linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Linux API <linux-api@vger.kernel.org>,
	Ingo Molnar <mingo@redhat.com>,
	open list <linux-kernel@vger.kernel.org>,
	Linux MIPS Mailing List <linux-mips@linux-mips.org>,
	Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Subject: Re: [PATCH 1/2] tracing/syscalls: allow multiple syscall numbers per syscall
Date: Tue, 30 Aug 2016 17:01:57 -0700	[thread overview]
Message-ID: <CALCETrWjipqo3ZfbrrS4MkdFgcisrjvu=CcWe6T-h1HV7tzUrg@mail.gmail.com> (raw)
In-Reply-To: <20160830192818.4e16a674@gandalf.local.home>

On Tue, Aug 30, 2016 at 4:28 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> On Tue, 30 Aug 2016 16:09:04 -0700
> Andy Lutomirski <luto@amacapital.net> wrote:
>
>> But none of this should be a problem at all for MIPS, right?  AFAICT
>> the only problem for MIPS is that there *is* a mapping from metadata
>> to nr.  If that mapping got removed, MIPS should just work, right?
>
> Wait, where's the mapping of metadata to nr. I don't see that, nor do I
> see a need for that. The issue is that we have metadata that expresses
> how to record a syscall, and we map syscall nr to metadata, because
> when tracing is active, the only thing we have to find that metadata is
> the syscall nr.

It's in init_ftrace_syscalls():

        meta->syscall_nr = i;

and everything that uses that.  I think that this is the main problem
that the patch that started this thread changes, and I think that
deleting it would be cleaner than this patch.

>
> Now if a syscall nr has more than one way to record (a single nr for
> multiple syscalls), then we get into trouble. That's why we have
> trouble with compat syscalls. The same number maps to different
> syscalls, and we don't know how to differentiate that.

>
>
>>
>> For x86 compat, I think that adding arch should be sufficient.
>> Specifically, rather than having just one enter_syscall_files array,
>> have one per audit arch.  Then call syscall_get_arch() as well as
>> syscall_get_nr() and use both to lookup the metadata.  AFAIK this
>> should work on all architectures, although you might need some arch
>> helpers to enumerate all the arches and their respective syscall
>> tables (and max syscall nrs).
>
> OK, if the regs can get us to the arch, then this might work.
>
> That is, perhaps we can have multiple tables (not really sure how to
> make that happen in an arch agnostic way), and then have two functions:
>
> trace_get_syscall_nr(current, regs)
> trace_get_syscall_arch(current, regs)

Sadly, syscall_get_arch() doesn't take a regs parameter -- it looks at
current.  If it were made more general, it would need a task pointer,
not a regs pointer, but would just looking at current be okay for
tracing?

syscall_get_arch() does work on all archs that support seccomp filters, though.

  reply	other threads:[~2016-08-31  0:03 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-29  9:30 [PATCH 1/2] tracing/syscalls: allow multiple syscall numbers per syscall Marcin Nowakowski
2016-08-29  9:30 ` [PATCH 2/2] MIPS: set NR_syscall_tables appropriately Marcin Nowakowski
2016-09-27 12:04   ` Ralf Baechle
2016-09-28  6:58     ` Marcin Nowakowski
2016-08-29 23:55 ` [PATCH 1/2] tracing/syscalls: allow multiple syscall numbers per syscall Andy Lutomirski
2016-08-30  8:14   ` Marcin Nowakowski
2016-08-30 18:52     ` Andy Lutomirski
2016-08-30 19:29       ` Steven Rostedt
2016-08-30 19:53         ` Andy Lutomirski
2016-08-30 20:58           ` Steven Rostedt
2016-08-30 21:45             ` Andy Lutomirski
2016-08-30 22:03               ` Steven Rostedt
2016-08-30 22:08                 ` Andy Lutomirski
2016-08-30 22:30                   ` Steven Rostedt
2016-08-30 23:09                     ` Andy Lutomirski
2016-08-30 23:28                       ` Steven Rostedt
2016-08-31  0:01                         ` Andy Lutomirski [this message]
2016-08-31 14:08                           ` Marcin Nowakowski
2016-08-31  7:00                         ` Marcin Nowakowski
2016-08-31  8:24           ` Arnd Bergmann
2016-09-01 15:24             ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrWjipqo3ZfbrrS4MkdFgcisrjvu=CcWe6T-h1HV7tzUrg@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@linux-mips.org \
    --cc=marcin.nowakowski@imgtec.com \
    --cc=mingo@redhat.com \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).