trace_syscall_exiting: do not call get_regs for filtered syscalls

This saves up to 25% of ptrace syscalls in case of trace filtering.

* syscall.c (trace_syscall_exiting): Do not call gettimeofday
and get_regs for filtered syscalls.
* NEWS: Mention this change.
* tests/get_regs.test: New test.
* tests/Makefile.am (MISC_TESTS): Add it.

diff --git a/NEWS b/NEWS
index 80e2031a40c0dcca014961659c1cb2f25d0a7b43..7bbd221bc1cf691278945acfec2c71e53a337c61 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ Noteworthy changes in release ?.?? (????-??-??)
     supported, but considered deprecated now.
 
 * Improvements
+  * Optimized syscall filtering.
   * Enhanced decoding of sched_setattr syscall.
   * Added -e trace=%sched option for tracing sched_* syscalls.
   * Added -e trace=%clock option for tracing clock_* syscalls.

diff --git a/syscall.c b/syscall.c
index 89491abb797299e2ab53ea9bbc17c8cdde13f259..7ae41f243b57edf12bd8cfeadf55ebfd5c324818 100644 (file)
--- a/syscall.c
+++ b/syscall.c
@@ -757,7 +757,7 @@ trace_syscall_exiting(struct tcb *tcp)
        struct timeval tv;
 
        /* Measure the exit time as early as possible to avoid errors. */
-       if (Tflag || cflag)
+       if ((Tflag || cflag) && !(filtered(tcp) || hide_log(tcp)))
                gettimeofday(&tv, NULL);
 
 #ifdef USE_LIBUNWIND
@@ -767,13 +767,14 @@ trace_syscall_exiting(struct tcb *tcp)
        }
 #endif
 
+       if (filtered(tcp) || hide_log(tcp))
+               goto ret;
+
        get_regs(tcp->pid);
 #if SUPPORTED_PERSONALITIES > 1
        update_personality(tcp, tcp->currpers);
 #endif
        int res = (get_regs_error ? -1 : get_syscall_result(tcp));
-       if (filtered(tcp) || hide_log(tcp))
-               goto ret;
 
        if (syserror(tcp) && syscall_tampered(tcp))
                tamper_with_syscall_exiting(tcp);

diff --git a/tests/Makefile.am b/tests/Makefile.am
index d38fe25711ea9362bb16a05da4b3060542a7ae43..ce75196a0303d437595f81afec275acc3e518aee 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -567,6 +567,7 @@ MISC_TESTS = \
        detach-sleeping.test \
        detach-stopped.test \
        filter-unavailable.test \
+       get_regs.test \
        ksysent.test \
        opipe.test \
        options-syntax.test \

diff --git a/tests/get_regs.test b/tests/get_regs.test
new file mode 100755 (executable)
index 0000000..c673fe9
--- /dev/null
+++ b/tests/get_regs.test
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# Check that get_regs is skipped for filtered syscalls.
+#
+# Copyright (c) 2017 Dmitry V. Levin <ldv@altlinux.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+#    derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. "${srcdir=.}/init.sh"
+
+check_prog env
+check_prog grep
+run_prog ../gettid > /dev/null
+
+run_strace -qq -esignal=none -eraw=all -etrace=none ../gettid > /dev/null
+
+run_strace -qq -esignal=none -eraw=all -eptrace -o '|grep -c ^ptrace > less' \
+       -- ${STRACE##* } -o "$LOG" $args > /dev/null
+
+[ "$(cat less)" -gt 0 ] ||
+       fail_ "$STRACE $args failed to catch any ptrace syscalls"
+
+run_strace -qq -esignal=none -eraw=all -etrace=all ../gettid > /dev/null
+
+run_strace -qq -esignal=none -eraw=all -eptrace -o '|grep -c ^ptrace > more' \
+       -- ${STRACE##* } -o "$LOG" $args > /dev/null
+
+[ "$(cat more)" -gt 0 ] ||
+       fail_ "$STRACE $args failed to catch any ptrace syscalls"
+
+[ "$(cat more)" -gt "$(cat less)" ] ||
+       fail_ "$STRACE failed to skip get_regs for filtered syscalls"