diff options
Diffstat (limited to 'tapset')
| -rw-r--r-- | tapset/DEVGUIDE | 6 | ||||
| -rw-r--r-- | tapset/ansi.stp | 70 | ||||
| -rw-r--r-- | tapset/aux_syscalls.stp | 18 | ||||
| -rw-r--r-- | tapset/context-symbols.stp | 84 | ||||
| -rw-r--r-- | tapset/context-unwind.stp | 32 | ||||
| -rw-r--r-- | tapset/context.stp | 120 | ||||
| -rw-r--r-- | tapset/conversions.stp | 5 | ||||
| -rw-r--r-- | tapset/errno.stp | 14 | ||||
| -rw-r--r-- | tapset/i686/registers.stp | 50 | ||||
| -rw-r--r-- | tapset/i686/syscalls.stp | 2 | ||||
| -rw-r--r-- | tapset/ioscheduler.stp | 20 | ||||
| -rw-r--r-- | tapset/ip.stp | 78 | ||||
| -rw-r--r-- | tapset/kprocess.stp (renamed from tapset/process.stp) | 34 | ||||
| -rw-r--r-- | tapset/memory.stp | 13 | ||||
| -rw-r--r-- | tapset/networking.stp | 8 | ||||
| -rw-r--r-- | tapset/s390x/syscalls.stp | 24 | ||||
| -rw-r--r-- | tapset/scsi.stp | 18 | ||||
| -rw-r--r-- | tapset/signal.stp | 210 | ||||
| -rw-r--r-- | tapset/socket.stp | 80 | ||||
| -rw-r--r-- | tapset/string.stp | 12 | ||||
| -rw-r--r-- | tapset/syscalls.stp | 8 | ||||
| -rw-r--r-- | tapset/task.stp | 24 | ||||
| -rw-r--r-- | tapset/tcp.stp | 132 | ||||
| -rw-r--r-- | tapset/timestamp.stp | 6 | ||||
| -rw-r--r-- | tapset/ucontext-symbols.stp | 75 | ||||
| -rw-r--r-- | tapset/ucontext-unwind.stp | 52 | ||||
| -rw-r--r-- | tapset/udp.stp | 46 | ||||
| -rw-r--r-- | tapset/utrace.stp | 22 |
28 files changed, 934 insertions, 329 deletions
diff --git a/tapset/DEVGUIDE b/tapset/DEVGUIDE index e6bc3fb8..693521a8 100644 --- a/tapset/DEVGUIDE +++ b/tapset/DEVGUIDE @@ -59,8 +59,8 @@ For example, process execs can occur in either the do_execve() or the compat_do_execve() functions. The following alias inserts probes at the beginning of those functions: -probe process.exec = kernel.function("do_execve"), - kernel.function("compat_do_execve") { +probe kprocess.exec = kernel.function("do_execve"), + kernel.function("compat_do_execve") { < probe body > } @@ -87,7 +87,7 @@ process is retrieved by calling task_pid() and passing it the task_struct pointer. In this case, the auxiliary function is an embedded C function that's defined in the task tapset (task.stp). -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) } diff --git a/tapset/ansi.stp b/tapset/ansi.stp new file mode 100644 index 00000000..0152fb37 --- /dev/null +++ b/tapset/ansi.stp @@ -0,0 +1,70 @@ +# ANSI escape sequences tapset +# Copyright (C) 2009 Red Hat, Inc., Eugene Teo <eteo@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# Based on some previous work done by Masami Hiramatsu for stapgames. +# Reference: http://en.wikipedia.org/wiki/ANSI_escape_code +# + +function ansi_clear_screen() { + print("\033[1;1H\033[J") +} + +# Foreground colors | Background colors +# Black 30 | Black 40 +# Blue 34 | Red 41 +# Green 32 | Green 42 +# Cyan 36 | Yellow 43 +# Red 31 | Blue 44 +# Purple 35 | Magenta 45 +# Brown 33 | Cyan 46 +# Light Gray 37 | White 47 +function ansi_set_color(fg:long) { + printf("\033[%dm", fg) +} + +function ansi_set_color2(fg:long, bg:long) { + printf("\033[%d;%dm", bg, fg) +} + +# All attributes off 0 +# Intensity: Bold 1 +# Underline: Single 4 +# Blink: Slow 5 +# Blink: Rapid 6 +# Image: Negative 7 +function ansi_set_color3(fg:long, bg:long, attr:long) { + attr_str = attr ? sprintf(";%dm", attr) : "m" + printf("\033[%d;%d%s", bg, fg, attr_str) +} + +function ansi_reset_color() { + ansi_set_color3(0, 0, 0) +} + +function ansi_new_line() { + printf("\12") +} + +function ansi_cursor_move(x:long, y:long) { + printf("\033[%d;%dH", y, x) +} + +function ansi_cursor_hide() { + print("\033[>5I") +} + +function ansi_cursor_save() { + print("\033[s") +} + +function ansi_cursor_restore() { + print("\033[u") +} + +function ansi_cursor_show() { + print("\033[>5h") +} diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index d2e43903..9cb7a3df 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -60,10 +60,10 @@ function _struct_timezone_u:string(uaddr:long) %} %{ - // Needed for the following four functions - // _struct_utimbuf_actime, _struct_utimbuf_modtime, - // _struct_compat_utimbuf_actime, _struct_compat_utimbuf_modtime - #include <linux/utime.h> +// Needed for the following four functions +// _struct_utimbuf_actime, _struct_utimbuf_modtime, +// _struct_compat_utimbuf_actime, _struct_compat_utimbuf_modtime +#include <linux/utime.h> %} // Returns the value of the actime field of a utimbuf in user space @@ -322,17 +322,11 @@ function _struct_sockaddr_u:string(uaddr:long, len:long) } else if ((sa->sa_family == AF_PACKET)&&(len == sizeof(struct sockaddr_ll))) { - /* FIXME. This needs tested */ struct sockaddr_ll *sll = (struct sockaddr_ll *)buf; -#if defined(__powerpc__) || defined(__ia64__) || defined(__s390x__) - snprintf(str, strlen, "{AF_PACKET, proto=%d, ind=%d, hatype=%d, pkttype=%d, halen=%d, addr=0x%lx}", - (int)sll->sll_protocol, sll->sll_ifindex, (int)sll->sll_hatype, (int)sll->sll_pkttype, - (int)sll->sll_halen, *(uint64_t *)sll->sll_addr); -#else snprintf(str, strlen, "{AF_PACKET, proto=%d, ind=%d, hatype=%d, pkttype=%d, halen=%d, addr=0x%llx}", (int)sll->sll_protocol, sll->sll_ifindex, (int)sll->sll_hatype, (int)sll->sll_pkttype, - (int)sll->sll_halen, *(uint64_t *)sll->sll_addr); -#endif + (int)sll->sll_halen, + (long long)(*(uint64_t *)sll->sll_addr)); } else { diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index 46eab841..e4406d9b 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -6,20 +6,25 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> %{ #ifndef STP_NEED_SYMBOL_DATA #define STP_NEED_SYMBOL_DATA 1 #endif %} -// weirdness with print_stack, argument appears in build as undescribed + /** - * sfunction print_stack - Print out stack from string - * @stk: String with list of hexidecimal addresses. (FIXME) + * sfunction print_stack - Print out stack from string. + * @stk: String with list of hexidecimal addresses. * * Perform a symbolic lookup of the addresses in the given string, - * which is assumed to be the result of a prior call to + * which is assumed to be the result of a prior call to * <command>backtrace()</command>. + * * Print one line per address, including the address, the * name of the function containing the address, and an estimate of * its position within that function. Return nothing. @@ -36,9 +41,7 @@ function print_stack(stk:string) %{ %} /** - * sfunction probefunc - Function probed - * - * Return the probe point's function name, if known. + * sfunction probefunc - Return the probe point's function name, if known. */ function probefunc:string () %{ /* pure */ char *ptr, *start; @@ -63,7 +66,7 @@ function probefunc:string () %{ /* pure */ #else ((unsigned long)REG_IP(CONTEXT->regs) >= (unsigned long)PAGE_OFFSET)) { #endif - _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs)); + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs), current, 0); if (THIS->__retvalue[0] == '.') /* powerpc symbol has a dot*/ strlcpy(THIS->__retvalue,THIS->__retvalue + 1,MAXSTRINGLEN); } else { @@ -72,9 +75,7 @@ function probefunc:string () %{ /* pure */ %} /** - * sfunction probemod - Module probed - * - * Return the probe point's module name, if known. + * sfunction probemod - Return the probe point's module name, if known. */ function probemod:string () %{ /* pure */ char *ptr, *start; @@ -88,8 +89,59 @@ function probemod:string () %{ /* pure */ while (*ptr != '"' && --len && *ptr) *dst++ = *ptr++; *dst = 0; - } else { - /* XXX: need a PC- and symbol-table-based fallback. */ - THIS->__retvalue[0] = '\0'; - } + } else if (CONTEXT->regs) { + struct _stp_module *m; + m = _stp_mod_sec_lookup (REG_IP(CONTEXT->regs), current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); + } else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); +%} + +/** + * sfunction modname - Return the kernel module name loaded at the address. + * @addr: The address. + * + * Description: Returns the module name associated with the given + * address if known. If not known it will return the string "<unknown>". + * If the address was not in a kernel module, but in the kernel itself, + * then the string "kernel" will be returned. + */ +function modname:string (addr: long) %{ /* pure */ + struct _stp_module *m; + m = _stp_mod_sec_lookup (THIS->addr, current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); +%} + +/** + * sfunction symname - Return the symbol associated with the given address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function symname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + NULL, 0); +%} + +/** + * sfunction symdata - Return the symbol and module offset for the address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known, plus the module name (between brackets) and + * the offset inside the module, plus the size of the symbol function. + * If any element is not known it will be ommitted and if the symbol name + * is unknown it will return the hex string for the given address. + */ +function symdata:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + NULL, 1); %} diff --git a/tapset/context-unwind.stp b/tapset/context-unwind.stp index a0836ed6..d6654d25 100644 --- a/tapset/context-unwind.stp +++ b/tapset/context-unwind.stp @@ -6,7 +6,11 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> %{ #ifndef STP_NEED_UNWIND_DATA #define STP_NEED_UNWIND_DATA 1 @@ -19,12 +23,12 @@ /** * sfunction print_backtrace - Print stack back trace * - * Equivalent to <command>print_stack(backtrace())</command>, + * Equivalent to <command>print_stack(backtrace())</command>, * except that deeper stack nesting may be supported. Return nothing. */ function print_backtrace () %{ if (CONTEXT->regs) { - _stp_stack_print(CONTEXT->regs, 1, CONTEXT->pi, MAXTRACE); + _stp_stack_print(CONTEXT->regs, 1, CONTEXT->pi, MAXTRACE, NULL); } else { _stp_printf("Systemtap probe: %s\n", CONTEXT->probe_point); } @@ -33,12 +37,12 @@ function print_backtrace () %{ /** * sfunction backtrace - Hex backtrace of current stack * - * Return a string of hex addresses that are a backtrace of the - * stack. It may be truncated due to maximum string length. + * Return a string of hex addresses that are a backtrace of the + * stack. Output may be truncated as per maximum string length. */ function backtrace:string () %{ /* pure */ if (CONTEXT->regs) - _stp_stack_snprint (THIS->__retvalue, MAXSTRINGLEN, CONTEXT->regs, 0, CONTEXT->pi, MAXTRACE); + _stp_stack_snprint (THIS->__retvalue, MAXSTRINGLEN, CONTEXT->regs, 0, CONTEXT->pi, MAXTRACE, NULL); else strlcpy (THIS->__retvalue, "", MAXSTRINGLEN); %} @@ -46,21 +50,19 @@ function backtrace:string () %{ /* pure */ /** * sfunction caller - Return name and address of calling function * - * Return the address and name of the calling function. + * Return the address and name of the calling function. + * This is equivalent to calling: + * sprintf("%s 0x%x", symname(caller_addr(), caller_addr())) * <emphasis>Works only for return probes at this time.</emphasis> */ -function caller:string() %{ /* pure */ - if (CONTEXT->pi) - _stp_symbol_snprint( THIS->__retvalue, MAXSTRINGLEN, - (unsigned long)_stp_ret_addr_r(CONTEXT->pi)); - else - strlcpy(THIS->__retvalue,"unknown",MAXSTRINGLEN); -%} +function caller:string() { + return sprintf("%s 0x%x", symname(caller_addr()), caller_addr()); +} /** * sfunction caller_addr - Return caller address * - * Return the address of the calling function. + * Return the address of the calling function. * <emphasis> Works only for return probes at this time.</emphasis> */ function caller_addr:long () %{ /* pure */ diff --git a/tapset/context.stp b/tapset/context.stp index 7fd961c8..5d855f80 100644 --- a/tapset/context.stp +++ b/tapset/context.stp @@ -6,6 +6,21 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. +// <tapsetdescription> +// Context functions provide additional information about where an event occurred. These functions can +//provide information such as a backtrace to where the event occured and the current register values for the +//processor. +// </tapsetdescription> + +%{ +#include <asm/processor.h> + +#if defined(__powerpc64__) +#if !defined(task_pt_regs) +#define task_pt_regs(tsk) ((struct pt_regs *)(tsk)->thread.regs) +#endif +#endif +%} /** * sfunction print_regs - Print a register dump. @@ -17,37 +32,28 @@ function print_regs () %{ %} /** - * sfunction execname - Execname of current processes - * - * Return the name of the current process. + * sfunction execname - Returns the execname of a target process (or group of processes). */ function execname:string () %{ /* pure */ strlcpy (THIS->__retvalue, current->comm, MAXSTRINGLEN); %} /** - * sfunction pid - Process ID of current process - * - * - * Return the id of the current process. + * sfunction pid - Returns the ID of a target process. */ function pid:long () %{ /* pure */ THIS->__retvalue = current->tgid; %} /** - * sfunction tid - Thread ID of current process - * - * Return the id of the current thread. + * sfunction tid - Returns the thread ID of a target process. */ function tid:long () %{ /* pure */ THIS->__retvalue = current->pid; %} /** - * sfunction ppid - Parent Process ID of current process - * - * Return the id of the parent process. + * sfunction ppid - Returns the process ID of a target process's parent process. */ function ppid:long () %{ /* pure */ #if defined(STAPCONF_REAL_PARENT) @@ -58,9 +64,19 @@ function ppid:long () %{ /* pure */ %} /** - * sfunction pexecname - Execname of the parent process. - * - * Return the name of the parent process. + * sfunction sid - Returns the session ID of the current process. + * + * The session ID of a process is the process group ID of the session + * leader. Session ID is stored in the signal_struct since Kernel 2.6.0. + */ +function sid:long () %{ /* pure */ + struct signal_struct *ss = kread( &(current->signal) ); + THIS->__retvalue = kread ( &(ss->session) ); + CATCH_DEREF_FAULT(); +%} + +/** + * sfunction