[lttng-dev] [Patch lttng-modules v2] ARM: Resolve sys_unknown system calls
Jan Glauber
jan.glauber at gmail.com
Mon Apr 14 09:31:58 EDT 2014
On Mon, Apr 14, 2014 at 12:41:41PM +0000, Mathieu Desnoyers wrote:
> ----- Original Message -----
> > From: "Jan Glauber" <jan.glauber at gmail.com>
> > To: "Mathieu Desnoyers" <mathieu.desnoyers at efficios.com>
> > Cc: lttng-dev at lists.lttng.org
> > Sent: Monday, April 14, 2014 4:56:56 AM
> > Subject: [Patch lttng-modules v2] ARM: Resolve sys_unknown system calls
> >
> > [Patch lttng-modules v2] ARM: Resolve sys_unknown system calls
> >
> > The LTTng system call extractor relies on kallsyms.
>
> How is the fact that the lttng syscall extractor relies on kallsyms
> relevant here ?
Because these "unknown" system calls are not described in between
__start_syscalls_metadata and __stop_syscalls_metadata? I didn't dig
to deep but I thought thats the reason LTTng system call extractor
does not find these system calls. If I look for instance for sys_recv
in my System.map:
$ grep __p_syscall_meta__recv System.map
c069404c t __p_syscall_meta__recvmmsg
c0694050 t __p_syscall_meta__recvmsg
c0694068 t __p_syscall_meta__recvfrom
its not there. But I've not looked what creates the system call meta data
entries, maybe its something different than the SYSCALL_DEFINE.
> > Not every system
> > call is defined in the kernel with SYSCALL_DEFINE, so some system calls
> > are missing in kallsyms and shown as sys_unknown by LTTng.
>
> This is inaccurate. LTTng syscall extractor only uses kallsyms to get the
> __start_syscalls_metadata and __stop_syscalls_metadata symbols.
>
> What is true here is that indeed, not every system call is defined using
> SYSCALL_DEFINE.
>
> > Manually
> > add these system calls in the override files for ARM:
> >
> > - sys_recv
> > - sys_sigreturn
> > - sys_rt_sigreturn
> > - sys_pread64
> > - sys_prwite64
> > - sys_vfork
> > - sys_ftruncate64
> > - sys_fstatfs64
> > - sys_fallocate
>
> The LTTng system call extractor (linux-link-trace-syscalls-as-data.patch
> and lttng-syscalls-extractor.c) output the system call details on the
> console. On ARM, this was used to initially generate arm-32-syscalls-3.4.25.
> If we look into your patch, we see that you are adding system calls to it.
> However, I doubt you generated your system call list from a 3.4.25 kernel.
> The file name should match the kernel from with the system call list has
> been generated, and should not be updated by hand.
I'm still using the 3.4.25 kernel but I've added the unknown system calls
manually to the arm-32-syscalls-3.4.25 file because I then could use
the script to generate the defines. If you don't like these system calls
added to the arm-32-syscalls-3.4.25 file I can also remove them, but I don't
see the point since this file is incomplete because of the imperfect
detection mechanism.
> Have you tried running the system call extractor on a more recent kernel
> to see if some of the unknown system calls have been defined with
> SYSCALL_DEFINE since 3.4.25 ? If they appeared in a more recent kernel,
> then there is no need to define them as overrides, just provide a new
> arm-*-syscalls-3.x.x description file generated by the lttng syscall
> extractor, and use lttng-syscalls-generate-headers.sh to regenerate
> syscall instrumentation headers. Overrides are only for the entries
> that are still missing from the arm-*-syscalls-3.x.x description file.
No. I'm currently stuck with that kernel version and I doubt the system call
extractor wont find a system call like sys_recv on a newer kernel.
