[lttng-dev] [PATCH lttng-modules v6 3/5] Extract the FDs and flags from poll and ppoll
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Sat Apr 30 14:14:27 UTC 2016
----- On Apr 29, 2016, at 6:53 PM, Julien Desfossez jdesfossez at efficios.com wrote:
> Instead of printing the pointer address of the poll set, extract all the
> FDs and flags from the poll set. For now, we only output the
> standardized set of events to limit the verbosity of the output, we also
> extract the raw value. When we switch to CTF2 we will be able to hide
> unset fields and then we will extract all the fields.
>
> Here is an example of output with one FD:
> syscall_entry_poll: {
> timeout_msecs = -1, nfds = 1, fds_length = 1,
> fds = [
> [0] = { fd = 4, raw_events = 0x5, events = { POLLIN = 1, POLLPRI = 0,
> POLLOUT = 1, POLLERR = 0, POLLHUP = 0, padding = 0 } } ]
> }
>
> syscall_exit_poll: {
> ret = 1, nfds = 1, fds_length = 1,
> fds = [ [0] = { fd = 4, raw_events = 0x4, events = { POLLIN = 0,
> POLLPRI = 0, POLLOUT = 1, POLLERR = 0, POLLHUP = 0, padding = 0 } } ] }
>
> Signed-off-by: Julien Desfossez <jdesfossez at efficios.com>
> ---
> .../syscalls/headers/syscalls_pointers_override.h | 254 +++++++++++++++++++++
> 1 file changed, 254 insertions(+)
>
> diff --git a/instrumentation/syscalls/headers/syscalls_pointers_override.h
> b/instrumentation/syscalls/headers/syscalls_pointers_override.h
> index b9dd54a..11d5f3d 100644
> --- a/instrumentation/syscalls/headers/syscalls_pointers_override.h
> +++ b/instrumentation/syscalls/headers/syscalls_pointers_override.h
> @@ -301,4 +301,258 @@ SC_LTTNG_TRACEPOINT_EVENT_CODE(pselect6,
> )
> #endif /* defined(CONFIG_X86_32) || defined(CONFIG_X86_64) ||
> defined(CONFIG_ARM64) || defined(CONFIG_ARM) */
>
> +#ifndef ONCE_LTTNG_TRACE_POLL_H
> +#define ONCE_LTTNG_TRACE_POLL_H
> +
> +#define LTTNG_POLL_NRFLAGS (POLLNVAL + 1)
> +#define POLL_FLAGS_PADDING_SIZE (sizeof(uint8_t) * BITS_PER_BYTE) - \
> + ilog2(LTTNG_POLL_NRFLAGS - 1)
> +
> +/*
> + * Only extract the values specified by iBCS2 for now.
> + */
> +static struct lttng_event_field lttng_pollfd_flag_fields[] = {
> + [ilog2(POLLIN)] = {
> + .name = "POLLIN",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(POLLPRI)] = {
> + .name = "POLLPRI",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(POLLOUT)] = {
> + .name = "POLLOUT",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(POLLERR)] = {
> + .name = "POLLERR",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(POLLHUP)] = {
> + .name = "POLLHUP",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(POLLNVAL)] = {
> + .name = "POLLNVAL",
> + .type = __type_integer(int, 1, 1, 0, __LITTLE_ENDIAN, 10, none),
> + },
> + [ilog2(LTTNG_POLL_NRFLAGS)] = {
> + .name = "padding",
> + .type = __type_integer(int, POLL_FLAGS_PADDING_SIZE, 1, 0,
> + __LITTLE_ENDIAN, 10, none),
> + },
> +};
> +
> +static struct lttng_event_field lttng_pollfd_fields[] = {
> + [0] = {
> + .name = "fd",
> + .type = __type_integer(int, 0, 0, 0, __BYTE_ORDER, 10, none),
> + },
> + [1] = {
> + .name = "raw_events",
> + .type = __type_integer(short, 0, 0, 0, __BYTE_ORDER, 16, none),
> + },
> + [2] = {
> + .name = "events",
> + .type = {
> + .atype = atype_struct,
> + .u._struct.nr_fields = ARRAY_SIZE(lttng_pollfd_flag_fields),
> + .u._struct.fields = lttng_pollfd_flag_fields,
> + }
> + },
> +};
> +
> +static struct lttng_type lttng_pollfd_elem = {
> + .atype = atype_struct,
> + .u._struct.nr_fields = ARRAY_SIZE(lttng_pollfd_fields),
> + .u._struct.fields = lttng_pollfd_fields,
> +};
> +#endif /* ONCE_LTTNG_TRACE_POLL_H */
> +
> +#define LTTNG_SYSCALL_POLL_locvar \
> + unsigned int fds_length, fds_max_len, alloc_fds; \
> + struct pollfd *fds; \
> + uint8_t overflow;
> +
> +#define LTTNG_SYSCALL_POLL_code_pre \
> + BUILD_BUG_ON(((ARRAY_SIZE(lttng_pollfd_flag_fields) - 1) + \
> + POLL_FLAGS_PADDING_SIZE) != \
> + sizeof(uint8_t) * BITS_PER_BYTE); \
> + tp_locvar->fds = NULL; \
> + tp_locvar->overflow = 0; \
> + \
> + sc_in( \
> + if (nfds * sizeof(struct pollfd) > PAGE_SIZE) { \
This check is incorrect if nfds * sizeof(struct pollfd) overflows an
unsigned int. Should instead be:
if (nfds > PAGE_SIZE / sizeof(struct pollfd))
Please audit all other checks on input size for this kind of mistake.
