enter tracepoint is null-kind (no fd/path dimension), so only +// the READ byte-count classification is locked in here. +func TestSecurityGetrandom(t *testing.T) { + result, _ := runScenarioResultWithIorArgs(t, "security-getrandom", []ExpectedEvent{ + {Tracepoint: "enter_getrandom", Comm: "ioworkload", MinCount: 1}, + }, getrandomTraceArgs) + + exp := ExpectedEvent{Tracepoint: "enter_getrandom", Comm: "ioworkload"} + assertEventBytesAtLeast(t, result, exp, 1) + assertEventDurationPositive(t, result, exp) +} + var landlockTraceArgs = []string{"-trace-syscalls", "landlock_create_ruleset,landlock_add_rule,close"} // TestSecurityLandlockCreateRuleset asserts end-to-end tracing of the -- cgit v1.2.3