postmodern strace dmitry levin
play

Postmodern strace Dmitry Levin Brussels, 2020 Traditional strace - PowerPoint PPT Presentation

Mar 26, 2024 •108 likes •447 views

Postmodern strace Dmitry Levin Brussels, 2020 Traditional strace [1/30] Printing instruction pointer and timestamps print instruction pointer: -i option print timestamps: -r , -t , -tt , -ttt , and -T options Size and format of strings string

  1. Postmodern strace Dmitry Levin Brussels, 2020

  2. Traditional strace [1/30] Printing instruction pointer and timestamps print instruction pointer: -i option print timestamps: -r , -t , -tt , -ttt , and -T options Size and format of strings string size: -s option string format: -x and -xx options Verbosity of syscall decoding abbreviate output: -e abbrev= set , -v option dereference structures: -e verbose= set print raw undecoded syscalls: -e raw= set

  3. Traditional strace [2/30] Printing signals print signals: -e signal= set Dumping dump the data read from the specified descriptors: -e read= set dump the data written to the specified descriptors: -e write= set Redirecting output to files or pipelines write the trace to a file or pipeline: -o filename option write traces of processes to separate files: -ff -o filename

  4. Traditional strace [3/30] System call filtering trace only the specified set of system calls: -e trace= set System call statistics count time, calls, and errors for each system call: -c option sort the histogram printed by the -c option: -S sortby option Tracing control attach to existing processes: -p pid option trace child processes: -f option

  5. Modern strace [4/30] Tracing output format pathnames accessed by name or descriptor: -y option network protocol associated with descriptors: -yy option stack of function calls: -k option System call filtering pathnames accessed by name or descriptor: -P option regular expressions: -e trace =/ regexp optional specifications: -e trace =? spec new syscall classes: %stat, %lstat, %fstat, %statfs, %fstatfs, %%stat, %%statfs

  6. Modern strace [5/30] System call statistics wall clock time spent in syscalls: -w option combine statistics with regular output: -C option Tracing control attach to multiple processes: -p pid_set option detach on execve: -b execve option run as a detached grandchild: -D option interruptibility: -I option postprocessing: strace-log-merge

  7. Modern strace [6/30] System call tampering fault injection: -e inject = set : error = errno [: when = expr ][: syscall = syscall ] return value injection: -e inject = set : retval = value [: when = expr ][: syscall = syscall ] signal injection: -e inject = set : signal = set delay injection: -e inject = set : delay_enter = usecs -e inject = set : delay_exit = usecs

  8. Postmodern strace [7/30] New features since FOSDEM 2018 PTRACE_GET_SYSCALL_INFO API support system call return status filtering: -e status = set , -z , -Z options seccomp-assisted system call filtering: --seccomp-bpf option format of named constants and flags: -X option support of new system calls ( ≈ 35) elaborate syscall parsers long options copyleft license

  9. x86-64 architecture in Linux kernel [8/30] Operating modes 64-bit mode : CS register value == 0x33 32-bit mode : CS register value == 0x23 Several methods of system call invocation int 0x80 : Legacy 32-bit sysenter : Fast 32-bit syscall : 64-bit Surprise: 64-bit processes can invoke both 64-bit and 32-bit system calls. Linux API provides The system call number The value of CS register The value of RIP register

  10. Linux system call tracers on x86-64 architecture [9/30] Legacy method of obtaining system call information Fetch the system call number (PTRACE_PEEKUSER ORIG_RAX) Fetch the value of CS register (PTRACE_PEEKUSER CS) Guess the system call bitness by the value of CS register Determine the system call by its number and bitness Fetch the system call arguments accordingly Traditional method of obtaining system call information Fetch the whole set of registers (PTRACE_GETREGSET NT_PRSTATUS), the return value is decided by the value of CS register Guess the system call bitness by the return value Determine the system call by its number and bitness Interpret other registers as the system call arguments accordingly

  11. Process bitness does not match syscall bitness [10/30] Example based on Debian bug report #459820 submitted in 2008 #include <stdio.h> #include <unistd.h> int main() { setlinebuf(stdout); puts("------------"); __asm__("movl $2, %eax; int $0x80"); printf("[I am %d]\n", getpid()); return 0; } Regular invocation: ./debbug459820 ------------ [I am 23450] [I am 23451]

  12. Process bitness does not match syscall bitness [11/30] Invocation under strace $ strace -f ./debbug459820 > /dev/null ... write(1, "------------\n", 13) = 13 strace: Process 23451 attached open(0x1, O_RDONLY|O_CREAT|O_TRUNC |O_DSYNC|O_DIRECT|O_NOATIME|O_CLOEXEC |O_PATH|O_TMPFILE|0x1000020, 0134300) = 23451 ...

