From 1f9639a256a4eae3b5ea133976beb1ead7fe39ab Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sat, 2 Mar 2024 00:17:31 +0200
Subject: detect loss of event when exit/enter tracepoints dont match up

---
 internal/c/tracepoints/open.c     |  8 ++++----
 internal/event.go                 |  4 ++--
 internal/eventloop.go             | 12 ++++++++++--
 internal/generated/nqc.raku       |  4 ++--
 internal/generated/types/types.go | 24 ++++++++++++------------
 5 files changed, 30 insertions(+), 22 deletions(-)

(limited to 'internal')

diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c
index 4289f1c..ef57d90 100644
--- a/internal/c/tracepoints/open.c
+++ b/internal/c/tracepoints/open.c
@@ -1,9 +1,9 @@
 //+build ignore
 
-#define SYS_ENTER_OPEN 1
-#define SYS_EXIT_OPEN 2
-#define SYS_ENTER_OPENAT 3
-#define SYS_EXIT_OPENAT 4
+#define SYS_EXIT_OPEN 1
+#define SYS_ENTER_OPEN 2
+#define SYS_EXIT_OPENAT 3
+#define SYS_ENTER_OPENAT 4
 
 static __always_inline int _handle_sys_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 syscall_id) {
     __u32 pid, tid;
diff --git a/internal/event.go b/internal/event.go
index 9dfa9af..e9126ea 100644
--- a/internal/event.go
+++ b/internal/event.go
@@ -22,8 +22,8 @@ type enterExitEvent struct {
 	comm            string
 }
 
-func (e enterExitEvent) is(enterId, exitId SyscallId) bool {
-	return enterId == e.enterEv.GetSyscallId() && exitId == e.exitEv.GetSyscallId()
+func (e enterExitEvent) is(id SyscallId) bool {
+	return e.enterEv.GetSyscallId() == id
 }
 
 func (e enterExitEvent) String() string {
diff --git a/internal/eventloop.go b/internal/eventloop.go
index cb458a8..9285db4 100644
--- a/internal/eventloop.go
+++ b/internal/eventloop.go
@@ -39,7 +39,15 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent {
 		delete(enterEvs, exitEv.GetTid())
 		ev.exitEv = exitEv
 
-		if ev.is(SYS_ENTER_OPENAT, SYS_EXIT_OPENAT) || ev.is(SYS_ENTER_OPEN, SYS_EXIT_OPEN) {
+		// Expect ID one lower, otherwise, doesn't match.
+		if ev.enterEv.GetSyscallId()-1 != ev.exitEv.GetSyscallId() {
+			fmt.Println(fmt.Sprintf("Loss of event (not matching) %v", ev))
+			ev.enterEv.Recycle()
+			exitEv.Recycle()
+			return
+		}
+
+		if ev.is(SYS_ENTER_OPENAT) || ev.is(SYS_ENTER_OPEN) {
 			openEnterEv := ev.enterEv.(*OpenEnterEvent)
 
 			fd := ev.exitEv.(*FdEvent).Fd
@@ -63,7 +71,7 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent {
 			} else {
 				ev.file = file{fdEvent.Fd, "?"}
 			}
-			if ev.is(SYS_ENTER_CLOSE, SYS_EXIT_CLOSE) {
+			if ev.is(SYS_ENTER_CLOSE) {
 				delete(files, fdEvent.Fd)
 			}
 		}
diff --git a/internal/generated/nqc.raku b/internal/generated/nqc.raku
index f53f34e..82d2a34 100644
--- a/internal/generated/nqc.raku
+++ b/internal/generated/nqc.raku
@@ -30,7 +30,7 @@ class NQCToGoActions {
     method TOP($/) {
         make "// This file was generated - don't change manually!\n"
         ~ "package types\n\n"
-        ~ self!constant-go-string-method ~ "\n"
+        ~ self!constant-go-methods ~ "\n"
         ~ $<construct>.map(*.made).join('');
     }
 
@@ -51,7 +51,7 @@ class NQCToGoActions {
         END
     }
 
-    method !constant-go-string-method returns Str {
+    method !constant-go-methods returns Str {
         qq:to/END/;
         type EventType uint32
         type SyscallId uint32
diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go
index 6f520e5..bb834e8 100644
--- a/internal/generated/types/types.go
+++ b/internal/generated/types/types.go
@@ -117,14 +117,14 @@ func (s SyscallId) String() string {
 		return "exit_io_uring_enter"
 	case SYS_ENTER_IO_URING_ENTER:
 		return "enter_io_uring_enter"
-	case SYS_ENTER_OPEN:
-		return "enter_open"
 	case SYS_EXIT_OPEN:
 		return "exit_open"
-	case SYS_ENTER_OPENAT:
-		return "enter_openat"
+	case SYS_ENTER_OPEN:
+		return "enter_open"
 	case SYS_EXIT_OPENAT:
 		return "exit_openat"
+	case SYS_ENTER_OPENAT:
+		return "enter_openat"
 	default:
 		panic(fmt.Sprintf("Unknown SyscallId: %d", s))
 	}
@@ -236,14 +236,14 @@ func (s SyscallId) Name() string {
 		return "io_uring_enter"
 	case SYS_ENTER_IO_URING_ENTER:
 		return "io_uring_enter"
-	case SYS_ENTER_OPEN:
-		return "open"
 	case SYS_EXIT_OPEN:
 		return "open"
-	case SYS_ENTER_OPENAT:
-		return "openat"
+	case SYS_ENTER_OPEN:
+		return "open"
 	case SYS_EXIT_OPENAT:
 		return "openat"
+	case SYS_ENTER_OPENAT:
+		return "openat"
 	default:
 		panic(fmt.Sprintf("Unknown SyscallId: %d", s))
 	}
@@ -512,7 +512,7 @@ const SYS_EXIT_IO_URING_REGISTER SyscallId = 1366
 const SYS_ENTER_IO_URING_REGISTER SyscallId = 1367
 const SYS_EXIT_IO_URING_ENTER SyscallId = 1370
 const SYS_ENTER_IO_URING_ENTER SyscallId = 1371
-const SYS_ENTER_OPEN SyscallId = 1
-const SYS_EXIT_OPEN SyscallId = 2
-const SYS_ENTER_OPENAT SyscallId = 3
-const SYS_EXIT_OPENAT SyscallId = 4
+const SYS_EXIT_OPEN SyscallId = 1
+const SYS_ENTER_OPEN SyscallId = 2
+const SYS_EXIT_OPENAT SyscallId = 3
+const SYS_ENTER_OPENAT SyscallId = 4
-- 
cgit v1.2.3