Query regarding syscall decoders

Eugene Syromyatnikov evgsyr at gmail.com
Tue Feb 13 14:16:33 UTC 2024

On Tue, Feb 13, 2024 at 03:31:39AM +0530, Sahil Siddiq wrote:
> Hi,
> Two new syscalls, listmount and statmount, were added to the linux
> kernel [1][2][3]. I have never written a syscall decoder and this seems to
> be a challenging task. I would like to try my hand at this.
> I was going through several syscall decoders in strace and I have got a
> question. Several decoders (eg: getpriority) return RVAL_DECODED, while
> some decoders (eg: getrusage) return 0 unconditionally.
> When should a decoder return RVAL_DECODED and when is "return 0"
> appropriate?

A syscall decoder can be called twice, on syscall entering (to decode/print
leading input arguments up to the first output one and possibly stash
some data provided by the tracee to the kernel in input/output buffers)
and on exiting (to decode/print the rest of the arguments and possibly
set the auxstr).  In some cases, there is nothing to decode on exiting,
and that is indicated by setting the RVAL_DECODED flag in the decoder's
return value, when the decoder is called the first time on syscall
entering, so the decoder won't be called the second time on syscall
exiting.  Some other bits that are provided in the decoder return code:
 * Return value format, set in the bits covered by RVAL_MASK (017).
   These include RVAL_UDECIMAL/RVAL_HEX/RVAL_OCTAL for number
   formatting, RVAL_FD for FDs (so the value is then formatted with
   printfd()), and RVAL_TID/RVAL_SID/RVAL_TGID/RVAL_PGID for process IDs
   (it is then formatted with printpid()).
 * RVAL_STR indicates that tcp->auxstr is to be printed if set.  auxstr
   is used to provide arbitrary auxiliary information that augments
   the return value (like the event triggered the poll(2) exit, or
   human-readable representation of return value flags).
 * RVAL_NONE is used when the return value was impossible to retrieve
   and provide, so far it is used only in the indirect shmat(2) calls,
   when the return value cannot be retrieved from the tracee's memory.
 * RVAL_IOCTL_DECODED is only used for ioctl decoders, see
   the description of src/ioctl.c:ioctl_decode().

Feel free to refer to src/syscall.c:syscall_exiting_trace() for implementation

> Regards,
> Sahil
> [1] https://lwn.net/Articles/950569/
> [2] https://lwn.net/ml/linux-kernel/20231101-urenkel-banal-b232d7a3cbe8@brauner/
> [3] https://www.phoronix.com/news/Linux-6.8-statmount-listmount
> -- 
> Strace-devel mailing list
> Strace-devel at lists.strace.io
> https://lists.strace.io/mailman/listinfo/strace-devel

More information about the Strace-devel mailing list