  13. Process bitness does not match syscall bitness [11/30] Invocation under strace $ strace -f ./debbug459820 > /dev/null ... write(1, "------------\n", 13) = 13 strace: Process 23451 attached open(0x1, O_RDONLY|O_CREAT|O_TRUNC |O_DSYNC|O_DIRECT|O_NOATIME|O_CLOEXEC |O_PATH|O_TMPFILE|0x1000020, 0134300) = 23451 ...

  14. Process bitness does not match syscall bitness [12/30] $ strace -f -z ./debbug459820 > /dev/null write(1, "------------\n", 13) = 13 strace: Process 23451 attached open(0x1, O_RDONLY|O_CREAT|O_TRUNC|O_DSYNC|O_DIRECT |O_NOATIME|O_CLOEXEC|O_PATH|O_TMPFILE|0x1000020, 0134300) = 23451 [pid 23450] getpid() = 23450 [pid 23451] getpid() = 23451 [pid 23450] write(1, "[I am 23450]\n", 13) = 13 [pid 23451] write(1, "[I am 23451]\n", 13) = 13 [pid 23450] +++ exited with 0 +++ +++ exited with 0 +++

  15. Process bitness does not match syscall bitness: problem [13/30] for i in ‘seq 0 9‘; do strace -qq -esignal=none -eopen ./debbug459820 >/dev/null; done open(0x1, O_RDONLY|O_CREAT|O_EXCL|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE| O_NOFOLLOW|O_CLOEXEC|0x4f000008, 0151330) = 15565 open(0x1, O_RDONLY|O_EXCL|O_NOCTTY|O_APPEND|O_NONBLOCK|O_DSYNC|O_TMPFILE| FASYNC|0x57800008, 036630) = 15570 open(0x1, O_RDONLY|O_EXCL|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME| O_PATH|O_DIRECTORY|FASYNC|0x8e800038) = 15575 open(0x1, O_RDONLY|O_CREAT|O_EXCL|O_APPEND|O_DSYNC|O_DIRECT|O_NOFOLLOW| O_PATH|O_DIRECTORY|FASYNC|0xe2800018, 072350) = 15580 open(0x1, O_RDONLY|O_CREAT|O_NOCTTY|O_SYNC|O_NOFOLLOW|O_CLOEXEC|FASYNC| 0xcf800038, 030610) = 15585 open(0x1, O_RDONLY|O_TRUNC|O_NOFOLLOW|O_CLOEXEC|O_DIRECTORY|FASYNC| 0x11800008) = 15590 open(0x1, O_RDONLY|O_CREAT|O_EXCL|O_NOCTTY|__O_SYNC|O_LARGEFILE|O_NOATIME| O_CLOEXEC|O_PATH|O_TMPFILE|FASYNC|0x43000038, 0121010) = 15595 open(0x1, O_RDONLY|O_EXCL|O_NONBLOCK|__O_SYNC|O_DIRECT|O_CLOEXEC|O_PATH| __O_TMPFILE|FASYNC|0x3a800038, 064310) = 15600 open(0x1, O_RDONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_DSYNC|O_DIRECT| O_LARGEFILE|O_DIRECTORY|0x47800028, 0154770) = 15610 open(0x1, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|FASYNC|0x5e000008) = 15605

  16. PTRACE_GET_SYSCALL_INFO support [14/30] Linux >= v5.3-rc1 $ git log -i -E --author=altlinux.org \ --grep=’ptrace|syscall_a|elf-em|selftests’ \ v4.20-rc2..v5.3-rc1 29 commits, 47 files changed, 703 insertions, 125 deletions 2 authors: Elvira Khabirova, Dmitry Levin 22 persons added their Acked-by/Reviewed-by/Signed-off-by 07.11.2018: first RFC patch submitted 12.11.2018: first patch committed 13.12.2018: API finalized 17.07.2019: last patch committed Implements PTRACE_GET_SYSCALL_INFO on those 19 architectures that enable CONFIG_HAVE_ARCH_TRACEHOOK