Regards, Jan
> Thanks,
>
> Mathieu
>
>
> >
> > Signed-off-by: Jan Glauber <jan.glauber at gmail.com>
> > ---
> > .../syscalls/3.4.25/arm-32-syscalls-3.4.25 | 9 +++
> > .../arm-32-syscalls-3.4.25_integers_override.h | 25 +++++++-
> > .../arm-32-syscalls-3.4.25_pointers_override.h | 66
> > ++++++++++++++++++--
> > 3 files changed, 93 insertions(+), 7 deletions(-)
> >
> > diff --git a/instrumentation/syscalls/3.4.25/arm-32-syscalls-3.4.25
> > b/instrumentation/syscalls/3.4.25/arm-32-syscalls-3.4.25
> > index 65c3973..824c879 100644
> > --- a/instrumentation/syscalls/3.4.25/arm-32-syscalls-3.4.25
> > +++ b/instrumentation/syscalls/3.4.25/arm-32-syscalls-3.4.25
> > @@ -80,6 +80,7 @@ syscall sys_wait4 nr 114 nbargs 4 types: (pid_t, int *,
> > int, struct rusage *) ar
> > syscall sys_swapoff nr 115 nbargs 1 types: (const char *) args:
> > (specialfile)
> > syscall sys_sysinfo nr 116 nbargs 1 types: (struct sysinfo *) args: (info)
> > syscall sys_fsync nr 118 nbargs 1 types: (unsigned int) args: (fd)
> > +syscall sys_sigreturn nr 119 nbargs 1 types: (struct pt_regs *) args: (regs)
> > syscall sys_setdomainname nr 121 nbargs 2 types: (char *, int) args: (name,
> > len)
> > syscall sys_newuname nr 122 nbargs 1 types: (struct new_utsname *) args:
> > (name)
> > syscall sys_adjtimex nr 124 nbargs 1 types: (struct timex *) args: (txc_p)
> > @@ -125,18 +126,23 @@ syscall sys_poll nr 168 nbargs 3 types: (struct pollfd
> > *, unsigned int, int) arg
> > syscall sys_setresgid16 nr 170 nbargs 3 types: (old_gid_t, old_gid_t,
> > old_gid_t) args: (rgid, egid, sgid)
> > syscall sys_getresgid16 nr 171 nbargs 3 types: (old_gid_t *, old_gid_t *,
> > old_gid_t *) args: (rgid, egid, sgid)
> > syscall sys_prctl nr 172 nbargs 5 types: (int, unsigned long, unsigned long,
> > unsigned long, unsigned long) args: (option, arg2, arg3, arg4, arg5)
> > +syscall sys_rt_sigreturn nr 173 nbargs 1 types: (struct pt_regs *) args:
> > (regs)
> > syscall sys_rt_sigaction nr 174 nbargs 4 types: (int, const struct sigaction
> > *, struct sigaction *, size_t) args: (sig, act, oact, sigsetsize)
> > syscall sys_rt_sigprocmask nr 175 nbargs 4 types: (int, sigset_t *, sigset_t
> > *, size_t) args: (how, nset, oset, sigsetsize)
> > syscall sys_rt_sigpending nr 176 nbargs 2 types: (sigset_t *, size_t) args:
> > (set, sigsetsize)
> > syscall sys_rt_sigtimedwait nr 177 nbargs 4 types: (const sigset_t *,
> > siginfo_t *, const struct timespec *, size_t) args: (uthese, uinfo, uts,
> > sigsetsize)
> > syscall sys_rt_sigqueueinfo nr 178 nbargs 3 types: (pid_t, int, siginfo_t *)
> > args: (pid, sig, uinfo)
> > syscall sys_rt_sigsuspend nr 179 nbargs 2 types: (sigset_t *, size_t) args:
> > (unewset, sigsetsize)
> > +syscall sys_pread64 nr 180 nbargs 4 types: (unsigned int, const char *,
> > size_t, loff_t) args: (fd, buf, count, pos)
> > +syscall sys_pwrite64 nr 181 nbargs 4 types: (unsigned int, const char *,
> > size_t, loff_t) args: (fd, buf, count, pos)
> > syscall sys_chown16 nr 182 nbargs 3 types: (const char *, old_uid_t,
> > old_gid_t) args: (filename, user, group)
> > syscall sys_getcwd nr 183 nbargs 2 types: (char *, unsigned long) args:
> > (buf, size)
> > syscall sys_capget nr 184 nbargs 2 types: (cap_user_header_t,
