RFC: path display and path filtering features.

Dmitry V. Levin ldv at altlinux.org
Fri Feb 18 00:12:42 UTC 2011

On Thu, Feb 17, 2011 at 11:29:27AM -0600, Grant Edwards wrote:
> I've re-written the path display/trace features.  Attached is a
> snapshot of the diffs against the current git HEAD.  Changes since the
> first version I posted follow:

Thanks a lot.  Now we have a working PoC to discuss details.

>  * Removed the code that tracked fd-table state based on syscalls.  It
>    now does a readlink() on /proc/<pid>/fd/<fd> to find the path
>    associated with a file descriptor.

Linux kernel treats file descriptors as unsigned integers, but
sysctl_nr_open is still limited to 0x100000, so I'd add an extra check
for fd < 0 in getpath().

>  * Change the -P option so that instead of accepting a colon-separated
>    list of paths, it accepts a single path.  Multiple -P options can
>    be specified to trace multiple paths.

Maybe an attempt to exceed MAXSELECTED in pathtrace_select() should be
treated as a fatal error.

>  * Change the way that file descriptors are printed by the display
>    functions.  Instead of using "%s" and a function that returns a
>    formatted string, they now use a printfd() function analogous to
>    the printpath() function.

BTW, there is a long standing bug in decoding of file descriptors on
64bit architectures, and it's time to fix it in one place.

For example,
$ cat close.c
int close(unsigned long fd);
int main(void){return !!close(0xffffffff00000000UL);}
$ gcc -Wall -O2 close.c -o close
$ strace -eclose -o'|tail -1' ./close
close(-4294967296)                      = 0
$ strace -y -eclose -o'|tail -1' ./close
close(-4294967296</dev/pts/1>)          = 0

The fix is to change "fd" type in printfd() from long to int, and to print
it using %d format.

>  * Added handling (for Linux) for system calls where we need to look
>    at something other than arg[0] for a descriptor/path.

There is a lot of work to do.
Some non-arg[0] syscalls are not listed in pathtrace_match(); for
example, sys_dup3 and sys_old_mmap are listed but sys_dup2 and
sys_mmap are not.
Some struct sysent records still have outdated sys_flags; for example,
TRACE_DESC is not set for sys_mmap and sys_fadvise64*.

I'm not sure that we can ignore all cases where syscalls return file
descriptor as their return value.  For example,
$ strace -s4 -y -P /lib64/libc-2.11.3.so -P /lib64/libc.so.6 /bin/echo
open("/lib64/libc.so.6", O_RDONLY)      = 3
read(3</lib64/libc-2.11.3.so>, "\177ELF"..., 832) = 832
fstat(3</lib64/libc-2.11.3.so>, {st_mode=S_IFREG|0755, st_size=1465744, ...}) = 0
close(3</lib64/libc-2.11.3.so>)         = 0

The pathname passed to open(2) is a symlink, and /proc/<pid>/fd/<fd>
points to the canonicalized pathname, so -P /lib64/libc-2.11.3.so
won't catch this open(2) call now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20110218/d66ef3e9/attachment.bin>

More information about the Strace-devel mailing list