  17. PTRACE_GET_SYSCALL_INFO support [15/30] Linux PTRACE_GET_SYSCALL_INFO API struct ptrace_syscall_info { __u8 op; /* Type of system call stop */ __aligned_u32 arch; /* AUDIT_ARCH_* value; see seccomp(2) */ __u64 instruction_pointer; /* CPU instruction pointer */ __u64 stack_pointer; /* CPU stack pointer */ union { struct { /* op == PTRACE_SYSCALL_INFO_ENTRY */ __u64 nr; /* Syscall number */ __u64 args[6]; /* Syscall arguments */ } entry; struct { /* op == PTRACE_SYSCALL_INFO_EXIT */ __s64 rval; /* Syscall return value */ __u8 is_error; /* Does rval contain an error value? */ } exit; struct { /* op == PTRACE_SYSCALL_INFO_SECCOMP */ __u64 nr; /* Syscall number */ __u64 args[6]; /* Syscall arguments */ __u32 ret_data; /* SECCOMP_RET_DATA portion of SECCOMP_RET_TRACE */ } seccomp; }; };

  18. PTRACE_GET_SYSCALL_INFO support [16/30] strace >= v4.26, linux >= v5.3-rc1 Invocation under strace: strace -f -z ./debbug459820 > /dev/null ... write(1, "------------\n", 13) = 13 strace: [ Process PID=23450 runs in 32 bit mode. ] strace: Process 23451 attached fork() = 23451 strace: [ Process PID=23450 runs in 64 bit mode. ] [pid 23450] getpid() = 23450 strace: [ Process PID=23451 runs in 64 bit mode. ] [pid 23451] getpid() = 23451 [pid 23450] write(1, "[I am 23450]\n", 13) = 13 [pid 23451] write(1, "[I am 23451]\n", 13) = 13 [pid 23450] +++ exited with 0 +++ +++ exited with 0 +++

  19. System call return status filtering: -e status = set [17/30] Introduced in v5.2 (July 2019) Print only system calls with the specified return status. set can include the following elements: successful : returned without an error code, alias to -z failed : returned with an error code, alias to -Z unfinished : did not return detached : detached before return unavailable : returned but failed to fetch the error status The default is -e status = all .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

strace: fight for performance Eugene Syromiatnikov, Dmitry Levin FOSDEM 2020 What is strace ?

strace: fight for performance Eugene Syromiatnikov, Dmitry Levin FOSDEM 2020 What is strace ?

strace: fight for performance Eugene Syromiatnikov, Dmitry Levin FOSDEM 2020 What is strace ? strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes

975 views • 37 slides
Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is

Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is

Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is strace? A diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions between processes and the Linux

541 views • 24 slides
strace: new features Dmitry Levin BaseALT FOSDEM 2018 New features since FOSDEM 2017 Released

strace: new features Dmitry Levin BaseALT FOSDEM 2018 New features since FOSDEM 2017 Released

strace: new features Dmitry Levin BaseALT FOSDEM 2018 New features since FOSDEM 2017 Released 4.16 : Syscall return value injection 4.16 : Syscall signal injection 4.17 : Syscall specification improvements 4.18, 4.19 : Netlink socket

600 views • 21 slides
strace fr bash -Versteher Endlich die UNIX-Shell verstehen dank strace Harald Knig

strace fr bash -Versteher Endlich die UNIX-Shell verstehen dank strace Harald Knig

strace fr bash -Versteher Endlich die UNIX-Shell verstehen dank strace Harald Knig science + computing ag IT-Dienstleistungen und Software fr anspruchsvolle Rechnernetze Tbingen | Mnchen | Berlin | Dsseldorf Agenda me and s+c

358 views • 24 slides
34: From the Modern to the Postmodern and Beyond Art of the Later 20th Century Painting ,

34: From the Modern to the Postmodern and Beyond Art of the Later 20th Century Painting ,

34: From the Modern to the Postmodern and Beyond Art of the Later 20th Century Painting , Francis Bacon, 1946 The end of World War II left people in a state of despair and The umbrella recalls Neville skepticism. Chamberlain This was