> > cap_user_data_t) args: (header, dataptr)
> > syscall sys_capset nr 185 nbargs 2 types: (cap_user_header_t, const
> > cap_user_data_t) args: (header, data)
> > syscall sys_sendfile nr 187 nbargs 4 types: (int, int, off_t *, size_t)
> > args: (out_fd, in_fd, offset, count)
> > +syscall sys_vfork nr 190 nbargs 0 types: () args: ()
> > syscall sys_getrlimit nr 191 nbargs 2 types: (unsigned int, struct rlimit *)
> > args: (resource, rlim)
> > +syscall sys_ftruncate64 nr 194 nbargs 2 types: (unsigned int, loff_t) args:
> > (fd, length)
> > syscall sys_stat64 nr 195 nbargs 2 types: (const char *, struct stat64 *)
> > args: (filename, statbuf)
> > syscall sys_lstat64 nr 196 nbargs 2 types: (const char *, struct stat64 *)
> > args: (filename, statbuf)
> > syscall sys_fstat64 nr 197 nbargs 2 types: (unsigned long, struct stat64 *)
> > args: (fd, statbuf)
> > @@ -202,6 +208,7 @@ syscall sys_clock_settime nr 262 nbargs 2 types: (const
> > clockid_t, const struct
> > syscall sys_clock_gettime nr 263 nbargs 2 types: (const clockid_t, struct
> > timespec *) args: (which_clock, tp)
> > syscall sys_clock_getres nr 264 nbargs 2 types: (const clockid_t, struct
> > timespec *) args: (which_clock, tp)
> > syscall sys_clock_nanosleep nr 265 nbargs 4 types: (const clockid_t, int,
> > const struct timespec *, struct timespec *) args: (which_clock, flags,
> > rqtp, rmtp)
> > +syscall sys_fstatfs64 nr 267 nbargs 3 types: (unsigned int, size_t, struct
> > statfs64 *) args: (fd, sz, buf)
> > syscall sys_tgkill nr 268 nbargs 3 types: (pid_t, pid_t, int) args: (tgid,
> > pid, sig)
> > syscall sys_utimes nr 269 nbargs 2 types: (char *, struct timeval *) args:
> > (filename, utimes)
> > syscall sys_mq_open nr 274 nbargs 4 types: (const char *, int, umode_t,
> > struct mq_attr *) args: (u_name, oflag, mode, u_attr)
> > @@ -221,6 +228,7 @@ syscall sys_getpeername nr 287 nbargs 3 types: (int,
> > struct sockaddr *, int *) a
> > syscall sys_socketpair nr 288 nbargs 4 types: (int, int, int, int *) args:
> > (family, type, protocol, usockvec)
> > syscall sys_send nr 289 nbargs 4 types: (int, void *, size_t, unsigned)
> > args: (fd, buff, len, flags)
> > syscall sys_sendto nr 290 nbargs 6 types: (int, void *, size_t, unsigned,
> > struct sockaddr *, int) args: (fd, buff, len, flags, addr, addr_len)
> > +syscall sys_recv nr 291 nbargs 6 types: (int, void *, size_t, unsigned,
> > struct sockaddr *, int *) args: (fd, ubuf, size, flags, addr, addr_len)
> > syscall sys_recvfrom nr 292 nbargs 6 types: (int, void *, size_t, unsigned,
> > struct sockaddr *, int *) args: (fd, ubuf, size, flags, addr, addr_len)
> > syscall sys_shutdown nr 293 nbargs 2 types: (int, int) args: (fd, how)
> > syscall sys_setsockopt nr 294 nbargs 5 types: (int, int, int, char *, int)
> > args: (fd, level, optname, optval, optlen)
> > @@ -273,6 +281,7 @@ syscall sys_utimensat nr 348 nbargs 4 types: (int, const
> > char *, struct timespec
> > syscall sys_signalfd nr 349 nbargs 3 types: (int, sigset_t *, size_t) args:
> > (ufd, user_mask, sizemask)
> > syscall sys_timerfd_create nr 350 nbargs 2 types: (int, int) args: (clockid,
> > flags)
> > syscall sys_eventfd nr 351 nbargs 1 types: (unsigned int) args: (count)
