[PATCH] perf trace: Fix syscall untraceable bug

Arnaldo Carvalho de Melo acme at kernel.org
Tue Jun 11 15:24:56 UTC 2024 

On Sun, Jun 09, 2024 at 01:21:46AM +0800, Howard Chu wrote:
> as for the perf trace output:
> 
> before
> 
> perf $ perf trace -e faccessat2 --max-events=1
> [no output]
> 
> after
> 
> perf $ ./perf trace -e faccessat2 --max-events=1
>      0.000 ( 0.037 ms): waybar/958 faccessat2(dfd: 40, filename: "uevent")                               = 0

Yeah, before there is no output, after, with the following test case:

⬢[acme at toolbox c]$ cat faccessat2.c
#include <fcntl.h>            /* Definition of AT_* constants */
#include <sys/syscall.h>      /* Definition of SYS_* constants */
#include <unistd.h>
#include <stdio.h>

/* Provide own perf_event_open stub because glibc doesn't */
__attribute__((weak))
int faccessat2(int dirfd, const char *pathname, int mode, int flags)
{
	return syscall(SYS_faccessat2, dirfd, pathname, mode, flags);
}

int main(int argc, char *argv[])
{
	int err = faccessat2(123, argv[1], X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW);

	printf("faccessat2(123, %s, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = %d\n", argv[1], err);
	return err;
}
⬢[acme at toolbox c]$ make faccessat2
cc     faccessat2.c   -o faccessat2
⬢[acme at toolbox c]$ ./faccessat2 bla
faccessat2(123, bla, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = -1
⬢[acme at toolbox c]$

In the other terminal, as root:

root at number:~# perf trace --call-graph dwarf -e faccessat2 --max-events=1
     0.000 ( 0.034 ms): bash/62004 faccessat2(dfd: 123, filename: "bla", mode: X, flags: EACCESS|SYMLINK_NOFOLLOW) = -1 EBADF (Bad file descriptor)
                                       syscall (/usr/lib64/libc.so.6)
                                       faccessat2 (/home/acme/c/faccessat2)
                                       main (/home/acme/c/faccessat2)
                                       __libc_start_call_main (/usr/lib64/libc.so.6)
                                       __libc_start_main@@GLIBC_2.34 (/usr/lib64/libc.so.6)
                                       _start (/home/acme/c/faccessat2)
root at number:~#

Now to write another test case, this time for the landlock syscall, to
test your btf_enum patch.

In the future please add the test case so that one can quickly reproduce
your testing steps.

- Arnaldo

More information about the Linux-security-module-archive mailing list