Using regular expression filter system call

Masatake YAMATO yamato at redhat.com
Sun Apr 9 17:12:02 UTC 2017


> Recently, class %sched and %clock are added. Is it necessary to add
> regular expression to filter system call?

Interesting feature.

> I use '@' as the prefix of regular expression. I think following regular
> expressions may be used. @time, @[pg]id, @^wait @xattr, @^dup, @^send,
> @^recv, @^read, @^write, @^sem, @^shm, @^msg, @^inotify, @^pkey_

How about '/' (slash)?

vi and sed users may be familiar with the notation.

Masatake YAMATO

> diff --git a/qualify.c b/qualify.c
> index 157d313..5753530 100644
> --- a/qualify.c
> +++ b/qualify.c
> @@ -27,6 +27,7 @@
> 
>  #include "defs.h"
>  #include "nsig.h"
> +#include <regex.h>
> 
>  typedef unsigned int number_slot_t;
>  #define BITS_PER_SLOT (sizeof(number_slot_t) * 8)
> @@ -258,6 +259,35 @@ qualify_syscall_class(const char *s, struct number_set
> *set)
>  }
> 
>  static bool
> +qualify_syscall_regex(const char *s, struct number_set *set)
> +{
> + if(!s || *s != '@')
> + return false;
> + s++;
> +
> + regex_t preg;
> + if (regcomp(&preg, s, REG_EXTENDED | REG_NOSUB))
> + error_msg_and_die("invalid regular expression: '%s'", s);
> +
> + unsigned int p;
> + for (p = 0; p < SUPPORTED_PERSONALITIES; ++p) {
> + unsigned int i;
> +
> + for (i = 0; i < nsyscall_vec[p]; ++i) {
> + if (!sysent_vec[p][i].sys_name
> +    || regexec(&preg, sysent_vec[p][i].sys_name,
> +       0, NULL, 0)) {
> + continue;
> + }
> + add_number_to_set(i, &set[p]);
> + }
> + }
> +
> + regfree(&preg);
> + return true;
> +}
> +
> +static bool
>  qualify_syscall_name(const char *s, struct number_set *set)
>  {
>   unsigned int p;
> @@ -285,6 +315,7 @@ qualify_syscall(const char *token, struct number_set
> *set)
>   if (*token >= '0' && *token <= '9')
>   return qualify_syscall_number(token, set);
>   return qualify_syscall_class(token, set)
> +       || qualify_syscall_regex(token, set)
>         || qualify_syscall_name(token, set);
>  }
> 
> diff --git a/tests/Makefile.am b/tests/Makefile.am
> index 8dff1db..c82f28a 100644
> --- a/tests/Makefile.am
> +++ b/tests/Makefile.am
> @@ -536,6 +536,7 @@ DECODER_TESTS = \
>   qual_fault-exit_group.test \
>   read-write.test \
>   readv.test \
> + regex.test \
>   sched.test \
>   scm_rights-fd.test \
>   seccomp-strict.test \
> diff --git a/tests/regex.test b/tests/regex.test
> new file mode 100755
> index 0000000..2b835d2
> --- /dev/null
> +++ b/tests/regex.test
> @@ -0,0 +1,74 @@
> +#!/bin/sh
> +#
> +# Check -e trace=@REGEX option.
> +#
> +# Copyright (c) 2017 The strace developers.
> +# All rights reserved.
> +#
> +# Redistribution and use in source and binary forms, with or without
> +# modification, are permitted provided that the following conditions
> +# are met:
> +# 1. Redistributions of source code must retain the above copyright
> +#    notice, this list of conditions and the following disclaimer.
> +# 2. Redistributions in binary form must reproduce the above copyright
> +#    notice, this list of conditions and the following disclaimer in the
> +#    documentation and/or other materials provided with the distribution.
> +# 3. The name of the author may not be used to endorse or promote products
> +#    derived from this software without specific prior written permission.
> +#
> +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
> +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
> +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
> +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
> +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
> +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> +
> +. "${srcdir=.}/init.sh"
> +
> +while read w s; do {
> + try_run_prog "../$s" || continue
> + run_strace -a$w -e@^clock ../$s > "$EXP"
> + match_diff "$LOG" "$EXP"
> +} < /dev/null; done << EOF
> +37 clock_adjtime
> +40 clock_nanosleep
> +36 clock_xettime
> +EOF
> +
> +# Surprised that fcntl*, futimesat, utime, utimensat, and utimes tests
> +# linked with musl use clock_gettime?  Me too!
> +grep -E -v '^(#|clock_|times$|fcntl|futimesat$|utime)' \
> + < "$srcdir/pure_executables.list" > negative.list
> +
> +while read s; do {
> + try_run_prog "../$s" || continue
> + run_strace -qq -esignal=none -e@^clock ../$s > /dev/null
> + match_diff "$LOG" /dev/null
> +} < /dev/null; done < negative.list
> +
> +while read w s; do {
> + try_run_prog "../$s" || continue
> + run_strace -a$w -e@^sched_ ../$s > "$EXP"
> + match_diff "$LOG" "$EXP"
> +} < /dev/null; done << EOF
> +28 sched_xetaffinity
> +23 sched_xetparam
> +31 sched_rr_get_interval
> +33 sched_get_priority_mxx
> +29 sched_xetattr
> +22 sched_xetscheduler
> +14 sched_yield
> +EOF
> +
> +grep -E -v '^(#|sched_|times$)' \
> + < "$srcdir/pure_executables.list" > negative.list
> +
> +while read s; do {
> + try_run_prog "../$s" || continue
> + run_strace -qq -esignal=none -e@^sched_ ../$s > /dev/null
> + match_diff "$LOG" /dev/null
> +} < /dev/null; done < negative.list
> -- 
> 2.7.4




More information about the Strace-devel mailing list