From fa7ab433b424d68e62612961d0128fbdaea3d64d Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sat, 30 May 2026 21:59:43 +0300 Subject: test(dup): lock in fd_event handler captures oldfd (args[0]) Audit of dup(2) found the tracing implementation already correct and consistent with its dup2/dup3 siblings: dup(int oldfd) takes a single fd argument (the sys_enter_dup tracepoint exposes it as field "fildes", unsigned int, at args[0]). It is classified KindFd (a plain fd_event), the enter handler captures ev->fd from args[0] per the KindFd convention, it is in the FS family (fd grouping), and its exit returns the new (lowest-numbered unused) descriptor or -1 as a plain UNCLASSIFIED ret_event (never a byte-count transfer). Like dup2, dup carries no flags and clears FD_CLOEXEC on the duplicate; the eventloop registerDup path registers the returned newfd onto the same underlying file with flags=0, which it already honors (applyFdTransferOp handles SYS_ENTER_DUP). Docs (FS, fd) and the drift tests are in sync; existing coverage already includes TestClassifyDup, the makeFdDupTestData full-lifecycle eventloop test, and integration TestDupBasic/TestDupInvalidFd. No discrepancies were found, so add a lock-in test (matching the dup2 audit) asserting the generated BPF C for dup captures fd from args[0] (not args[1]), emits an fd_event (not a dup3_event), wires no flags, and classifies the exit UNCLASSIFIED. Adds FormatExitDup testdata to drive the exit handler assertions. Co-Authored-By: Claude Opus 4.8 --- internal/generate/codegen_test.go | 44 +++++++++++++++++++++++++++++++++++++++ internal/generate/testdata.go | 18 ++++++++++++++++ 2 files changed, 62 insertions(+) (limited to 'internal/generate') diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index 818a2d2..2993900 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -1404,6 +1404,50 @@ func TestGenerateDup2Handler(t *testing.T) { requireContains(t, output, "ev->ret_type = UNCLASSIFIED;") } +// TestGenerateDupHandler locks in the generated BPF C for dup(2): +// +// int dup(int oldfd) +// +// dup duplicates oldfd and returns the lowest-numbered unused descriptor on +// success, or -1 on error. Its single argument is captured by the tracepoint as +// the "fildes" field at args[0]. dup is classified KindFd (a plain fd_event), +// so the enter handler must capture ev->fd from args[0] (oldfd/fildes) — the +// SAME convention as dup2 (args[0]=oldfd) and dup3 (args[0]=oldfd). dup has no +// newfd and no flags arguments, so the handler must emit a struct fd_event (not +// a dup3_event) and must NOT wire any flags or read args[1]/args[2]. The exit +// returns the new fd number as a plain ret_event (UNCLASSIFIED), exactly like +// dup2/dup3/open — never a byte-count transfer. The eventloop registerDup path +// registers the returned newfd onto the same underlying file with flags=0, +// since plain dup always clears FD_CLOEXEC on the duplicate. +func TestGenerateDupHandler(t *testing.T) { + output := generateFromPair(t, FormatDup, FormatExitDup) + + requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_dup")`) + requireContains(t, output, "struct fd_event *ev") + requireContains(t, output, "ev->event_type = ENTER_FD_EVENT;") + requireContains(t, output, "ev->trace_id = SYS_ENTER_DUP;") + // fd must come from oldfd/fildes (args[0]); dup has no other args. + requireContains(t, output, "ev->fd = (__s32)ctx->args[0];") + if strings.Contains(output, "ev->fd = (__s32)ctx->args[1];") { + t.Error("dup must capture fd from args[0] (fildes/oldfd), not args[1]") + } + // dup is a plain fd_event: it must not be promoted to a dup3_event and must + // not capture any flags (dup has no flags arg and always clears FD_CLOEXEC). + if strings.Contains(output, "struct dup3_event *ev") && + strings.Contains(output, `SEC("tracepoint/syscalls/sys_enter_dup")`) { + t.Error("dup must be KindFd (fd_event), not KindDup3 (dup3_event)") + } + if strings.Contains(output, "ev->flags") && + strings.Contains(output, `int handle_sys_enter_dup`) { + t.Error("dup handler must not capture any flags (dup has no flags arg)") + } + // The exit handler returns the new fd number generically as the raw status, + // classified UNCLASSIFIED — not a read/write/transfer byte count. + requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_dup")`) + requireContains(t, output, "struct ret_event *ev") + requireContains(t, output, "ev->ret_type = UNCLASSIFIED;") +} + func TestGenerateOpenByHandleAtHandler(t *testing.T) { output := generateFromPair(t, FormatOpenByHandleAt, FormatExitOpenByHandleAt) diff --git a/internal/generate/testdata.go b/internal/generate/testdata.go index 0d57029..6d6b6aa 100644 --- a/internal/generate/testdata.go +++ b/internal/generate/testdata.go @@ -540,6 +540,24 @@ format: print fmt: "fildes: 0x%08lx", ((unsigned long)(REC->fildes)) ` +// FormatExitDup mirrors the kernel's sys_exit_dup tracepoint. dup() returns the +// new (lowest-numbered unused) descriptor on success or -1 on error; that fd +// number is reported as a plain ret_event (UNCLASSIFIED), never a byte-count +// transfer, exactly like dup2/dup3. +const FormatExitDup = `name: sys_exit_dup +ID: 924 +format: + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + + field:int __syscall_nr; offset:8; size:4; signed:1; + field:long ret; offset:16; size:8; signed:1; + +print fmt: "0x%lx", REC->ret +` + const FormatDup2 = `name: sys_enter_dup2 ID: 920 format: -- cgit v1.2.3