[PATCH] perf trace: Fix syscall untraceable bug
Howard Chu
howardchu95 at gmail.com
Tue Jun 11 15:43:56 UTC 2024
Hello Arnaldo,
On Tue, Jun 11, 2024 at 11:25 PM Arnaldo Carvalho de Melo
<acme at kernel.org> wrote:
>
> On Sun, Jun 09, 2024 at 01:21:46AM +0800, Howard Chu wrote:
> > as for the perf trace output:
> >
> > before
> >
> > perf $ perf trace -e faccessat2 --max-events=1
> > [no output]
> >
> > after
> >
> > perf $ ./perf trace -e faccessat2 --max-events=1
> > 0.000 ( 0.037 ms): waybar/958 faccessat2(dfd: 40, filename: "uevent") = 0
>
> Yeah, before there is no output, after, with the following test case:
>
> ⬢[acme at toolbox c]$ cat faccessat2.c
> #include <fcntl.h> /* Definition of AT_* constants */
> #include <sys/syscall.h> /* Definition of SYS_* constants */
> #include <unistd.h>
> #include <stdio.h>
>
> /* Provide own perf_event_open stub because glibc doesn't */
> __attribute__((weak))
> int faccessat2(int dirfd, const char *pathname, int mode, int flags)
> {
> return syscall(SYS_faccessat2, dirfd, pathname, mode, flags);
> }
>
> int main(int argc, char *argv[])
> {
> int err = faccessat2(123, argv[1], X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW);
>
> printf("faccessat2(123, %s, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = %d\n", argv[1], err);
> return err;
> }
> ⬢[acme at toolbox c]$ make faccessat2
> cc faccessat2.c -o faccessat2
> ⬢[acme at toolbox c]$ ./faccessat2 bla
> faccessat2(123, bla, X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) = -1
> ⬢[acme at toolbox c]$
>
> In the other terminal, as root:
>
> root at number:~# perf trace --call-graph dwarf -e faccessat2 --max-events=1
> 0.000 ( 0.034 ms): bash/62004 faccessat2(dfd: 123, filename: "bla", mode: X, flags: EACCESS|SYMLINK_NOFOLLOW) = -1 EBADF (Bad file descriptor)
> syscall (/usr/lib64/libc.so.6)
> faccessat2 (/home/acme/c/faccessat2)
> main (/home/acme/c/faccessat2)
> __libc_start_call_main (/usr/lib64/libc.so.6)
> __libc_start_main@@GLIBC_2.34 (/usr/lib64/libc.so.6)
> _start (/home/acme/c/faccessat2)
> root at number:~#
>
> Now to write another test case, this time for the landlock syscall, to
> test your btf_enum patch.
>
> In the future please add the test case so that one can quickly reproduce
> your testing steps.
Thank you for testing this patch, sorry for the inconvenience, I will
attach tests to speed up reproduction in the future. Also, your
simplification looks good, thank you so much.
Thanks,
Howard
>
> - Arnaldo
More information about the Linux-security-module-archive
mailing list