211 views • 8 slides
Moving Least Squares Outline The Approximation Power of Moving Least- Squares D. Levin

Moving Least Squares Outline The Approximation Power of Moving Least- Squares D. Levin

David Levin presented by Niloy J. Mitra Moving Least Squares Outline The Approximation Power of Moving Least- Squares D. Levin Mesh-Independent Surface Interpolation D. Levin Defining point-set surfaces N. Amenta and Y. Kil CS

455 views • 32 slides
CONTENT LOCALIZATION HUB by ABOUT US POSTMODERN is the largest post-production and localization

CONTENT LOCALIZATION HUB by ABOUT US POSTMODERN is the largest post-production and localization

CONTENT LOCALIZATION HUB by ABOUT US POSTMODERN is the largest post-production and localization facility in Ukraine. Its part of FILM.UA Group, a creative powerhouse and one of the largest in Eastern European media groups, operating in global

215 views • 6 slides
Outline the instability of texts in the postmodern moment the role of interpretive

Outline the instability of texts in the postmodern moment the role of interpretive

10/2/19 Class 2c Technologies, Religion &amp; Meaning-Making Outline the instability of texts in the postmodern moment the role of interpretive communities the role of media definition types relation to

834 views • 6 slides
Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace, perf and dynamic probes Valerii Kravchuk, Principal Support Engineer, MariaDB vkravchuk@gmail.com 1 Who am I? Valerii (aka Valeriy ) Kravchuk :

549 views • 27 slides
The FYE at the Postmodern Multiversity | A Roundtable Discussion 28 th Annual Conference on The

The FYE at the Postmodern Multiversity | A Roundtable Discussion 28 th Annual Conference on The

The FYE at the Postmodern Multiversity | A Roundtable Discussion 28 th Annual Conference on The First-Year Experience Orlando, FL | February 6-10, 2009 The creation and maintenance of unified first-year experience programs at large, public,

210 views • 3 slides
Postmodern Characteristics in the Trends of Sporting Practices in Hungary Pernyi Szilvia (PhD.)

Postmodern Characteristics in the Trends of Sporting Practices in Hungary Pernyi Szilvia (PhD.)

University of Debrecen, Hungary Faculty of Economic Sciences and Rural Development, Department of Sporteconomics and Management Postmodern Characteristics in the Trends of Sporting Practices in Hungary Pernyi Szilvia (PhD.) Assistant

450 views • 23 slides
Complexity of distributions and average-case hardness Dmitry Sokolov joint work with Dmitry

Complexity of distributions and average-case hardness Dmitry Sokolov joint work with Dmitry

Complexity of distributions and average-case hardness Dmitry Sokolov joint work with Dmitry Itsykson and Alexander Knop St. Petersburg Department of V. A. Steklov Institute of Mathematics Problems in Theoretical Computer Science Moscow

716 views • 34 slides
DIVISIONS OF CHURCH HISTORY ANCIENT MODERN CHURCH CHURCH MEDIEVAL POSTMODERN CHURCH CHURCH

DIVISIONS OF CHURCH HISTORY ANCIENT MODERN CHURCH CHURCH MEDIEVAL POSTMODERN CHURCH CHURCH

DIVISIONS OF CHURCH HISTORY ANCIENT MODERN CHURCH CHURCH MEDIEVAL POSTMODERN CHURCH CHURCH A.D. 600 1500 1700 1900 Reformation Enlightenment Key Ideas on Atonement in the Early Church 1. Penal: a penalty paid either to Satan as

370 views • 13 slides
Starbucks Coffee: Cultivating and Selling the Postmodern Brew Author: Katherine G. Fry Summary

Starbucks Coffee: Cultivating and Selling the Postmodern Brew Author: Katherine G. Fry Summary

Starbucks Coffee: Cultivating and Selling the Postmodern Brew Author: Katherine G. Fry Summary Through the example of a Starbucks ad featuring a man from New Guinea in the 1992 issue of Sunset magazine and the image of Juan Valdez for

671 views • 17 slides
Dmitry Pushkar Dmitry Pushkar No Disclosure 2018 Non surgical (pessary,tampons)

Dmitry Pushkar Dmitry Pushkar No Disclosure 2018 Non surgical (pessary,tampons)