> > +syscall sys_fallocate nr 352 nbargs 4 types: (int, int, loff_t, loff_t)
> > args: (fd, mode, offset, len)
> > syscall sys_timerfd_settime nr 353 nbargs 4 types: (int, int, const struct
> > itimerspec *, struct itimerspec *) args: (ufd, flags, utmr, otmr)
> > syscall sys_timerfd_gettime nr 354 nbargs 2 types: (int, struct itimerspec
> > *) args: (ufd, otmr)
> > syscall sys_signalfd4 nr 355 nbargs 4 types: (int, sigset_t *, size_t, int)
> > args: (ufd, user_mask, sizemask, flags)
> > diff --git
> > a/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_integers_override.h
> > b/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_integers_override.h
> > index 895370f..14c78bc 100644
> > ---
> > a/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_integers_override.h
> > +++
> > b/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_integers_override.h
> > @@ -37,15 +37,38 @@ SC_TRACE_EVENT(sys_sync_file_range2,
> > TP_printk()
> > )
> >
> > +SC_DEFINE_EVENT_NOARGS(syscalls_noargs, sys_vfork)
> > +
> > +SC_TRACE_EVENT(sys_ftruncate64,
> > + TP_PROTO(unsigned int fd, loff_t length),
> > + TP_ARGS(fd, length),
> > + TP_STRUCT__entry(__field(unsigned int, fd) __field(loff_t, length)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(length, length)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_fallocate,
> > + TP_PROTO(int fd, int mode, loff_t offset, loff_t len),
> > + TP_ARGS(fd, mode, offset, len),
> > + TP_STRUCT__entry(__field(int, fd) __field(int, mode) __field(loff_t,
> > offset) __field(loff_t, len)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(mode, mode) tp_assign(offset,
> > offset) tp_assign(len, len)),
> > + TP_printk()
> > +)
> > +
> > #else /* CREATE_SYSCALL_TABLE */
> >
> > #define OVVERRIDE_TABLE_32_sys_mmap
> > TRACE_SYSCALL_TABLE(sys_mmap, sys_mmap, 90, 6)
> > -
> > +#define OVERRIDE_TABLE_32_sys_vfork
> > +TRACE_SYSCALL_TABLE(syscalls_noargs, sys_vfork, 190, 0)
> > +#define OVERRIDE_TABLE_32_sys_ftruncate64
> > +TRACE_SYSCALL_TABLE(sys_ftruncate64, sys_ftruncate64, 194, 2)
> > #define OVERRIDE_TABLE_32_sys_arm_fadvise64_64
> > TRACE_SYSCALL_TABLE(sys_arm_fadvise64_64, sys_arm_fadvise64_64, 270, 4)
> > #define OVERRIDE_TABLE_32_sys_sync_file_range2
> > TRACE_SYSCALL_TABLE(sys_sync_file_range2, sys_sync_file_range2, 341, 4)
> > +#define OVERRIDE_TABLE_32_sys_fallocate
> > +TRACE_SYSCALL_TABLE(sys_fallocate, sys_fallocate, 352, 4)
> >
> > #endif /* CREATE_SYSCALL_TABLE */
> >
> > diff --git
> > a/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_pointers_override.h
> > b/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_pointers_override.h
> > index 65131bb..7ed7429 100644
> > ---
> > a/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_pointers_override.h
> > +++
> > b/instrumentation/syscalls/headers/arm-32-syscalls-3.4.25_pointers_override.h
> > @@ -1,7 +1,3 @@
> > -
> > -#define OVERRIDE_TABLE_32_sys_mmap2
> > -
> > -
> > #ifndef CREATE_SYSCALL_TABLE
> >
> > SC_TRACE_EVENT(sys_mmap2,
> > @@ -25,15 +21,73 @@ SC_TRACE_EVENT(sys_mmap2,
> > TP_printk()
> > )
> >
> > +SC_TRACE_EVENT(sys_sigreturn,
> > + TP_PROTO(struct pt_regs * regs),
> > + TP_ARGS(regs),
> > + TP_STRUCT__entry(__field_hex(struct pt_regs *, regs)),
