feat: track and handle O_CLOEXEC fds

[gnosek]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind test

/kind feature

/kind sync

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-modern-bpf

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

Our O_CLOEXEC handling has always been spotty and in the end we did nothing with the flag (O_CLOEXEC fds survived execve just fine). This PR aims to fix that by:

• adding O_CLOEXEC tracking to all syscalls I could think of
• actually removing O_CLOEXEC fds on execve
• fixing some minor bugs while I was there

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Probably best viewed commit by commit.

Does this PR introduce a user-facing change?:

feat: track and handle O_CLOEXEC fds

[github-actions]

Please double check driver/API_VERSION file. See versioning.

/hold

[gnosek]

/home/runner/work/libs/libs/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/close_range.bpf.c:16:39: error: use of undeclared identifier 'CLOSE_RANGE_X_SIZE'
   16 |         if(!ringbuf__reserve_space(&ringbuf, CLOSE_RANGE_X_SIZE, PPME_SYSCALL_CLOSE_RANGE_X)) {
      |                                              ^
1 error generated.

probably something stupid but I can't see it:
https://github.com/falcosecurity/libs/pull/2958/changes#diff-7e53d8c8d7d6242ad19f84baeb8be73734a7a698eb53b2ff978ecb6556925d44R121

[codecov]

Codecov Report

❌ Patch coverage is 60.75949% with 31 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.73%. Comparing base (86a1bf0) to head (d7e220d).
⚠️ Report is 15 commits behind head on master.

Files with missing lines	Patch %	Lines
userspace/libsinsp/parsers.cpp	53.12%	30 Missing ⚠️
userspace/libsinsp/fdtable.h	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2958      +/-   ##
==========================================
- Coverage   75.77%   75.73%   -0.05%     
==========================================
  Files         299      299              
  Lines       33096    33164      +68     
  Branches     5148     5168      +20     
==========================================
+ Hits        25080    25116      +36     
- Misses       8016     8048      +32     

Flag	Coverage Δ
libsinsp	75.73% <60.75%> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Perf diff from master - unit tests

    10.20%     +9.35%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_add_ref_lock_nothrow()
    14.72%     -7.25%  [.] std::__shared_count<(__gnu_cxx::_Lock_policy)2>::_M_get_use_count() const
     9.78%     -1.84%  [.] sinsp_threadinfo::update_main_fdtable()
    15.11%     -1.47%  [.] std::__shared_ptr<sinsp_threadinfo, (__gnu_cxx::_Lock_policy)2>::__shared_ptr(std::__weak_ptr<sinsp_threadinfo, (__gnu_cxx::_Lock_policy)2> const&, std::nothrow_t)
     7.55%     +0.89%  [.] sinsp_threadinfo::get_fd_table()
     3.67%     +0.77%  [.] sinsp_thread_manager::create_thread_dependencies(std::shared_ptr<sinsp_threadinfo> const&)
    11.99%     -0.50%  [.] sinsp_threadinfo::get_main_thread()
     4.47%     +0.48%  [.] thread_group_info::get_first_thread() const
     9.78%     -0.45%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release()
     6.58%     -0.39%  [.] std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count(std::__weak_count<(__gnu_cxx::_Lock_policy)2> const&, std::nothrow_t)

Heap diff from master - unit tests

peak heap memory consumption: -54B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: -48B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Benchmarks diff from master

Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark                                                         Time             CPU      Time Old      Time New       CPU Old       CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean                                            +0.0457         +0.0457           235           245           235           245
BM_sinsp_split_median                                          +0.0480         +0.0479           234           246           234           246
BM_sinsp_split_stddev                                          +0.2846         +0.2947             2             2             2             2
BM_sinsp_split_cv                                              +0.2285         +0.2381             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_mean                  -0.0435         -0.0435            71            68            71            68
BM_sinsp_concatenate_paths_relative_path_median                -0.0517         -0.0517            71            68            71            68
BM_sinsp_concatenate_paths_relative_path_stddev                +5.9464         +6.1052             0             1             0             1
BM_sinsp_concatenate_paths_relative_path_cv                    +6.2623         +6.4281             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_mean                     -0.0376         -0.0377            44            42            44            42
BM_sinsp_concatenate_paths_empty_path_median                   -0.0394         -0.0395            44            42            44            42
BM_sinsp_concatenate_paths_empty_path_stddev                   +7.2951         +8.3001             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_cv                       +7.6196         +8.6640             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_mean                  -0.0147         -0.0148            71            70            71            70
BM_sinsp_concatenate_paths_absolute_path_median                -0.0096         -0.0096            71            71            71            71
BM_sinsp_concatenate_paths_absolute_path_stddev                +0.6219         +0.6305             0             1             0             1
BM_sinsp_concatenate_paths_absolute_path_cv                    +0.6462         +0.6549             0             0             0             0

[poiana]

LGTM label has been added.

Details

Git tree hash: 6fe7af60982543a927ac1adbbf785d59f967cd8a

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ekoops, gnosek, therealbobo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ekoops,gnosek,therealbobo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ekoops]

@irozzo-1A 's concern addressed.
/hold cancel