From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756116AbcH3Wai (ORCPT <rfc822;w@1wt.eu>);
        Tue, 30 Aug 2016 18:30:38 -0400
Received: from smtprelay0252.hostedemail.com ([216.40.44.252]:57844 "EHLO
        smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1750849AbcH3Wae (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Aug 2016 18:30:34 -0400
X-Session-Marker: 726F737465647440676F6F646D69732E6F7267
X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,rostedt@goodmis.org,:::::::::::,RULES_HIT:41:355:379:541:560:599:800:960:973:981:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1777:1792:2393:2553:2559:2562:3138:3139:3140:3141:3142:3354:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:5007:6119:6261:7875:7903:8603:8660:10004:10394:10400:10450:10455:10848:10967:11026:11232:11658:11914:12043:12296:12438:12663:12740:13138:13148:13161:13229:13230:13231:13439:14181:14659:14721:19904:19999:21080:21212:21222:21324:21451:30012:30025:30029:30034:30054:30060:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none
X-HE-Tag: net12_21b1e8c3f7918
X-Filterd-Recvd-Size: 3785
Date: Tue, 30 Aug 2016 18:30:30 -0400
From: Steven Rostedt <rostedt@goodmis.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linux API <linux-api@vger.kernel.org>, Ingo Molnar <mingo@redhat.com>,
        open list <linux-kernel@vger.kernel.org>,
        Linux MIPS Mailing List <linux-mips@linux-mips.org>,
        Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Subject: Re: [PATCH 1/2] tracing/syscalls: allow multiple syscall numbers
 per syscall
Message-ID: <20160830183030.3e9f67f0@gandalf.local.home>
In-Reply-To: <CALCETrWjpcKqFHvxS35Csd3An1QNMXW8yiHChuWfuWTvVu8_ig@mail.gmail.com>
References: <1472463007-6469-1-git-send-email-marcin.nowakowski@imgtec.com>
        <CALCETrW1m9ozck-ugX6AKnL7oNA8rvMTjhFGqtVSvKL9BMXMZA@mail.gmail.com>
        <f40020e1-200c-f113-5174-5fe4d4c000dc@imgtec.com>
        <CALCETrWy5cUDJmTVrjSSqWHc4KyxTPjoD7yU7iqTSHfkK4UwvA@mail.gmail.com>
        <20160830152955.17633511@gandalf.local.home>
        <CALCETrXA0XbYuqYzWMJA+KjFS31YL0cTVtrvCnmRY_GMK6oNpw@mail.gmail.com>
        <20160830165830.5e494c43@gandalf.local.home>
        <CALCETrW_bnmqBRp3qWoaWUu=m7Bi19VcH9kMBifyL06JuGGVzg@mail.gmail.com>
        <20160830180328.4e579db3@gandalf.local.home>
        <CALCETrWjpcKqFHvxS35Csd3An1QNMXW8yiHChuWfuWTvVu8_ig@mail.gmail.com>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 30 Aug 2016 15:08:19 -0700
Andy Lutomirski <luto@amacapital.net> wrote:

> On Tue, Aug 30, 2016 at 3:03 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> > On Tue, 30 Aug 2016 14:45:05 -0700
> > Andy Lutomirski <luto@amacapital.net> wrote:
> >  
> >> I wonder: could more of it be dynamically allocated?  I.e. statically
> >> generate metadata with args and name and whatever but without any nr.
> >> Then dynamically allocate the map from nr to metadata?  
> >
> > Any ideas on how to do that?  
> 
> This might be as simple as dropping the syscall_nr field from
> syscall_metadata.  I admit I'm not familiar with this code at all, but
> I'm not really sure why that field is needed.  init_ftrace_syscalls is
> already dynamically allocating an array that maps nr to metadata, and
> I don't see what in the code actually needs that mapping to be
> one-to-one or needs the reverse mapping.

The issue is that the syscall trace points are called by a single
location, that passes in the syscall_nr, and we need a way to map that
syscall_nr to the metadata.

System calls are really a meta tracepoint. They share a single real
tracepoint called raw_syscalls:sys_enter and raw_syscalls:sys_exit.
When you enable a system call like sys_enter_read, what really happens
is that the sys_enter tracepoint is attached with a function called
ftrace_syscall_enter().

This calls trace_get_syscall_nr(current, regs), to extract the actual
syscall_nr that was called. This is used to find the "file" that is
mapped to the system call (the tracefs file that enabled the system
call).

	trace_file = tr->enter_syscall_files[syscall_nr];

And the meta data (what is used to tell us what to save) is found with
the syscall_nr_to_meta() function.

Now the metadata is used to extract the arguments of the system call:

 syscall_get_arguments(current, regs, 0, sys_data->nb_args,
	etnry->args);

As well as the size needed.

There's no need to map syscall meta to nr, we need a way to map the nr
to the syscall metadata, and when there's more than a one to one
mapping, we need a way to differentiate that in the raw syscall
tracepoints.

-- Steve