Paul Chaignon's GSoC status report - #1 of 12

Paul Chaignon paul.chaignon at gmail.com
Mon Jun 3 20:30:59 UTC 2019 

Hi all,

I haven't made as much progress as I'd hoped last week, mostly because I
had to go back to reading the ptrace documentation.

I included my work on the z/Z options (now status qualifier) below.  I
think it makes sense in that it helps me understand parts of strace I'll
have to work on for the gdbserver backend (and to a lesser extent for
seccomp).

Accomplishments:
- Finished rebase of Chen Jingpiao's work.
- Tested the patchset under Linux 4.4 and 5.1 (behavior differs regarding
  the order of seccomp-stop and syscall-enter-stop, cf. ptrace
  documentation).  I both checked the debug logs (with additional log
  messages) and ran quick evaluations (strace -n -enone) counting the
  number of syscalls performed.  This mostly helped me understand the
  sequences of PTRACE_SYSCALL & PTRACE_CONT [1] and find the below minor
  bugs.
- Fixed a couple of minor bugs (e.g., PTRACE_O_TRACESECCOMP set regardless
  of seccomp support, missing SECCOMP events in debug logs)
- Refactored a little (remove unnecessary functions, use appropriate
  macros, etc.)
- Implemented and tested a -e status=set syntax for the status qualifier.
  Current implementation adds a is_complete_set function to number_sets
  (using popcount), which I needed to detect if at least one status is not
  traced (!is_complete_set).  If all statuses are traced, there's no need
  to setup open_memstream.
- Addressed most comments from the reviews (simplified tests, removed most
  HAVE_OPEN_MEMSTREAM guards, etc.).

Priorities:
- Understand and extend the tests for seccomp.  Run under kernels <3.5 (no
  seccomp), >3.5 (seccomp-stop before syscall-entry), and >4.7
  (seccomp-stop after syscall-entry).
- Fix current seccomp behavior to fallback to usual tracing in case of
  error.
- Test cases for unavailable, exited, and detached status qualifiers.
- Unfinished status qualifier?  I'm currently failing to see the
  difference between unfinished and exited status; I sent a mail to the
  mailing list on this point.

I'm hoping to send a new version of the patchset for the status qualifier
this week, and maybe an RFC patchset for seccomp next weekend (depends
mostly on time spent on tests).

Thanks for reading,
Paul

1 - In the end, seccomp allows us to reduce the number of STOPs by
    restarting in PTRACE_CONT and relying on seccomp to stop at syscalls
    of interest.

More information about the Strace-devel mailing list