> + tp_locvar->fds_length = PAGE_SIZE / sizeof(struct pollfd); \
> + tp_locvar->fds_max_len = PAGE_SIZE / sizeof(struct pollfd); \
> + tp_locvar->overflow = 1; \
> + } else { \
> + tp_locvar->fds_length = nfds; \
> + tp_locvar->fds_max_len = nfds; \
> + } \
> + tp_locvar->alloc_fds = tp_locvar->fds_length * sizeof(struct pollfd); \
> + ) \
> + /* \
> + * On exit, the number of active FDs is determined by ret, \
> + * nfds stays the same as the entry, but we only want to \
> + * output the FDs that are relevant. \
> + */ \
> + sc_out( \
> + if (ret <= 0 || ret > nfds) \
> + goto error; \
> + \
> + if (nfds * sizeof(struct pollfd) > PAGE_SIZE) { \
same here.
Thanks,
Mathieu
> + tp_locvar->fds_length = PAGE_SIZE / sizeof(struct pollfd); \
> + tp_locvar->fds_max_len = PAGE_SIZE / sizeof(struct pollfd); \
> + tp_locvar->overflow = 1; \
> + } else { \
> + tp_locvar->fds_length = ret; \
> + tp_locvar->fds_max_len = nfds; \
> + } \
> + tp_locvar->alloc_fds = tp_locvar->fds_max_len * sizeof(struct pollfd); \
> + ) \
> + { \
> + int err; \
> + \
> + tp_locvar->fds = kmalloc(tp_locvar->alloc_fds, \
> + GFP_ATOMIC | GFP_NOWAIT); \
> + if (!tp_locvar->fds) \
> + goto error; \
> + err = lib_ring_buffer_copy_from_user_check_nofault( \
> + tp_locvar->fds, ufds, \
> + nfds * sizeof(struct pollfd)); \
> + if (err != 0) \
> + goto error; \
> + } \
> + goto end; \
> + \
> +error: \
> + tp_locvar->fds_length = 0; \
> + tp_locvar->fds_max_len = 0; \
> +end: \
> + ;
> +
> +#define LTTNG_SYSCALL_POLL_fds_field \
> + sc_in( \
> + ctf_custom_field( \
> + ctf_custom_type( \
> + .atype = atype_sequence_compound, \
> + .u.sequence_compound.length_name = "fds_length", \
> + .u.sequence_compound.elem_type = <tng_pollfd_elem, \
> + ), \
> + fds, \
> + ctf_custom_code( \
> + uint32_t i; \
> + \
> + ctf_align(int) /* Align on largest field in struct. */ \
> + for (i = 0; i < tp_locvar->fds_length; i++) { \
> + ctf_integer_type(int, tp_locvar->fds[i].fd) \
> + ctf_integer_type(short, tp_locvar->fds[i].events) \
> + ctf_integer_bitfield_type(uint8_t, \
> + (uint8_t) tp_locvar->fds[i].events) \
> + } \
> + ) \
> + ) \
> + ) \
> + sc_out( \
> + ctf_custom_field( \
> + ctf_custom_type( \
> + .atype = atype_sequence_compound, \
> + .u.sequence_compound.length_name = "fds_length", \
> + .u.sequence_compound.elem_type = <tng_pollfd_elem, \
> + ), \
> + fds, \
> + ctf_custom_code( \
> + uint32_t i; \
> + unsigned int nr = 0; \
> + \
> + ctf_align(int) /* Align on largest field in struct. */ \
> + /* \
> + * Iterate over the complete array, but only output \
> + * "ret" active FDs. \
> + */ \
> + for (i = 0; i < tp_locvar->fds_max_len; i++) { \
> + if (!tp_locvar->fds[i].revents) \
> + continue; \
> + if (nr++ >= tp_locvar->fds_length) \
> + break; \
> + ctf_integer_type(int, tp_locvar->fds[i].fd) \
