[lttng-dev] [RFC] Extracting the payload from select, poll, epoll_ctl and epoll_wait

[Julien Desfossez]

Hi,

Currently with these system calls, we only have the address of a
user-space pointer containing the interesting data, so we cannot do any
analysis.

For LTTng 2.9, we want to extract the content of these system calls to
get more insights. We try to stay as close as possible to the layout
received in order to avoid long processing in the critical path.

Here are the proposed outputs:
- select: bitmask of FDs represented as a sequence of long, so the
  position of each bit set is the number of a FD. Only extract the
  necessary fields (select already receives the maximum FD set). select
  is limited at 1024 FDs, so we output at most 16 longs on 64-bits and
  32 on 32-bits architectures.
- poll: for each FD in the poll set, output the FD and the flags
  (events), each possible event is a bit. On exit, only extract the
  relevant FDs.
- epoll_ctl: output the FD, flags (events) and the data. The data is a
  union that can contain anything, we propose to output it twice: as a
  "uint64_t" in hexadecimal (for the u64 fields) and as a signed "int"
  in decimal (for the "fd" field).
- epoll_wait: on return, if FDs are returned, extract the list in the
  same format as in epoll_ctl.

Here is an example output:
https://paste.debian.net/plain/418248

For those interested in the CTF metadata, here it is:
https://paste.debian.net/plain/418245

You will notice, that this output can be very verbose with long list of
FDs. To address that, we plan to add pretty priting hints in the next
version of CTF (CTF2) to inform the viewers that the fields are bitmasks
(in this case, we only care about the position of the bits set), or that
the structures have bit-sized fields (in this case, we only want to
output the name of the fields where the bit is set).

This formatting decision has an impact on the analysis tools, so if you
have any comments on the proposed output, now is the time.

Thanks,

Julien