From 7df7bc1889ca2d75341ff4e4f7ee5e5903bf7b88 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 11 Apr 2017 04:04:37 +0000 Subject: [PATCH] trace_syscall_exiting: do not call get_regs for filtered syscalls This saves up to 25% of ptrace syscalls in case of trace filtering. * syscall.c (trace_syscall_exiting): Do not call gettimeofday and get_regs for filtered syscalls. * NEWS: Mention this change. * tests/get_regs.test: New test. * tests/Makefile.am (MISC_TESTS): Add it. --- NEWS | 1 + syscall.c | 7 +++--- tests/Makefile.am | 1 + tests/get_regs.test | 53 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 3 deletions(-) create mode 100755 tests/get_regs.test diff --git a/NEWS b/NEWS index 80e2031a..7bbd221b 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Noteworthy changes in release ?.?? (????-??-??) supported, but considered deprecated now. * Improvements + * Optimized syscall filtering. * Enhanced decoding of sched_setattr syscall. * Added -e trace=%sched option for tracing sched_* syscalls. * Added -e trace=%clock option for tracing clock_* syscalls. diff --git a/syscall.c b/syscall.c index 89491abb..7ae41f24 100644 --- a/syscall.c +++ b/syscall.c @@ -757,7 +757,7 @@ trace_syscall_exiting(struct tcb *tcp) struct timeval tv; /* Measure the exit time as early as possible to avoid errors. */ - if (Tflag || cflag) + if ((Tflag || cflag) && !(filtered(tcp) || hide_log(tcp))) gettimeofday(&tv, NULL); #ifdef USE_LIBUNWIND @@ -767,13 +767,14 @@ trace_syscall_exiting(struct tcb *tcp) } #endif + if (filtered(tcp) || hide_log(tcp)) + goto ret; + get_regs(tcp->pid); #if SUPPORTED_PERSONALITIES > 1 update_personality(tcp, tcp->currpers); #endif int res = (get_regs_error ? -1 : get_syscall_result(tcp)); - if (filtered(tcp) || hide_log(tcp)) - goto ret; if (syserror(tcp) && syscall_tampered(tcp)) tamper_with_syscall_exiting(tcp); diff --git a/tests/Makefile.am b/tests/Makefile.am index d38fe257..ce75196a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -567,6 +567,7 @@ MISC_TESTS = \ detach-sleeping.test \ detach-stopped.test \ filter-unavailable.test \ + get_regs.test \ ksysent.test \ opipe.test \ options-syntax.test \ diff --git a/tests/get_regs.test b/tests/get_regs.test new file mode 100755 index 00000000..c673fe95 --- /dev/null +++ b/tests/get_regs.test @@ -0,0 +1,53 @@ +#!/bin/sh +# +# Check that get_regs is skipped for filtered syscalls. +# +# Copyright (c) 2017 Dmitry V. Levin +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. "${srcdir=.}/init.sh" + +check_prog env +check_prog grep +run_prog ../gettid > /dev/null + +run_strace -qq -esignal=none -eraw=all -etrace=none ../gettid > /dev/null + +run_strace -qq -esignal=none -eraw=all -eptrace -o '|grep -c ^ptrace > less' \ + -- ${STRACE##* } -o "$LOG" $args > /dev/null + +[ "$(cat less)" -gt 0 ] || + fail_ "$STRACE $args failed to catch any ptrace syscalls" + +run_strace -qq -esignal=none -eraw=all -etrace=all ../gettid > /dev/null + +run_strace -qq -esignal=none -eraw=all -eptrace -o '|grep -c ^ptrace > more' \ + -- ${STRACE##* } -o "$LOG" $args > /dev/null + +[ "$(cat more)" -gt 0 ] || + fail_ "$STRACE $args failed to catch any ptrace syscalls" + +[ "$(cat more)" -gt "$(cat less)" ] || + fail_ "$STRACE failed to skip get_regs for filtered syscalls" -- 2.40.0