> + ctf_integer_type(short, tp_locvar->fds[i].revents) \
> + ctf_integer_bitfield_type(uint8_t, \
> + (uint8_t) tp_locvar->fds[i].revents) \
> + } \
> + /* \
> + * If there is a discrepancy between ret and the \
> + * content of revents (e.g. caused by userspace corrupting \
> + * the array from a concurrent thread), we have to output \
> + * zeros to keep the trace readable. \
> + */ \
> + for (i = nr; i < tp_locvar->fds_length; i++) { \
> + ctf_integer_type(int, 0) \
> + ctf_integer_type(short, 0) \
> + ctf_integer_bitfield_type(uint8_t, 0) \
> + } \
> + ) \
> + ) \
> + )
> +
> +#define LTTNG_SYSCALL_POLL_code_post \
> + kfree(tp_locvar->fds);
> +
> +#if defined(CONFIG_X86_32) || defined(CONFIG_X86_64)
> +#define OVERRIDE_32_poll
> +#define OVERRIDE_64_poll
> +SC_LTTNG_TRACEPOINT_EVENT_CODE(poll,
> + TP_PROTO(sc_exit(long ret,) struct pollfd __user * ufds,
> + unsigned int nfds, int timeout_msecs),
> + TP_ARGS(sc_exit(ret,) ufds, nfds, timeout_msecs),
> + TP_locvar(
> + LTTNG_SYSCALL_POLL_locvar
> + ),
> + TP_code_pre(
> + LTTNG_SYSCALL_POLL_code_pre
> + ),
> + TP_FIELDS(
> + sc_exit(ctf_integer(long, ret, ret))
> + sc_in(ctf_integer(int, timeout_msecs, timeout_msecs))
> + sc_inout(ctf_integer(unsigned int, nfds, nfds))
> + sc_inout(ctf_integer(unsigned int, fds_length, tp_locvar->fds_length))
> + sc_in(ctf_integer(uint8_t, overflow, tp_locvar->overflow))
> + LTTNG_SYSCALL_POLL_fds_field
> + ),
> + TP_code_post(
> + LTTNG_SYSCALL_POLL_code_post
> + )
> +)
> +#endif /* defined(CONFIG_X86_32) || defined(CONFIG_X86_64) */
> +
> +#if defined(CONFIG_X86_32) || defined(CONFIG_X86_64) || defined(CONFIG_ARM64)
> || defined(CONFIG_ARM)
> +#define OVERRIDE_32_ppoll
> +#define OVERRIDE_64_ppoll
> +SC_LTTNG_TRACEPOINT_EVENT_CODE(ppoll,
> + TP_PROTO(sc_exit(long ret,) struct pollfd __user * ufds,
> + unsigned int nfds, struct timespec * tsp, const sigset_t * sigmask, size_t
> sigsetsize),
> + TP_ARGS(sc_exit(ret,) ufds, nfds, tsp, sigmask, sigsetsize),
> + TP_locvar(
> + LTTNG_SYSCALL_POLL_locvar
> + ),
> + TP_code_pre(
> + LTTNG_SYSCALL_POLL_code_pre
> + ),
> + TP_FIELDS(
> + sc_exit(ctf_integer(long, ret, ret))
> + sc_in(ctf_integer(struct timespec *, tsp, tsp))
> + sc_in(ctf_integer(const sigset_t *, sigmask, sigmask))
> + sc_in(ctf_integer(size_t, sigsetsize, sigsetsize))
> + sc_inout(ctf_integer(unsigned int, nfds, nfds))
> + sc_inout(ctf_integer(unsigned int, fds_length, tp_locvar->fds_length))
> + sc_inout(ctf_integer(uint8_t, overflow, tp_locvar->overflow))
> + LTTNG_SYSCALL_POLL_fds_field
> + ),
> + TP_code_post(
> + LTTNG_SYSCALL_POLL_code_post
> + )
> +)
> +#endif /* defined(CONFIG_X86_32) || defined(CONFIG_X86_64) ||
> defined(CONFIG_ARM64) || defined(CONFIG_ARM) */
> +
> #endif /* CREATE_SYSCALL_TABLE */
> --
> 1.9.1
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list