From fa7ab433b424d68e62612961d0128fbdaea3d64d Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 30 May 2026 21:59:43 +0300 Subject: test(dup): lock in fd_event handler captures oldfd (args[0]) Audit of dup(2) found the tracing implementation already correct and consistent with its dup2/dup3 siblings: dup(int oldfd) takes a single fd argument (the sys_enter_dup tracepoint exposes it as field "fildes", unsigned int, at args[0]). It is classified KindFd (a plain fd_event), the enter handler captures ev->fd from args[0] per the KindFd convention, it is in the FS family (fd grouping), and its exit returns the new (lowest-numbered unused) descriptor or -1 as a plain UNCLASSIFIED ret_event (never a byte-count transfer). Like dup2, dup carries no flags and clears FD_CLOEXEC on the duplicate; the eventloop registerDup path registers the returned newfd onto the same underlying file with flags=0, which it already honors (applyFdTransferOp handles SYS_ENTER_DUP). Docs (FS, fd) and the drift tests are in sync; existing coverage already includes TestClassifyDup, the makeFdDupTestData full-lifecycle eventloop test, and integration TestDupBasic/TestDupInvalidFd. No discrepancies were found, so add a lock-in test (matching the dup2 audit) asserting the generated BPF C for dup captures fd from args[0] (not args[1]), emits an fd_event (not a dup3_event), wires no flags, and classifies the exit UNCLASSIFIED. Adds FormatExitDup testdata to drive the exit handler assertions. Co-Authored-By: Claude Opus 4.8 --- internal/generate/testdata.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'internal/generate/testdata.go') diff --git a/internal/generate/testdata.go b/internal/generate/testdata.go index 0d57029..6d6b6aa 100644 --- a/internal/generate/testdata.go +++ b/internal/generate/testdata.go @@ -540,6 +540,24 @@ format: print fmt: "fildes: 0x%08lx", ((unsigned long)(REC->fildes)) ` +// FormatExitDup mirrors the kernel's sys_exit_dup tracepoint. dup() returns the +// new (lowest-numbered unused) descriptor on success or -1 on error; that fd +// number is reported as a plain ret_event (UNCLASSIFIED), never a byte-count +// transfer, exactly like dup2/dup3. +const FormatExitDup = `name: sys_exit_dup +ID: 924 +format: + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + + field:int __syscall_nr; offset:8; size:4; signed:1; + field:long ret; offset:16; size:8; signed:1; + +print fmt: "0x%lx", REC->ret +` + const FormatDup2 = `name: sys_enter_dup2 ID: 920 format: -- cgit v1.2.3