[lttng-dev] [RFC] lttng-modules system call tracing filtering

Thibault, Daniel Daniel.Thibault at drdc-rddc.gc.ca
Mon Jul 21 09:37:43 EDT 2014 

----------------------------------------------------------------------
Date: Sat, 19 Jul 2014 21:39:23 +0000 (UTC)
From: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Cc: Julien Desfossez <jdesfossez at efficios.com>

> For the curious, I implement this "filtering" with a per-channel bitmap that represents which system calls to trace.
> We might need to double-check that I got the NR_syscalls right for each architecture, especially those with
> compatibility system call tables (64-bit archs having 32-bit compat syscalls). For the common case (all system calls
> are traced), the pointer to the array is NULL, so this is a simple pointer check, which is less expensive cache-wise
> than looking up within the bitmap.
>
> As far as lttng-tools is concerned, what is a bit different is that system calls don't each get a file descriptor assigned, 
> unlike other tracepoint events. Therefore, we interact with them at the channel level. If we can find a way to send 
> the disable-event command directly to the channel, with the new "u.syscall.disable" flag I added to the lttng ABI, 
>we should be able to use disable-event with syscalls.
>
> However, I'm not sure how deeply we need to modify lttng-tools for this.
>
> Mathieu

   Why is the filter per-channel?  Last time I checked, syscalls could only be assigned once per session, therefore there would only be a need for a per-session filter bitmap.  Of course, if the intent is to allow syscalls to be potentially multiply assigned, like user-space events are, then this is the right way to go.

Daniel U. Thibault
Protection des systèmes et contremesures (PSC) | Systems Protection & Countermeasures (SPC)
Cyber sécurité pour les missions essentielles (CME) | Mission Critical Cyber Security (MCCS)
RDDC - Centre de recherches de Valcartier | DRDC - Valcartier Research Centre
2459 route de la Bravoure
Québec QC  G3J 1X5
CANADA
Vox : (418) 844-4000 x4245
Fax : (418) 844-4538
NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ>
Gouvernement du Canada | Government of Canada
<http://www.valcartier.drdc-rddc.gc.ca/>

More information about the lttng-dev mailing list