Using regular expression filter system call

JingPiao Chen chenjingpiao at gmail.com
Sat Apr 8 14:16:52 UTC 2017


Recently, class %sched and %clock are added. Is it necessary to add
regular expression to filter system call?

I use '@' as the prefix of regular expression. I think following regular
expressions may be used. @time, @[pg]id, @^wait @xattr, @^dup, @^send,
@^recv, @^read, @^write, @^sem, @^shm, @^msg, @^inotify, @^pkey_

diff --git a/qualify.c b/qualify.c
index 157d313..5753530 100644
--- a/qualify.c
+++ b/qualify.c
@@ -27,6 +27,7 @@

 #include "defs.h"
 #include "nsig.h"
+#include <regex.h>

 typedef unsigned int number_slot_t;
 #define BITS_PER_SLOT (sizeof(number_slot_t) * 8)
@@ -258,6 +259,35 @@ qualify_syscall_class(const char *s, struct number_set
*set)
 }

 static bool
+qualify_syscall_regex(const char *s, struct number_set *set)
+{
+ if(!s || *s != '@')
+ return false;
+ s++;
+
+ regex_t preg;
+ if (regcomp(&preg, s, REG_EXTENDED | REG_NOSUB))
+ error_msg_and_die("invalid regular expression: '%s'", s);
+
+ unsigned int p;
+ for (p = 0; p < SUPPORTED_PERSONALITIES; ++p) {
+ unsigned int i;
+
+ for (i = 0; i < nsyscall_vec[p]; ++i) {
+ if (!sysent_vec[p][i].sys_name
+    || regexec(&preg, sysent_vec[p][i].sys_name,
+       0, NULL, 0)) {
+ continue;
+ }
+ add_number_to_set(i, &set[p]);
+ }
+ }
+
+ regfree(&preg);
+ return true;
+}
+
+static bool
 qualify_syscall_name(const char *s, struct number_set *set)
 {
  unsigned int p;
@@ -285,6 +315,7 @@ qualify_syscall(const char *token, struct number_set
*set)
  if (*token >= '0' && *token <= '9')
  return qualify_syscall_number(token, set);
  return qualify_syscall_class(token, set)
+       || qualify_syscall_regex(token, set)
        || qualify_syscall_name(token, set);
 }

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8dff1db..c82f28a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -536,6 +536,7 @@ DECODER_TESTS = \
  qual_fault-exit_group.test \
  read-write.test \
  readv.test \
+ regex.test \
  sched.test \
  scm_rights-fd.test \
  seccomp-strict.test \
diff --git a/tests/regex.test b/tests/regex.test
new file mode 100755
index 0000000..2b835d2
--- /dev/null
+++ b/tests/regex.test
@@ -0,0 +1,74 @@
+#!/bin/sh
+#
+# Check -e trace=@REGEX option.
+#
+# Copyright (c) 2017 The strace developers.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+#    derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. "${srcdir=.}/init.sh"
+
+while read w s; do {
+ try_run_prog "../$s" || continue
+ run_strace -a$w -e@^clock ../$s > "$EXP"
+ match_diff "$LOG" "$EXP"
+} < /dev/null; done << EOF
+37 clock_adjtime
+40 clock_nanosleep
+36 clock_xettime
+EOF
+
+# Surprised that fcntl*, futimesat, utime, utimensat, and utimes tests
+# linked with musl use clock_gettime?  Me too!
+grep -E -v '^(#|clock_|times$|fcntl|futimesat$|utime)' \
+ < "$srcdir/pure_executables.list" > negative.list
+
+while read s; do {
+ try_run_prog "../$s" || continue
+ run_strace -qq -esignal=none -e@^clock ../$s > /dev/null
+ match_diff "$LOG" /dev/null
+} < /dev/null; done < negative.list
+
+while read w s; do {
+ try_run_prog "../$s" || continue
+ run_strace -a$w -e@^sched_ ../$s > "$EXP"
+ match_diff "$LOG" "$EXP"
+} < /dev/null; done << EOF
+28 sched_xetaffinity
+23 sched_xetparam
+31 sched_rr_get_interval
+33 sched_get_priority_mxx
+29 sched_xetattr
+22 sched_xetscheduler
+14 sched_yield
+EOF
+
+grep -E -v '^(#|sched_|times$)' \
+ < "$srcdir/pure_executables.list" > negative.list
+
+while read s; do {
+ try_run_prog "../$s" || continue
+ run_strace -qq -esignal=none -e@^sched_ ../$s > /dev/null
+ match_diff "$LOG" /dev/null
+} < /dev/null; done < negative.list
-- 
2.7.4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170408/8d7828ac/attachment.html>


More information about the Strace-devel mailing list