> > + TP_fast_assign(tp_assign(regs, regs)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_rt_sigreturn,
> > + TP_PROTO(struct pt_regs * regs),
> > + TP_ARGS(regs),
> > + TP_STRUCT__entry(__field_hex(struct pt_regs *, regs)),
> > + TP_fast_assign(tp_assign(regs, regs)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_fstatfs64,
> > + TP_PROTO(unsigned int fd, size_t sz, struct statfs64 * buf),
> > + TP_ARGS(fd, sz, buf),
> > + TP_STRUCT__entry(__field(unsigned int, fd) __field(size_t, sz)
> > __field_hex(struct statfs64 *, buf)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(sz, sz) tp_assign(buf, buf)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_pread64,
> > + TP_PROTO(unsigned int fd, const char * buf, size_t count, loff_t pos),
> > + TP_ARGS(fd, buf, count, pos),
> > + TP_STRUCT__entry(__field(unsigned int, fd) __field_hex(const char *, buf)
> > __field(size_t, count) __field(loff_t, pos)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(buf, buf) tp_assign(count,
> > count) tp_assign(pos, pos)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_pwrite64,
> > + TP_PROTO(unsigned int fd, const char * buf, size_t count, loff_t pos),
> > + TP_ARGS(fd, buf, count, pos),
> > + TP_STRUCT__entry(__field(unsigned int, fd) __field_hex(const char *, buf)
> > __field(size_t, count) __field(loff_t, pos)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(buf, buf) tp_assign(count,
> > count) tp_assign(pos, pos)),
> > + TP_printk()
> > +)
> > +
> > +SC_TRACE_EVENT(sys_recv,
> > + TP_PROTO(int fd, void * ubuf, size_t size, unsigned flags, struct sockaddr
> > * addr, int * addr_len),
> > + TP_ARGS(fd, ubuf, size, flags, addr, addr_len),
> > + TP_STRUCT__entry(__field(int, fd) __field_hex(void *, ubuf) __field(size_t,
> > size) __field(unsigned, flags) __field_hex(struct sockaddr *, addr)
> > __field_hex(int *, addr_len)),
> > + TP_fast_assign(tp_assign(fd, fd) tp_assign(ubuf, ubuf) tp_assign(size,
> > size) tp_assign(flags, flags) tp_assign(addr, addr) tp_assign(addr_len,
> > addr_len)),
> > + TP_printk()
> > +)
> > +
> > #else /* CREATE_SYSCALL_TABLE */
> >
> > #define OVERRIDE_TABLE_32_sys_execve
> > TRACE_SYSCALL_TABLE(sys_execve, sys_execve, 11, 3)
> > +#define OVERRIDE_TABLE_32_sys_sigreturn
> > +TRACE_SYSCALL_TABLE(sys_sigreturn, sys_sigreturn, 119, 1)
> > #define OVERRIDE_TABLE_32_sys_clone
> > TRACE_SYSCALL_TABLE(sys_clone, sys_clone, 120, 5)
> > +#define OVERRIDE_TABLE_32_sys_rt_sigreturn
> > +TRACE_SYSCALL_TABLE(sys_rt_sigreturn, sys_rt_sigreturn, 173, 1)
> > +#define OVERRIDE_TABLE_32_sys_pread64
> > +TRACE_SYSCALL_TABLE(sys_pread64, sys_pread64, 180, 4)
> > +#define OVERRIDE_TABLE_32_sys_pwrite64
> > +TRACE_SYSCALL_TABLE(sys_pwrite64, sys_pwrite64, 181, 4)
> > #define OVERRIDE_TABLE_32_sys_mmap2
> > TRACE_SYSCALL_TABLE(sys_mmap2, sys_mmap2, 192, 6)
> > +#define OVERRIDE_TABLE_32_sys_fstatfs64
> > +TRACE_SYSCALL_TABLE(sys_fstatfs64, sys_fstatfs64, 267, 3)
> > +#define OVERRIDE_TABLE_32_sys_recv
> > +TRACE_SYSCALL_TABLE(sys_recv, sys_recv, 291, 6)
> >
> > #endif /* CREATE_SYSCALL_TABLE */
> > -
> > -
> > --
> > 1.7.9.5
> >
> >
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> http://www.efficios.com
More information about the lttng-dev
mailing list