From 7a2207e215dfde246f0e9c4e415eff962f4c044c Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 29 May 2026 22:43:38 +0300 Subject: test(dup2): lock in fd_event handler captures oldfd (args[0]) Audit of dup2(2) found the tracing implementation already correct and consistent with its dup/dup3 siblings: dup2 is KindFd (a plain fd_event), the enter handler captures ev->fd from args[0] (oldfd) per the KindFd convention, it is in the FS family, and its exit returns the new fd (newfd/-1) as a plain UNCLASSIFIED ret_event (never a byte-count transfer). Unlike dup3 it carries no flags and clears O_CLOEXEC on the duplicate, which the eventloop registerDup path already honors. No discrepancies were found, so add a lock-in test (matching prior audits) that asserts the generated BPF C for dup2 captures fd from args[0] (not args[1]/newfd), emits an fd_event (not a dup3_event), wires no flags, and classifies the exit UNCLASSIFIED. Adds FormatExitDup2 testdata to drive the exit handler assertions. Co-Authored-By: Claude Opus 4.8 --- internal/generate/testdata.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'internal/generate/testdata.go') diff --git a/internal/generate/testdata.go b/internal/generate/testdata.go index 0941f97..b8f8f17 100644 --- a/internal/generate/testdata.go +++ b/internal/generate/testdata.go @@ -493,6 +493,24 @@ format: print fmt: "oldfd: 0x%08lx, newfd: 0x%08lx", ((unsigned long)(REC->oldfd)), ((unsigned long)(REC->newfd)) ` +// FormatExitDup2 mirrors the kernel's sys_exit_dup2 tracepoint. Like dup/dup3, +// dup2 returns the new descriptor (newfd) on success or -1 on error; that fd +// number is reported as a plain ret_event (UNCLASSIFIED), never a byte-count +// transfer. +const FormatExitDup2 = `name: sys_exit_dup2 +ID: 919 +format: + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + + field:int __syscall_nr; offset:8; size:4; signed:1; + field:long ret; offset:16; size:8; signed:1; + +print fmt: "0x%lx", REC->ret +` + const FormatFcntl = `name: sys_enter_fcntl ID: 898 format: -- cgit v1.2.3