No Mesh repair of SUI: Conclusions Dmitry Pushkar Dmitry Pushkar No Disclosure 2018 Non surgical (pessary,tampons) Bulking agents No mesh New Lasers And many more EAU Do you still ASlings ? Yes 11% Cochrane

403 views • 15 slides
SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry

SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry

SRM Dmitry Litvintsev 7th international dCache workshop, May 27-29,2013 dCache Team Dmitry Litvintsev Wednesday, May 29, 13 Plan SRM, a reminder SRM parameters SRM troubleshooting dCache Team 2 Dmitry Litvintsev

827 views • 34 slides
Deep dive into Coroutines on JVM Roman Elizarov elizarov at JetBrains There is no magic

Deep dive into Coroutines on JVM Roman Elizarov elizarov at JetBrains There is no magic

Deep dive into Coroutines on JVM Roman Elizarov elizarov at JetBrains There is no magic Continuation Passing Style (CPS) A toy problem fun postItem(item: Item) { val token = requestToken () val post = createPost (token, item) processPost

1.37k views • 107 slides
Earnings Call David Burritt President and Chief Executive Officer Christie Breves Senior Vice

Earnings Call David Burritt President and Chief Executive Officer Christie Breves Senior Vice

Second Quarter 2020 Earnings Call David Burritt President and Chief Executive Officer Christie Breves Senior Vice President and Chief Financial Officer Rich Fruehauf Senior Vice President, Chief Strategy and Development Officer Kevin Lewis

555 views • 19 slides
VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng

VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng

VoLTE*: A Lightweight Voice Solution to 4G LTE Networks Guan-Hua Tu 1 , Chi-Yu Li 1 , Chunyi Peng 2 , Zengwen Yuan 1 , Yuanjie Li 1 , Xiaohu Zhao 2 , Songwu Lu 1 1 University of California, Los Angeles 2 The Ohio State University HotMobile16

661 views • 32 slides
CS 61A Discussion 1 Control and Environments Albert Xu Attendance: links.cs61a.org/albert-disc

CS 61A Discussion 1 Control and Environments Albert Xu Attendance: links.cs61a.org/albert-disc

CS 61A Discussion 1 Control and Environments Albert Xu Attendance: links.cs61a.org/albert-disc Slides: albertxu.xyz/teaching/cs61a/ Announcements Homework 1 is due today @ 11:59pm. Hog is due next Thursday checkpoint on Monday (no

1.49k views • 105 slides
MLW-LT Call For Par.cipa.on David Filip Dave Lewis Felix

MLW-LT Call For Par.cipa.on David Filip Dave Lewis Felix

MLW-LT Call For Par.cipa.on David Filip Dave Lewis Felix Sasaki Terminology CSA Coordina.on and Support Ac.on W3C Worldwide Web

488 views • 12 slides
DOMTAR CORPORATION FIRST QUARTER 2019 EARNINGS CALL May 1 st , 2019 (All financial information is

DOMTAR CORPORATION FIRST QUARTER 2019 EARNINGS CALL May 1 st , 2019 (All financial information is

1 st QUARTER 2019 EARNINGS CALL | MAY 1, 2019 DOMTAR CORPORATION FIRST QUARTER 2019 EARNINGS CALL May 1 st , 2019 (All financial information is in U.S. dollars, and all earnings per share results are diluted, unless otherwise noted.) 1 st

472 views • 19 slides
Ivermectin: a reflection on simplicity . Dr. Satoshi Omura avermectin B1a abamectin ivermectin

Ivermectin: a reflection on simplicity . Dr. Satoshi Omura avermectin B1a abamectin ivermectin

Ivermectin: a reflection on simplicity . Dr. Satoshi Omura avermectin B1a abamectin ivermectin Onchocerca volvulus ONCHOCERCIASIS River Blindness Sculpt. Whalen; Comm. Moores Dr. Mohammed A. Aziz . * * *

270 views • 16 slides
Cancer, Standards &amp; Interoperability: Delivering Insights and Content Travis Hicks Director,

Cancer, Standards &amp; Interoperability: Delivering Insights and Content Travis Hicks Director,

Cancer, Standards &amp; Interoperability: Delivering Insights and Content Travis Hicks Director, Web Operations American Society of Clinical Oncology What is the American Society of Clinical Oncology? Founded in 1964, the American Society

501 views • 11 slides

More recommend