pexecname - Returns the execname of a target process's parent process. */ function pexecname:string () %{ /* pure */ #if defined(STAPCONF_REAL_PARENT) @@ -71,9 +87,7 @@ function pexecname:string () %{ /* pure */ %} /** - * sfunction gid - Group ID of current process - * - * Return the gid of the current process. + * sfunction gid - Returns the group ID of a target process. */ function gid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -84,9 +98,7 @@ function gid:long () %{ /* pure */ %} /** - * sfunction egid - Effective gid of the current process. - * - * Return the effective gid of the current process. + * sfunction egid - Returns the effective gid of a target process. */ function egid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -97,9 +109,7 @@ function egid:long () %{ /* pure */ %} /** - * sfunction uid -User ID of the current process. - * - * Return the uid of the current process. + * sfunction uid - Returns the user ID of a target process. */ function uid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -110,9 +120,7 @@ function uid:long () %{ /* pure */ %} /** - * sfunction euid - Effective User ID of the current process. - * - * Return the effective uid of the current process. + * sfunction euid - Return the effective uid of a target process. */ function euid:long () %{ /* pure */ #ifdef STAPCONF_TASK_UID @@ -128,26 +136,24 @@ function cpuid:long () %{ /* pure */ %} /** - * sfunction cpu - The current cpu number. - * - * Return the current cpu number. + * sfunction cpu - Returns the current cpu number. */ function cpu:long () %{ /* pure */ THIS->__retvalue = smp_processor_id(); %} /** - * sfunction pp - Current probe point - * - * Return the probe point associated with the currently running - * probe handler, including alias and wildcard expansion effects. + * sfunction pp - Return the probe point associated with the currently running probe handler, + * including alias and wildcard expansion effects + * Context: + * The current probe point. */ function pp:string () %{ /* pure */ strlcpy (THIS->__retvalue, CONTEXT->probe_point, MAXSTRINGLEN); %} /** - * sfunction registers_valid - Register information valid + * sfunction registers_valid - Determines validity of <command>register()</command> and <command>u_register()</command> in current context. * * Return 1 if register() and u_register() can be used * in the current context, or 0 otherwise. @@ -159,7 +165,7 @@ function registers_valid:long () %{ /* pure */ %} /** - * sfunction user_mode - User Mode + * sfunction user_mode - Determines if probe point occurs in user-mode. * * Return 1 if the probe point occurred in user-mode. */ @@ -176,7 +182,7 @@ function user_mode:long () %{ /* pure */ /* currently a user-mode address? */ %} /** - * sfunction is_return - Is return probe + * sfunction is_return - Determines if probe point is a return probe. * * Return 1 if the probe point is a return probe. * <emphasis>Deprecated.</emphasis> @@ -189,9 +195,7 @@ function is_return:long () %{ /* pure */ %} /** - * sfunction target - Target pid - * - * Return the pid of the target process. + * sfunction target - Return the process ID of the target process. */ function target:long () %{ /* pure */ THIS->__retvalue = _stp_target; @@ -220,18 +224,16 @@ function stp_pid:long () %{ /* pure */ %} /** - * sfunction stack_size - Size of kernel stack - * - * Return the size of the kernel stack. + * sfunction stack_size - Return the size of the kernel stack. */ function stack_size:long () %{ /* pure */ THIS->__retvalue = THREAD_SIZE; %} /** - * sfunction stack_used - Current amount of kernel stack used + * sfunction stack_used - Returns the amount of kernel stack used. * - * Return how many bytes are currently used in the kernel stack. + * Determines how many bytes are currently used in the kernel stack. */ function stack_used:long () %{ /* pure */ char a; @@ -239,12 +241,34 @@ function stack_used:long () %{ /* pure */ %} /** - * sfunction stack_unused - Amount of kernel stack currently available + * sfunction stack_unused - Returns the amount of kernel stack currently available. * - * Return how many bytes are currently available in the kernel stack. + * Determines how many bytes are currently available in the kernel stack. */ function stack_unused:long () %{ /* pure */ char a; THIS->__retvalue = (long)&a & (THREAD_SIZE-1); %} +/** + * sfunction uaddr - User space address of current running task. EXPERIMENTAL. + * + * Description: Returns the address in userspace that the current + * task was at when the probe occured. When the current running task + * isn't a user space thread, or the address cannot be found, zero + * is returned. Can be used to see where the current task is combined + * with usymname() or symdata(). Often the task will be in the VDSO + * where it entered the kernel. FIXME - need VDSO tracking support #10080. + */ +function uaddr:long () %{ /* pure */ + int64_t addr = 0; + if (current->mm) + { + struct pt_regs *uregs; + uregs = task_pt_regs(current); + if (uregs) + addr = (int64_t) REG_IP(uregs); + } + THIS->__retvalue = addr; +%} + diff --git a/tapset/conversions.stp b/tapset/conversions.stp index 70725e9d..31b16821 100644 --- a/tapset/conversions.stp +++ b/tapset/conversions.stp @@ -120,6 +120,8 @@ function user_string_n2:string (addr:long, n:long, err_msg:string) %{ /* pure */ (char __user *) (uintptr_t) THIS->addr, len) < 0) strlcpy(THIS->__retvalue, THIS->err_msg, MAXSTRINGLEN); + else + THIS->__retvalue[len - 1] = '\0'; %} function user_string_n_warn:string (addr:long, n:long) %{ /* pure */ @@ -137,7 +139,8 @@ function user_string_n_warn:string (addr:long, n:long) %{ /* pure */ (void *) (uintptr_t) THIS->addr); _stp_warn(CONTEXT->error_buffer); strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); - } + } else + THIS->__retvalue[len - 1] = '\0'; %} function user_string_n_quoted:string (addr:long, n:long) %{ /* pure */ diff --git a/tapset/errno.stp b/tapset/errno.stp index eda9bff1..011ff7e2 100644 --- a/tapset/errno.stp +++ b/tapset/errno.stp @@ -345,12 +345,20 @@ static const int Maxerrno = sizeof(errlist)/sizeof(char *); function errno_str:string (err:long) %{ /* pure */ long e = THIS->err; - if (e < 0 && e > -Maxerrno && errlist[-e]) - strlcpy (THIS->__retvalue, errlist[-e], MAXSTRINGLEN); - else if (e > 0 && e < Maxerrno && errlist[e]) + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) strlcpy (THIS->__retvalue, errlist[e], MAXSTRINGLEN); %} +function errno_p:long (err:long) %{ /* pure */ + long e = THIS->err; + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) + THIS->__retvalue = e; + else + THIS->__retvalue = 0; +%} + %{ static long _stp_returnval(struct pt_regs *regs) { if (regs) { diff --git a/tapset/i686/registers.stp b/tapset/i686/registers.stp index a6e5694e..997376dc 100644 --- a/tapset/i686/registers.stp +++ b/tapset/i686/registers.stp @@ -1,25 +1,39 @@ global _reg_offsets, _stp_regs_registered, _sp_offset, _ss_offset +function test_x86_gs:long() %{ /* pure */ +#ifdef STAPCONF_X86_GS + THIS->__retvalue = 1; +#else + THIS->__retvalue = 0; +#endif +%} + function _stp_register_regs() { + /* Same order as pt_regs */ - _reg_offsets["ebx"] = 0 _reg_offsets["bx"] = 0 - _reg_offsets["ecx"] = 4 _reg_offsets["cx"] = 4 - _reg_offsets["edx"] = 8 _reg_offsets["dx"] = 8 - _reg_offsets["esi"] = 12 _reg_offsets["si"] = 12 - _reg_offsets["edi"] = 16 _reg_offsets["di"] = 16 - _reg_offsets["ebp"] = 20 _reg_offsets["bp"] = 20 - _reg_offsets["eax"] = 24 _reg_offsets["ax"] = 24 - _reg_offsets["xds"] = 28 _reg_offsets["ds"] = 28 - _reg_offsets["xes"] = 32 _reg_offsets["es"] = 32 - _reg_offsets["xfs"] = 36 _reg_offsets["fs"] = 36 - _reg_offsets["orig_eax"] = 40 _reg_offsets["orig_ax"] = 40 - _reg_offsets["eip"] = 44 _reg_offsets["ip"] = 44 - _reg_offsets["xcs"] = 48 _reg_offsets["cs"] = 48 - _reg_offsets["eflags"] = 52 _reg_offsets["flags"] = 52 - _reg_offsets["esp"] = 56 _reg_offsets["sp"] = 56 - _reg_offsets["xss"] = 60 _reg_offsets["ss"] = 60 - _sp_offset = 56 - _ss_offset = 60 + _reg_offsets["ebx"] = 0 _reg_offsets["bx"] = 0 + _reg_offsets["ecx"] = 4 _reg_offsets["cx"] = 4 + _reg_offsets["edx"] = 8 _reg_offsets["dx"] = 8 + _reg_offsets["esi"] = 12 _reg_offsets["si"] = 12 + _reg_offsets["edi"] = 16 _reg_offsets["di"] = 16 + _reg_offsets["ebp"] = 20 _reg_offsets["bp"] = 20 + _reg_offsets["eax"] = 24 _reg_offsets["ax"] = 24 + _reg_offsets["xds"] = 28 _reg_offsets["ds"] = 28 + _reg_offsets["xes"] = 32 _reg_offsets["es"] = 32 + _reg_offsets["xfs"] = 36 _reg_offsets["fs"] = 36 + gs_incr = 0 +if (test_x86_gs()) { + gs_incr = 4 + _reg_offsets["xgs"] = 40 _reg_offsets["gs"] = 40 +} + _reg_offsets["orig_eax"] = 40 + gs_incr _reg_offsets["orig_ax"] = 40 + gs_incr + _reg_offsets["eip"] = 44 + gs_incr _reg_offsets["ip"] = 44 + gs_incr + _reg_offsets["xcs"] = 48 + gs_incr _reg_offsets["cs"] = 48 + gs_incr + _reg_offsets["eflags"] = 52 + gs_incr _reg_offsets["flags"] = 52 + gs_incr + _reg_offsets["esp"] = 56 + gs_incr _reg_offsets["sp"] = 56 + gs_incr + _reg_offsets["xss"] = 60 + gs_incr _reg_offsets["ss"] = 60 + gs_incr + _sp_offset = 56 + gs_incr + _ss_offset = 60 + gs_incr _stp_regs_registered = 1 } diff --git a/tapset/i686/syscalls.stp b/tapset/i686/syscalls.stp index 8e69f622..2a89c19d 100644 --- a/tapset/i686/syscalls.stp +++ b/tapset/i686/syscalls.stp @@ -119,7 +119,7 @@ probe syscall.set_zone_reclaim.return = # probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { name = "sigaltstack" - ussp = %( kernel_vr < "2.6.25" %? $ebx %: $bx %) + ussp = %( kernel_vr < "2.6.25" %? $ebx %: %( kernel_vr < "2.6.29" %? $bx %: $regs->bx %) %) argstr = sprintf("%p", ussp) } probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { diff --git a/tapset/ioscheduler.stp b/tapset/ioscheduler.stp index d7a71aca..a79ae752 100644 --- a/tapset/ioscheduler.stp +++ b/tapset/ioscheduler.stp @@ -5,15 +5,17 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe IO scheduler activities. +// </tapsetdescription> %{ #include <linux/blkdev.h> #include <linux/elevator.h> %} /** - * probe ioscheduler.elv_next_request - Retrieve request from request queue - * @elevator_name: The elevator name + * probe ioscheduler.elv_next_request - Fires when a request is retrieved from the request queue + * @elevator_name: The type of I/O elevator currently enabled */ probe ioscheduler.elv_next_request = kernel.function("elv_next_request") @@ -26,7 +28,7 @@ probe ioscheduler.elv_next_request } /** - * probe ioscheduler.elv_next_request.return - Return from retrieving a request + * probe ioscheduler.elv_next_request.return - Fires when a request retrieval issues a return signal * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request @@ -58,14 +60,14 @@ probe ioscheduler.elv_next_request.return } /** - * probe ioscheduler.elv_add_request - Add a request into request queue - * @elevator_name: The elevator name + * probe ioscheduler.elv_add_request - A request was added to the request queue + * @elevator_name: The type of I/O elevator currently enabled * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request * @disk_minor: Disk minor number of the request */ -/* when a request is added to the request queue */ +// when a request is added to the request queue probe ioscheduler.elv_add_request = kernel.function("__elv_add_request") { @@ -96,8 +98,8 @@ probe ioscheduler.elv_add_request } /** - * probe ioscheduler.elv_completed_request - Request is completed - * @elevator_name: The elevator name + * probe ioscheduler.elv_completed_request - Fires when a request is completed + * @elevator_name: The type of I/O elevator currently enabled * @req: Address of the request * @req_flags: Request flags * @disk_major: Disk major number of the request diff --git a/tapset/ip.stp b/tapset/ip.stp new file mode 100644 index 00000000..299d88d2 --- /dev/null +++ b/tapset/ip.stp @@ -0,0 +1,78 @@ +// IP tapset +// Copyright (C) 2009, IBM Inc. +// Author : Breno Leitao <leitao@linux.vnet.ibm.com> +// +// This file is free software. You can redistribute it and/or modify it under +// the terms of the GNU General Public License (GPL), version 2. +// +// Based on previous work done by Arnaldo Carvalho de Melo <acme@redhat.com> + +%{ +#include <linux/skbuff.h> +%} + +/** + * sfunction ip_ntop - returns a string representation from an integer IP number + * @addr: the ip represented as an integer + */ +function ip_ntop:string (addr:long) +%{ + __be32 ip; + + ip = THIS->addr; + snprintf(THIS->__retvalue, MAXSTRINGLEN, NIPQUAD_FMT, NIPQUAD(ip)); +%} + +/* return the source IP address for a given sock */ +function __ip_sock_saddr:long (sock:long) +{ + return @cast(sock, "inet_sock")->saddr +} + +/* return the destination IP address for a given sock */ +function __ip_sock_daddr:long (sock:long) +{ + return @cast(sock, "inet_sock")->daddr +} + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} diff --git a/tapset/process.stp b/tapset/kprocess.stp index ca49aa67..316e03ce 100644 --- a/tapset/process.stp +++ b/tapset/kprocess.stp @@ -1,11 +1,13 @@ -// process tapset +// kernel process tapset // Copyright (C) 2006 Intel Corporation. