Subject: Chen Jingpiao's GSoC status report - #5 of #13

Chen Jingpiao chenjingpiao at gmail.com
Tue Jun 19 16:57:58 UTC 2018


Hello, strace community!

Last week, I focus on bpf code construct. Add a function to dump bpf code
for
debug, which will be remove when the project complete. Now trace syscall
number
in [lower, uppder) only need two bpf instructions. For example:

$ ./strace -d -etrace=1,2,3,4,5 ls >/dev/null
# offsetof(struct seccomp_data, arch) == 4
# offsetof(struct seccomp_data, nr) == 0
STMT(BPF_LD + BPF_W + BPF_ABS, 4)

JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 11, 3221225534)
STMT(BPF_LD + BPF_W + BPF_ABS, 0)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 1) # lower
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 7, 6) # upper
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 6, 0, 59)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 2, 1073741824)
STMT(BPF_LD + BPF_W + BPF_ABS, 4)
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 3, 0, 3221225534)
STMT(BPF_LD + BPF_W + BPF_ABS, 0)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 1, 0, 335)
STMT(BPF_RET + BPF_K, 2147418112) # ALLOW
STMT(BPF_RET + BPF_K, 2146435072) # TRACE

JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 13, 1073741827)
STMT(BPF_LD + BPF_W + BPF_ABS, 0)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 1) # lower
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 9, 6) # upper
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 8, 0, 11)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 222)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 6, 224)
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 5, 0, 251)
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 4, 0, 285)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 387)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 2, 446)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 1, 0, 446)
STMT(BPF_RET + BPF_K, 2147418112) # ALLOW
STMT(BPF_RET + BPF_K, 2146435072) # TRACE

JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 9, 3221225534)
STMT(BPF_LD + BPF_W + BPF_ABS, 0)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 1073741825) # lower
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 5, 1073741830) # upper
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 1, 1073742159)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 0, 3, 1073742336)
JUMP(BPF_JMP + BPF_JEQ + BPF_K, 2, 0, 1073742344)
JUMP(BPF_JMP + BPF_JGE + BPF_K, 1, 0, 1073742372)
STMT(BPF_RET + BPF_K, 2147418112) # ALLOW
STMT(BPF_RET + BPF_K, 2146435072) # TRACE

STMT(BPF_RET + BPF_K, 2146435072) # TRACE

Next week, I will fix the code and improve check_seccomp_order function.

--
Chen Jingpiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20180620/2c98f74c/attachment.html>


More information about the Strace-devel mailing list