From 4cd2c4e818a1438bf63d1ca05a6cf134f39bc06b Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sun, 22 Feb 2026 22:31:35 +0200
Subject: Add copy_file_range support and tracepoint attach tests

---
 internal/c/generated_tracepoints.c          | 48 ++++++++++++++++++++++++++++-
 internal/c/generated_tracepoints_result.txt |  3 +-
 2 files changed, 49 insertions(+), 2 deletions(-)

(limited to 'internal/c')

diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 72cb070..9f62fd8 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -20,7 +20,6 @@
 /// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
 /// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
 /// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
-/// Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
 /// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
 /// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
 /// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
@@ -423,6 +422,8 @@
 #define SYS_EXIT_PWRITEV 827
 #define SYS_ENTER_PWRITEV2 826
 #define SYS_EXIT_PWRITEV2 825
+#define SYS_ENTER_COPY_FILE_RANGE 822
+#define SYS_EXIT_COPY_FILE_RANGE 821
 #define SYS_ENTER_TRUNCATE 820
 #define SYS_EXIT_TRUNCATE 819
 #define SYS_ENTER_FTRUNCATE 818
@@ -4354,6 +4355,51 @@ int handle_sys_exit_pwritev2(struct trace_event_raw_sys_exit *ctx) {
     return 0;
 }
 
+/// sys_enter_copy_file_range is a struct fd_event
+SEC("tracepoint/syscalls/sys_enter_copy_file_range")
+int handle_sys_enter_copy_file_range(struct trace_event_raw_sys_enter *ctx) {
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
+        return 0;
+
+    struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
+    if (!ev)
+        return 0;
+
+    ev->event_type = ENTER_FD_EVENT;
+    ev->trace_id = SYS_ENTER_COPY_FILE_RANGE;
+    ev->pid = pid;
+    ev->tid = tid;
+    ev->time = bpf_ktime_get_boot_ns();
+    ev->fd = (__s32)ctx->args[0];
+
+    bpf_ringbuf_submit(ev, 0);
+    return 0;
+}
+
+/// sys_exit_copy_file_range is a struct ret_event (TRANSFER_CLASSIFIED)
+SEC("tracepoint/syscalls/sys_exit_copy_file_range")
+int handle_sys_exit_copy_file_range(struct trace_event_raw_sys_exit *ctx) {
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
+        return 0;
+
+    struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+    if (!ev)
+        return 0;
+
+    ev->event_type = EXIT_RET_EVENT;
+    ev->trace_id = SYS_EXIT_COPY_FILE_RANGE;
+    ev->pid = pid;
+    ev->tid = tid;
+    ev->time = bpf_ktime_get_boot_ns();
+    ev->ret = ctx->ret;
+    ev->ret_type = TRANSFER_CLASSIFIED;
+
+    bpf_ringbuf_submit(ev, 0);
+    return 0;
+}
+
 /// sys_enter_truncate is a struct path_event
 SEC("tracepoint/syscalls/sys_enter_truncate")
 int handle_sys_enter_truncate(struct trace_event_raw_sys_enter *ctx) {
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index 357d279..e3fdd55 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -18,7 +18,6 @@ Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O
 Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
 Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
 Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
-Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
 Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
 Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
 Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
@@ -258,6 +257,7 @@ sys_enter_chown is a struct path_event
 sys_enter_chroot is a struct path_event
 sys_enter_close is a struct fd_event
 sys_enter_close_range is a struct fd_event
+sys_enter_copy_file_range is a struct fd_event
 sys_enter_creat is a struct path_event
 sys_enter_dup is a struct fd_event
 sys_enter_dup2 is a struct fd_event
@@ -372,6 +372,7 @@ sys_exit_chown is a struct ret_event (UNCLASSIFIED)
 sys_exit_chroot is a struct ret_event (UNCLASSIFIED)
 sys_exit_close is a struct ret_event (UNCLASSIFIED)
 sys_exit_close_range is a struct ret_event (UNCLASSIFIED)
+sys_exit_copy_file_range is a struct ret_event (TRANSFER_CLASSIFIED)
 sys_exit_creat is a struct ret_event (UNCLASSIFIED)
 sys_exit_dup is a struct ret_event (UNCLASSIFIED)
 sys_exit_dup2 is a struct ret_event (UNCLASSIFIED)
-- 
cgit v1.2.3