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe process-related activities. +// </tapsetdescription> function _IS_ERR:long(ptr:long) %{ /* pure */ THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); @@ -13,7 +15,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ /** - * probe process.create - Fires whenever a new process is successfully created + * probe kprocess.create - Fires whenever a new process is successfully created * @new_pid: The PID of the newly created process * * Context: @@ -22,7 +24,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ * Fires whenever a new process is successfully created, either as a result of * <command>fork</command> (or one of its syscall variants), or a new kernel thread. */ -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return if (_IS_ERR(task)) next new_pid = task_pid(task) @@ -30,7 +32,7 @@ probe process.create = kernel.function("copy_process").return { /** - * probe process.start - Starting new process + * probe kprocess.start - Starting new process * * Context: * Newly created process. @@ -38,11 +40,11 @@ probe process.create = kernel.function("copy_process").return { * Fires immediately before a new process begins execution. * */ -probe process.start = kernel.function("schedule_tail") { } +probe kprocess.start = kernel.function("schedule_tail") { } /** - * probe process.exec - Attempt to exec to a new program + * probe kprocess.exec - Attempt to exec to a new program * @filename: The path to the new executable * * Context: @@ -50,7 +52,7 @@ probe process.start = kernel.function("schedule_tail") { } * * Fires whenever a process attempts to exec to a new program. */ -probe process.exec = +probe kprocess.exec = kernel.function("do_execve"), kernel.function("compat_do_execve") ? { @@ -59,7 +61,7 @@ probe process.exec = /** - * probe process.exec_complete - Return from exec to a new program + * probe kprocess.exec_complete - Return from exec to a new program * @errno: The error number resulting from the exec * @success: A boolean indicating whether the exec was successful * @@ -69,7 +71,7 @@ probe process.exec = * * Fires at the completion of an exec call. */ -probe process.exec_complete = +probe kprocess.exec_complete = kernel.function("do_execve").return, kernel.function("compat_do_execve").return ? { @@ -79,23 +81,23 @@ probe process.exec_complete = /** - * probe process.exit - Exit from process + * probe kprocess.exit - Exit from process * @code: The exit code of the process * * Context: * The process which is terminating. * * Fires when a process terminates. This will always be followed by a - * process.release, though the latter may be delayed if the process waits in a + * kprocess.release, though the latter may be delayed if the process waits in a * zombie state. */ -probe process.exit = kernel.function("do_exit") { +probe kprocess.exit = kernel.function("do_exit") { code = $code } /** - * probe process.release - Process released + * probe kprocess.release - Process released * @task: A task handle to the process being released * @pid: PID of the process being released * @@ -104,10 +106,10 @@ probe process.exit = kernel.function("do_exit") { * termination, else the context of the process itself. * * Fires when a process is released from the kernel. This always follows a - * process.exit, though it may be delayed somewhat if the process waits in a + * kprocess.exit, though it may be delayed somewhat if the process waits in a * zombie state. */ -probe process.release = kernel.function("release_task") { +probe kprocess.release = kernel.function("release_task") { task = $p pid = $p->pid; } diff --git a/tapset/memory.stp b/tapset/memory.stp index 961cca38..83875aa4 100644 --- a/tapset/memory.stp +++ b/tapset/memory.stp @@ -6,6 +6,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. +// <tapsetdescription> +// This family of probe points is used to probe memory-related events. +// </tapsetdescription> %{ #include <linux/mm.h> %} @@ -53,7 +56,7 @@ function vm_fault_contains:long (value:long, test:long) /** * probe vm.pagefault - Records that a page fault occurred. * @address: The address of the faulting memory access; i.e. the address that caused the page fault. - * @write_access: Indicates whether this was a write or read access; <command>1</command> indicates a write, + * @write_access: Indicates whether this was a write or read access; <command>1</command> indicates a write, * while <command>0</command> indicates a read. * * Context: The process which triggered the fault @@ -97,7 +100,7 @@ function addr_to_node:long(addr:long) %{ /* pure */ } %} -/* Return whether a page to be copied is a zero page. */ +// Return whether a page to be copied is a zero page. function _IS_ZERO_PAGE:long(from:long, vaddr:long) %{ /* pure */ THIS->__retvalue = (THIS->from == (long) ZERO_PAGE(THIS->vaddr)); %} @@ -110,8 +113,8 @@ function _IS_ZERO_PAGE:long(from:long, vaddr:long) %{ /* pure */ * Context: * The context is the process attempting the write. * - * Fires when a process attempts to write to a shared page. - * If a copy is necessary, this will be followed by a + * Fires when a process attempts to write to a shared page. + * If a copy is necessary, this will be followed by a * <command>vm.write_shared_copy</command>. */ probe vm.write_shared = kernel.function("do_wp_page") { @@ -119,7 +122,7 @@ probe vm.write_shared = kernel.function("do_wp_page") { } /** - * probe vm.write_shared_copy- Page copy for shared page write. + * probe vm.write_shared_copy - Page copy for shared page write. * @address: The address of the shared write. * @zero: Boolean indicating whether it is a zero page * (can do a clear instead of a copy). diff --git a/tapset/networking.stp b/tapset/networking.stp index a147441a..f6d78536 100644 --- a/tapset/networking.stp +++ b/tapset/networking.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe the activities of the network device. +// </tapsetdescription> /** * probe netdev.receive - Data recieved from network device. * @dev_name: The name of the device. e.g: eth0, ath1. @@ -49,7 +51,7 @@ /// /// </variablelist> ///</para> -/* Main device receive routine, be called when packet arrives on network device */ +// Main device receive routine, be called when packet arrives on network device probe netdev.receive = kernel.function("netif_receive_skb") { @@ -67,7 +69,7 @@ probe netdev.receive * @truesize: The size of the the data to be transmitted. * */ -/* Queue a buffer for transmission to a network device */ +// Queue a buffer for transmission to a network device probe netdev.transmit = kernel.function("dev_queue_xmit") { diff --git a/tapset/s390x/syscalls.stp b/tapset/s390x/syscalls.stp index 07cb0577..17988ace 100644 --- a/tapset/s390x/syscalls.stp +++ b/tapset/s390x/syscalls.stp @@ -45,19 +45,21 @@ probe syscall.ipc.return = kernel.function("sys_ipc").return ? { # long old_mmap(struct mmap_arg_struct __user *arg) # long old32_mmap(struct mmap_arg_struct_emu31 __user *arg) # -probe syscall.mmap = kernel.function("old_mmap"), - kernel.function("old32_mmap") +probe syscall.mmap = kernel.function("old_mmap") ?, + kernel.function("old32_mmap") ?, + kernel.function("SyS_s390_old_mmap") ? { name = "mmap" - if (probefunc() == "old_mmap") + if ((probefunc() == "old_mmap") || (probefunc() == "SyS_s390_old_mmap")) argstr = get_mmap_args($arg) else argstr = get_32mmap_args($arg) } -probe syscall.mmap.return = kernel.function("old_mmap").return, - kernel.function("old32_mmap").return +probe syscall.mmap.return = kernel.function("old_mmap").return ?, + kernel.function("old32_mmap").return ?, + kernel.function("SyS_s390_old_mmap").return ? { name = "mmap" retstr = returnstr(2) @@ -69,19 +71,21 @@ probe syscall.mmap.return = kernel.function("old_mmap").return, # long sys_mmap2(struct mmap_arg_struct __user *arg) # long sys32_mmap2(struct mmap_arg_struct_emu31 __user *arg) # -probe syscall.mmap2 = kernel.function("sys_mmap2"), - kernel.function("sys32_mmap2") +probe syscall.mmap2 = kernel.function("sys_mmap2") ?, + kernel.function("sys32_mmap2") ?, + kernel.function("SyS_mmap2") ? { name = "mmap2" - if (probefunc() == "sys_mmap2") + if ((probefunc() == "sys_mmap2") || (probefunc() == "SyS_mmap2")) argstr = get_mmap_args($arg) else argstr = get_32mmap_args($arg) } -probe syscall.mmap2.return = kernel.function("sys_mmap2").return, - kernel.function("sys32_mmap2").return +probe syscall.mmap2.return = kernel.function("sys_mmap2").return ?, + kernel.function("sys32_mmap2").return ?, + kernel.function("SyS_mmap2").return ? { name = "mmap2" retstr = returnstr(2) diff --git a/tapset/scsi.stp b/tapset/scsi.stp index 6d332e8b..e1457739 100644 --- a/tapset/scsi.stp +++ b/tapset/scsi.