[Bug tapsets/30776] New: stap should automatically filter more probe hits based on -c/-x and stp

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

* [Bug tapsets/30776] New: stap should automatically filter more probe hits based on -c/-x and stp_pid()
@ 2023-08-17 13:23 fche at redhat dot com
  0 siblings, 0 replies; only message in thread
From: fche at redhat dot com @ 2023-08-17 13:23 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=30776

            Bug ID: 30776
           Summary: stap should automatically filter more probe hits based
                    on -c/-x and stp_pid()
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: tapsets
          Assignee: systemtap at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

It is not unusual for someone new to stap to run scripts such as

# stap -e ' probe syscall.* { log(name, " ", argstr) }'

and be absolutely flooded with traffic, not realizing that this will include
all the syscalls performed by stapio/staprun itself in processing this very
output.  That leads to a self-amplifying pile of syscalls that cannot possibly
be serviced fast enough, and leads to transport buffer overflows.  Similar
arguments apply to kprobes.

IMO, it's time to filter out many more events by default that are associated
with stp_pid().  This should be a %( compatible %) type gated change, to permit
users to demand older version behaviour.

Similarly, if the user were to run the same script but thusly:

# stap -e '[...]' -c CMD

he or she is probably expecting only CMD/child-process syscalls to be included.
 While the strace.stp sample script does this, IMO the translator should do
this for apprx. all probe types by default.

"Apprx all" - ones other than begin/end/timer/procfs.

So while all this should be gated on compatibility mode, it would be useful to
let a user get some runtime control over this behaviour change too.  For
example, this change could be implemented by having the translator emit this
into the probe handler front:

  %( systemtap_v >= "5.0" %? 
     if (stap_auto_probe_filter && stap_probe_filter_p()) next; 
  %)

and have this in a new tapset file:

  global stap_auto_probe_filter = 1
  function stap_probe_filter_p() {    // reject this probe hit if
       return (pid() == stp_pid() ||  // it relates to staprun/stapio
               (target() &&           // or if in -c/-x mode,
                !target_set_pid(pid())))    // relates to some other process
  }

then a user could disable the new default it with

# stap -G stap_auto_probe_filter=0  -e '......'

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-08-17 13:23 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-17 13:23 [Bug tapsets/30776] New: stap should automatically filter more probe hits based on -c/-x and stp_pid() fche at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).