From 7a2207e215dfde246f0e9c4e415eff962f4c044c Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 29 May 2026 22:43:38 +0300 Subject: test(dup2): lock in fd_event handler captures oldfd (args[0]) Audit of dup2(2) found the tracing implementation already correct and consistent with its dup/dup3 siblings: dup2 is KindFd (a plain fd_event), the enter handler captures ev->fd from args[0] (oldfd) per the KindFd convention, it is in the FS family, and its exit returns the new fd (newfd/-1) as a plain UNCLASSIFIED ret_event (never a byte-count transfer). Unlike dup3 it carries no flags and clears O_CLOEXEC on the duplicate, which the eventloop registerDup path already honors. No discrepancies were found, so add a lock-in test (matching prior audits) that asserts the generated BPF C for dup2 captures fd from args[0] (not args[1]/newfd), emits an fd_event (not a dup3_event), wires no flags, and classifies the exit UNCLASSIFIED. Adds FormatExitDup2 testdata to drive the exit handler assertions. Co-Authored-By: Claude Opus 4.8 --- internal/generate/codegen_test.go | 42 +++++++++++++++++++++++++++++++++++++++ internal/generate/testdata.go | 18 +++++++++++++++++ 2 files changed, 60 insertions(+) (limited to 'internal/generate') diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index de64e3c..5179fee 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -991,6 +991,48 @@ func TestGenerateDup3Handler(t *testing.T) { requireContains(t, output, "ev->flags = (__s32)ctx->args[2];") } +// TestGenerateDup2Handler locks in the generated BPF C for dup2(2): +// +// int dup2(int oldfd, int newfd) +// +// dup2 duplicates oldfd onto newfd and returns the new descriptor (newfd) on +// success, or -1 on error. It is classified KindFd (a plain fd_event), so the +// enter handler must capture ev->fd from args[0] (oldfd) — the SAME convention +// as dup (args[0]=fildes) and dup3 (args[0]=oldfd). Unlike dup3, dup2 carries +// NO flags (it always clears FD_CLOEXEC on the duplicate), so the dup2 handler +// must emit a struct fd_event (not a dup3_event) and must NOT wire any flags or +// read args[1] (newfd) / args[2]. The exit returns the new fd number as a plain +// ret_event (UNCLASSIFIED), exactly like dup/dup3/open — never a byte-count +// transfer. +func TestGenerateDup2Handler(t *testing.T) { + output := generateFromPair(t, FormatDup2, FormatExitDup2) + + requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_dup2")`) + requireContains(t, output, "struct fd_event *ev") + requireContains(t, output, "ev->event_type = ENTER_FD_EVENT;") + requireContains(t, output, "ev->trace_id = SYS_ENTER_DUP2;") + // fd must come from oldfd (args[0]), never newfd (args[1]). + requireContains(t, output, "ev->fd = (__s32)ctx->args[0];") + if strings.Contains(output, "ev->fd = (__s32)ctx->args[1];") { + t.Error("dup2 must capture fd from args[0] (oldfd), not args[1] (newfd)") + } + // dup2 is a plain fd_event: it must not be promoted to a dup3_event and must + // not capture any flags (it always clears FD_CLOEXEC on the duplicate). + if strings.Contains(output, "struct dup3_event *ev") && + strings.Contains(output, `SEC("tracepoint/syscalls/sys_enter_dup2")`) { + t.Error("dup2 must be KindFd (fd_event), not KindDup3 (dup3_event)") + } + if strings.Contains(output, "ev->flags") && + strings.Contains(output, `int handle_sys_enter_dup2`) { + t.Error("dup2 handler must not capture any flags (dup2 has no flags arg)") + } + // The exit handler returns the new fd number generically as the raw status, + // classified UNCLASSIFIED — not a read/write/transfer byte count. + requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_dup2")`) + requireContains(t, output, "struct ret_event *ev") + requireContains(t, output, "ev->ret_type = UNCLASSIFIED;") +} + func TestGenerateOpenByHandleAtHandler(t *testing.T) { output := generateFromPair(t, FormatOpenByHandleAt, FormatExitOpenByHandleAt) diff --git a/internal/generate/testdata.go b/internal/generate/testdata.go index 0941f97..b8f8f17 100644 --- a/internal/generate/testdata.go +++ b/internal/generate/testdata.go @@ -493,6 +493,24 @@ format: print fmt: "oldfd: 0x%08lx, newfd: 0x%08lx", ((unsigned long)(REC->oldfd)), ((unsigned long)(REC->newfd)) ` +// FormatExitDup2 mirrors the kernel's sys_exit_dup2 tracepoint. Like dup/dup3, +// dup2 returns the new descriptor (newfd) on success or -1 on error; that fd +// number is reported as a plain ret_event (UNCLASSIFIED), never a byte-count +// transfer. +const FormatExitDup2 = `name: sys_exit_dup2 +ID: 919 +format: + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + + field:int __syscall_nr; offset:8; size:4; signed:1; + field:long ret; offset:16; size:8; signed:1; + +print fmt: "0x%lx", REC->ret +` + const FormatFcntl = `name: sys_enter_fcntl ID: 898 format: -- cgit v1.2.3