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe SCSI activities. +// </tapsetdescription> %{ #include <linux/types.h> #include <scsi/scsi_cmnd.h> @@ -21,7 +23,7 @@ * @disk_minor: The minor number of the disk (-1 if no information) * @device_state: The current state of the device. */ -/* FIXME describe the device_state */ +// FIXME describe the device_state probe scsi.ioentry = module("scsi_mod").function("scsi_prep_fn@drivers/scsi/scsi_lib.c")?, kernel.function("scsi_prep_fn@drivers/scsi/scsi_lib.c")? @@ -44,9 +46,9 @@ probe scsi.ioentry * @lun: The lun number * @dev_id: The scsi device id * @device_state: The current state of the device. - * @data_direction: The data_direction specifies whether this command is from/to - * the device. 0 (DMA_BIDIRECTIONAL), 1 (DMA_TO_DEVICE), - * 2 (DMA_FROM_DEVICE), 3 (DMA_NONE) + * @data_direction: The data_direction specifies whether this command is from/to the device. + * 0 (DMA_BIDIRECTIONAL), 1 (DMA_TO_DEVICE), + * 2 (DMA_FROM_DEVICE), 3 (DMA_NONE) * @request_buffer: The request buffer address * @req_bufflen: The request buffer length */ @@ -79,7 +81,7 @@ probe scsi.iodispatching * @dev_id: The scsi device id * @device_state: The current state of the device * @data_direction: The data_direction specifies whether this command is - * from/to the device. + * from/to the device. */ probe scsi.iodone = module("scsi_mod").function("scsi_done@drivers/scsi/scsi.c")?, @@ -104,10 +106,10 @@ probe scsi.iodone * @dev_id: The scsi device id * @device_state: The current state of the device * @data_direction: The data_direction specifies whether this command is from/to - * the device + * the device * @goodbytes: The bytes completed. */ -/* mid-layer processes the completed IO */ +// mid-layer processes the completed IO probe scsi.iocompleted = module("scsi_mod").function("scsi_io_completion@drivers/scsi/scsi_lib.c")?, kernel.function("scsi_io_completion@drivers/scsi/scsi_lib.c")? diff --git a/tapset/signal.stp b/tapset/signal.stp index 8fb6fe57..e8470a9c 100644 --- a/tapset/signal.stp +++ b/tapset/signal.stp @@ -8,16 +8,17 @@ // Public License (GPL); either version 2, or (at your option) any // later version. // -// Note : Since there are so many signals sent to processes at any give -// point, it's better to filter the information according to the -// requirements. For example, filter only for a particular signal -// (if sig==2) or filter only for a particular process -// (if pid_name==stap). // - +// <tapsetdescription> +// This family of probe points is used to probe signal activities. +// Since there are so many signals sent to processes at any given +// point, it is advisable to filter the information according to the +// requirements. For example, filter only for a particular signal +// (if sig==2) or for a particular process (if pid_name==stap). +// </tapsetdescription> /** - * probe signal.send- Fires when a system call or kernel function sends a signal to a process. + * probe signal.send - Signal being sent to a process * Arguments: * @sig: The number of the signal * @sig_name: A string representation of the signal @@ -27,9 +28,10 @@ * @task: A task handle to the signal recipient * @sinfo: The address of <command>siginfo</command> struct * @shared: Indicates whether the signal is shared by the thread group - * @send2queue- Indicates whether the signal is sent to an existing <command>sigqueue</command> + * @send2queue: Indicates whether the signal is sent to an existing + * <command>sigqueue</command> * @name: The name of the function used to send out the signal - * + * * Context: * The signal's sender. * @@ -114,42 +116,41 @@ probe _signal.send.part3 = kernel.function("send_sigqueue") } /** - * probe signal.send.return - Fires when a signal sent to a process returns. + * probe signal.send.return - Signal being sent to a process completed * @retstr: The return value to either <command>__group_send_sig_info</command>, - * <command>specific_send_sig_info</command>, or <command>send_sigqueue</command>. - * Refer to the Description of this probe for more information about the return - * values of each function call. + * <command>specific_send_sig_info</command>, + * or <command>send_sigqueue</command> * @shared: Indicates whether the sent signal is shared by the thread group. - * @send2queue: Indicates whether the sent signal was sent to an existing <command>sigqueue</command> - * @name: The name of the function used to send out the signal. - * + * @send2queue: Indicates whether the sent signal was sent to an + * existing <command>sigqueue</command> + * @name: The name of the function used to send out the signal + * * Context: * The signal's sender. <remark>(correct?)</remark> - * + * * Possible <command>__group_send_sig_info</command> and * <command>specific_send_sig_info</command> return values are as follows; * - * <command>0</command> - The signal is sucessfully sent to a process, + * <command>0</command> -- The signal is sucessfully sent to a process, * which means that * <1> the signal was ignored by the receiving process, * <2> this is a non-RT signal and the system already has one queued, and * <3> the signal was successfully added to the <command>sigqueue</command> of the receiving process. * - * <command>-EAGAIN</command> - The <command>sigqueue</command> of the receiving process is + * <command>-EAGAIN</command> -- The <command>sigqueue</command> of the receiving process is * overflowing, the signal was RT, and the signal was sent by a user using something other - * than <command>kill()</command> - * + * than <command>kill()</command>. + * * Possible <command>send_group_sigqueue</command> and * <command>send_sigqueue</command> return values are as follows; - * - * <command>0</command> - The signal was either sucessfully added into the + * + * <command>0</command> -- The signal was either sucessfully added into the * <command>sigqueue</command> of the receiving process, or a <command>SI_TIMER</command> entry is already * queued (in which case, the overrun count will be simply incremented). * - * <command>1</command> - The signal was ignored by the receiving process. - * + * <command>1</command> -- The signal was ignored by the receiving process. * - * <command>-1</command> - (<command>send_sigqueue</command> only) The task was marked + * <command>-1</command> -- (<command>send_sigqueue</command> only) The task was marked * <command>exiting</command>, allowing * <command>posix_timer_event</command> to redirect it to the group * leader. * @@ -232,7 +233,7 @@ probe _signal.send.part3.return = kernel.function("send_sigqueue").return } /** - * probe signal.checkperm - Fires when a permission check is performed on a sent signal + * probe signal.checkperm - Check being performed on a sent signal * @sig: The number of the signal * @sig_name: A string representation of the signal * @sig_pid: The PID of the process receiving the signal @@ -240,7 +241,8 @@ probe _signal.send.part3.return = kernel.function("send_sigqueue").return * @si_code: Indicates the signal type * @task: A task handle to the signal recipient * @sinfo: The address of the <command>siginfo</command> structure - * @name: Name of the probe point; default value is <command>signal.checkperm</command> + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> */ probe signal.checkperm = kernel.function("check_kill_permission") { @@ -261,6 +263,12 @@ probe signal.checkperm = kernel.function("check_kill_permission") si_code="SI_USER or SI_TIMER or SI_ASYNCIO" } +/** + * probe signal.checkperm.return - Check performed on a sent signal completed + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> + * @retstr: Return value as a string + */ probe signal.checkperm.return = kernel.function("check_kill_permission").return { name = "signal.checkperm" @@ -269,15 +277,15 @@ probe signal.checkperm.return = kernel.function("check_kill_permission").return /** - * probe signal.wakeup - Wakes up a sleeping process, making it ready for new active signals - * @sig_pid: The PID of the process you wish to wake - * @pid_name: Name of the process you wish to wake - * @resume: Indicates whether to wake up a task in a <command>STOPPED</command> or - * <command>TRACED</command> state + * probe signal.wakeup - Sleeping process being wakened for signal + * @sig_pid: The PID of the process to wake + * @pid_name: Name of the process to wake + * @resume: Indicates whether to wake up a task in a + * <command>STOPPED</command> or <command>TRACED</command> state * @state_mask: A string representation indicating the mask - * of task states you wish to wake. Possible values are <command>TASK_INTERRUPTIBLE</command>, - * <command>TASK_STOPPED</command>, <command>TASK_TRACED</command>, - * and <command>TASK_INTERRUPTIBLE</command>. + * of task states to wake. Possible values are + * <command>TASK_INTERRUPTIBLE</command>, <command>TASK_STOPPED</command>, + * <command>TASK_TRACED</command>, and <command>TASK_INTERRUPTIBLE</command>. */ probe signal.wakeup = kernel.function("signal_wake_up") { @@ -293,8 +301,7 @@ probe signal.wakeup = kernel.function("signal_wake_up") /** - * probe signal.check_ignored - Fires when a system call or kernel function checks whether a - * signal was ignored or not + * probe signal.check_ignored - Checking to see signal is ignored * @sig_pid: The PID of the process receiving the signal * @pid_name: Name of the process receiving the signal * @sig: The number of the signal @@ -308,6 +315,12 @@ probe signal.check_ignored = kernel.function("sig_ignored") sig_name = _signal_name($sig) } +/** + * probe signal.check_ignored.return - Check to see signal is ignored completed + * @name: Name of the probe point; default value is + * <command>signal.checkperm</command> + * @retstr: Return value as a string + */ probe signal.check_ignored.return = kernel.function("sig_ignored").return ? { name = "sig_ignored" @@ -333,8 +346,7 @@ probe signal.handle_stop = kernel.function("handle_stop_signal") /** - * probe signal.force_segv - Fires when a system call, kernel function, or process sent a - * <command>SIGSEGV</command> as a result of problems it encountered while handling a received signal + * probe signal.force_segv - Forcing send of <command>SIGSEGV</command> * @sig_pid: The PID of the process receiving the signal * @pid_name: Name of the process receiving the signal * @sig: The number of the signal @@ -360,6 +372,12 @@ probe _signal.force_segv.part2 = kernel.function("force_sigsegv_info") ? sig_name = _signal_name($sig) } +/** + * probe signal.force_segv.return - Forcing send of <command>SIGSEGV</command> complete + * @name: Name of the probe point; default value is + * <command>force_sigsegv</command> + * @retstr: Return value as a string + */ probe signal.force_segv.return = kernel.function("force_sigsegv").return, kernel.function("force_sigsegv_info").return ? @@ -370,9 +388,8 @@ probe signal.force_segv.return = /** - * probe signal.syskill - Fires when the kernel function <command>sys_kill</command> - * sends a kill signal to a process - * @pid: The PID of the process receiving the kill signal + * probe signal.syskill - Sending kill signal to a process + * @pid: The PID of the process receiving the signal * @sig: The specific signal sent to the process */ probe signal.syskill = syscall.kill @@ -380,33 +397,43 @@ probe signal.syskill = syscall.kill sig_name = _signal_name($sig) } +/** + * probe signal.syskill.return - Sending kill signal completed + */ probe signal.syskill.return = syscall.kill.return { } + /** - * probe signal.sys_tkill - Fires when <command>tkill</command> sends a kill signal - * to a process that is part of a thread group + * probe signal.sys_tkill - Sending a kill signal to a thread * @pid: The PID of the process receiving the kill signal * @sig: The specific signal sent to the process + * @sig_name: The specific signal sent to the process + * * The <command>tkill</command> call is analogous to <command>kill(2)</command>, * except that it also allows a process within a specific thread group to - * be targetted. Such processes are targetted through their unique thread IDs (TID). + * be targetted. Such processes are targetted through their unique + * thread IDs (TID). */ probe signal.systkill = syscall.tkill { sig_name = _signal_name($sig) } +/** + * probe signal.systkill.return - Sending kill signal to a thread completed + */ probe signal.systkill.return = syscall.tkill.return { } /** - * probe signal.sys_tgkill - Fires when the kernel function <command>tgkill</command> - * sends a kill signal to a specific thread group + * probe signal.sys_tgkill - Sending kill signal to a thread group * @pid: The PID of the thread receiving the kill signal * @tgid: The thread group ID of the thread receiving the kill signal * @sig: The specific kill signal sent to the process + * @sig_name: A string representation of the signal + * * The <command>tgkill</command> call is similar to <command>tkill</command>, * except