[PATCH/RFC v1 0/2] [GSoC] Stop condition based on number of syscalls
Sahil Siddiq
icegambit91 at gmail.com
Thu Feb 16 12:50:05 UTC 2023
Hi,
On Thursday, 16 February 2023 12:27:41 IST Dmitry V. Levin wrote:
> Hi,
>
> On Wed, Feb 15, 2023 at 02:53:59AM +0530, Sahil Siddiq wrote:
> > This patch adds the option to detach strace after capturing a specified
> > number of syscalls.
> >
> > I went through the relevant parts of the codebase while working on this
> > patch and there are a few things that I am not clear on.
> >
> > 1. I have assumed that a syscall is considered to be traced only if
> > "syscall_exiting_decode()" returns a non-zero value (does not "bail
> > out"). I am not sure if that is correct.
>
> The tracee is being stopped both on entering and on exiting syscall, that
> is, twice per syscall invocation. If --seccomp-bpf option is in effect,
> then the tracee is not stopped on syscalls that are filtered out.
>
> > 2. I tried to understand the workings of the "trace_syscall()" function.
> > When can there a situation where "syscall_entering_decode()" does
> > not bail out, but "syscall_exiting_decode" bails out?
>
> syscall_entering_decode doesn't normally bail out, while
> syscall_exiting_decode routinely bails out on syscalls
> that are filtered out by syscall_entering_trace.
Thank you for your prompt response. This makes sense now. In this case, it
should be alright to decrement "syscall_limit" only when "syscall_exiting_decode"
does not bail out/is not filtered out.
Regards,
Sahil
More information about the Strace-devel
mailing list