From c58aa139f5e7252aefb1bcacb5fa8b9ea8cdcdef Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Thu, 21 May 2026 11:39:18 +0300
Subject: n7 classify pidfd and misc tail syscalls

---
 internal/generate/bpfhandler.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'internal/generate/bpfhandler.go')

diff --git a/internal/generate/bpfhandler.go b/internal/generate/bpfhandler.go
index ee56f17..85377f1 100644
--- a/internal/generate/bpfhandler.go
+++ b/internal/generate/bpfhandler.go
@@ -91,6 +91,8 @@ func generateExtra(tp GeneratedTracepoint, isEnter bool) string {
 		return generateExtraPipe(f, isEnter)
 	case KindEventfd:
 		return generateExtraEventfd(f, isEnter)
+	case KindPidfd:
+		return generateExtraEventfd(f, isEnter)
 	case KindEpollCtl:
 		return generateExtraEpollCtl()
 	case KindTwoFd:
@@ -272,6 +274,8 @@ func generateExtraEventfd(f *Format, isEnter bool) string {
 			flagsExpr = "(__s32)ctx->args[3]"
 		case "sys_enter_timerfd_create":
 			flagsExpr = "(__s32)ctx->args[1]"
+		case "sys_enter_pidfd_open":
+			flagsExpr = "(__s32)ctx->args[0]"
 		case "sys_enter_fsmount":
 			flagsExpr = "(__s32)ctx->args[1]"
 		case "sys_enter_fsopen":
@@ -290,6 +294,8 @@ func generateExtraTwoFd(name string) string {
 	switch name {
 	case "sys_enter_move_mount":
 		return "    ev->fd_a = (__s32)ctx->args[0];\n    ev->fd_b = (__s32)ctx->args[2];\n    ev->extra = (__u64)ctx->args[4];\n"
+	case "sys_enter_kcmp":
+		return "    ev->fd_a = (__s32)ctx->args[3];\n    ev->fd_b = (__s32)ctx->args[4];\n    ev->extra = (__u64)ctx->args[2];\n"
 	default:
 		return "    ev->fd_a = (__s32)ctx->args[0];\n    ev->fd_b = (__s32)ctx->args[1];\n    ev->extra = (__u64)ctx->args[2];\n"
 	}
-- 
cgit v1.2.3