From 552f7c796d32655a6b155b01bd05b917b190eb66 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Fri, 5 Nov 2021 14:32:54 -0400 Subject: [PATCH] Fix: event notifier unknown syscall match only wildcard all The unknown system call event should only be generated when matching a wildcard *all*, otherwise when matching a system call by name we don't expect to emit a notification for an unknown system call. Signed-off-by: Mathieu Desnoyers Change-Id: Ia5b99ac3b15849859519b9484e400ce0de95faeb --- src/lttng-syscalls.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/src/lttng-syscalls.c b/src/lttng-syscalls.c index 9481d4ff..af812671 100644 --- a/src/lttng-syscalls.c +++ b/src/lttng-syscalls.c @@ -677,6 +677,20 @@ void lttng_syscall_event_enabler_create_matching_events(struct lttng_event_enabl } } +static +bool lttng_syscall_event_enabler_is_wildcard_all(struct lttng_event_enabler_common *event_enabler) +{ + if (event_enabler->event_param.instrumentation != LTTNG_KERNEL_ABI_SYSCALL) + return false; + if (event_enabler->event_param.u.syscall.abi != LTTNG_KERNEL_ABI_SYSCALL_ABI_ALL) + return false; + if (event_enabler->event_param.u.syscall.match != LTTNG_KERNEL_ABI_SYSCALL_MATCH_NAME) + return false; + if (strcmp(event_enabler->event_param.name, "*")) + return false; + return true; +} + static void create_unknown_syscall_event(struct lttng_event_enabler_common *event_enabler, enum sc_type type) { @@ -688,6 +702,18 @@ void create_unknown_syscall_event(struct lttng_event_enabler_common *event_enabl bool found = false; struct hlist_head *head; + /* + * Considering that currently system calls can only be enabled on a per + * name basis (or wildcard based on a name), unknown syscall events are + * only used when matching *all* system calls, because this is the only + * case which can be associated with an unknown system call. + * + * When enabling system call on a per system call number basis will be + * supported, this will need to be revisited. + */ + if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler)) + return; + switch (type) { case SC_TYPE_ENTRY: desc = &__event_desc___syscall_entry_unknown; @@ -1192,15 +1218,8 @@ void lttng_syscall_table_set_wildcard_all(struct lttng_event_enabler_common *eve enum lttng_kernel_abi_syscall_entryexit entryexit; int enabled = event_enabler->enabled; - if (event_enabler->event_param.instrumentation != LTTNG_KERNEL_ABI_SYSCALL) - return; - if (event_enabler->event_param.u.syscall.abi != LTTNG_KERNEL_ABI_SYSCALL_ABI_ALL) + if (!lttng_syscall_event_enabler_is_wildcard_all(event_enabler)) return; - if (event_enabler->event_param.u.syscall.match != LTTNG_KERNEL_ABI_SYSCALL_MATCH_NAME) - return; - if (strcmp(event_enabler->event_param.name, "*")) - return; - entryexit = event_enabler->event_param.u.syscall.entryexit; if (entryexit == LTTNG_KERNEL_ABI_SYSCALL_ENTRY || entryexit == LTTNG_KERNEL_ABI_SYSCALL_ENTRYEXIT) WRITE_ONCE(syscall_table->syscall_all_entry, enabled); -- 2.34.1