that it also allows the caller to specify the thread group ID of * the thread to be signalled. This protects against TID reuse. @@ -416,12 +443,15 @@ probe signal.systgkill = syscall.tgkill sig_name = _signal_name($sig) } +/** + * probe signal.sys_tgkill.return - Sending kill signal to a thread group completed + */ probe signal.systgkill.return = syscall.tgkill.return { } /** - * probe signal.send_sig_queue - Fires when a signal is queued to a process + * probe signal.send_sig_queue - Queuing a signal to a process * @sig: The queued signal * @sig_name: A string representation of the signal * @sig_pid: The PID of the process to which the signal is queued @@ -439,6 +469,10 @@ probe signal.send_sig_queue = sigqueue_addr = $q } +/** + * probe signal.send_sig_queue.return - Queuing a signal to a process completed + * @retstr: Return value as a string + */ probe signal.send_sig_queue.return = kernel.function("send_sigqueue").return, kernel.function("send_group_sigqueue").return ? @@ -448,25 +482,25 @@ probe signal.send_sig_queue.return = /** - * probe signal.pending - Fires when the <command>SIGPENDING</command> system call is used; - * this normally occurs when the <command>do_sigpending</command> kernel function is executed - * @sigset_add: The address of the user-space signal set (<command>sigset_t</command>) - * @sigset_size: The size of the user-space signal set. - * - * Synopsis: - * <programlisting>long do_sigpending(void __user *set, unsigned long sigsetsize)</programlisting> + * probe signal.pending - Examining pending signal + * @sigset_add: The address of the user-space signal set + * (<command>sigset_t</command>) + * @sigset_size: The size of the user-space signal set * * This probe is used to examine a set of signals pending for delivery - * to a specific thread. + * to a specific thread. This normally occurs when the + * <command>do_sigpending</command> kernel function is executed. */ -// long do_sigpending(void __user *set, unsigned long sigsetsize) - probe signal.pending = kernel.function("do_sigpending") { sigset_add=$set sigset_size=$sigsetsize } +/** + * probe signal.pending.return - Examination of pending signal completed + * @retstr: Return value as a string + */ probe signal.pending.return = kernel.function("do_sigpending").return { retstr = returnstr(1) @@ -474,22 +508,17 @@ probe signal.pending.return = kernel.function("do_sigpending").return /** - * probe signal.handle - Fires when the signal handler is invoked + * probe signal.handle - Signal handler being invoked * @sig: The signal number that invoked the signal handler * @sinfo: The address of the <command>siginfo</command> table - * @sig_code: The <command>si_code</command> value of the <command>siginfo</command> signal - * @ka_addr: The address of the <command>k_sigaction</command> table associated with the signal + * @sig_code: The <command>si_code</command> value of the + * <command>siginfo</command> signal + * @ka_addr: The address of the <command>k_sigaction</command> table + * associated with the signal * @oldset_addr: The address of the bitmask array of blocked signals * @regs: The address of the kernel-mode stack area * @sig_mode: Indicates whether the signal was a user-mode or kernel-mode signal - * - * Synopsis: - * <programlisting>static int handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, - * sigset_t *oldset, struct pt_regs * regs)</programlisting> */ -//static int handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, -// sigset_t *oldset, struct pt_regs * regs) - probe signal.handle = kernel.function("handle_signal") { sig = $sig @@ -508,6 +537,10 @@ probe signal.handle = kernel.function("handle_signal") sig_mode = "Kernel Mode Signal" } +/** + * probe signal.handle.return - Signal handler invocation completed + * @retstr: Return value as a string + */ probe signal.handle.return = kernel.function("handle_signal").return ? { retstr = returnstr(1) @@ -515,11 +548,12 @@ probe signal.handle.return = kernel.function("handle_signal").return ? /** - * probe signal.do_action - Initiates a trace when a thread is about to examine - * and change a signal action + * probe signal.do_action - Examining or changing a signal action * @sig: The signal to be examined/changed - * @sigact_addr: The address of the new <command>sigaction</command> struct associated with the signal - * @oldsigact_addr: The address of the old <command>sigaction</command> struct associated with the signal + * @sigact_addr: The address of the new <command>sigaction</command> + * struct associated with the signal + * @oldsigact_addr: The address of the old <command>sigaction</command> + * struct associated with the signal * @sa_handler: The new handler of the signal * @sa_mask: The new mask of the signal */ @@ -535,6 +569,10 @@ probe signal.do_action = kernel.function("do_sigaction") } } +/** + * probe signal.do_action.return - Examining or changing a signal action completed + * @retstr: Return value as a string + */ probe signal.do_action.return = kernel.function("do_sigaction").return { retstr = returnstr(1) @@ -554,16 +592,17 @@ function __get_action_mask:long(act:long) %{ /* pure */ /** - * probe signal.procmask - Initiates a trace when a thread is about to examine and change blocked signals + * probe signal.procmask - Examining or changing blocked signals * @how: Indicates how to change the blocked signals; possible values are * <command>SIG_BLOCK=0</command> (for blocking signals), * <command>SIG_UNBLOCK=1</command> (for unblocking signals), and * <command>SIG_SETMASK=2</command> for setting the signal mask. - * @sigset_addr: The address of the signal set (<command>sigset_t</command>) to be implemented - * @oldsigset_addr: The old address of the signal set (<command>sigset_t</command>) - * @sigset: The actual value to be set for <command>sigset_t</command> <remark>(correct?)</remark> - * Synopsis: - * <programlisting>int sigprocmask(int how, sigset_t *set, sigset_t *oldset)</programlisting> + * @sigset_addr: The address of the signal set (<command>sigset_t</command>) + * to be implemented + * @oldsigset_addr: The old address of the signal set + * (<command>sigset_t</command>) + * @sigset: The actual value to be set for <command>sigset_t</command> + * <remark>(correct?)</remark> */ probe signal.procmask = kernel.function("sigprocmask") { @@ -591,16 +630,13 @@ probe signal.procmask.return = kernel.function("sigprocmask").return /** - * probe signal.flush - Fires when all pending signals for a task are flushed + * probe signal.flush - Flusing all pending signals for a task * @task: The task handler of the process performing the flush - * @sig_pid: The PID of the process associated with the task performing the flush - * @pid_name: The name of the process associated with the task performing the flush - * - * Synopsis: - * <programlisting>void flush_signals(struct task_struct *t)</programlisting> + * @sig_pid: The PID of the process associated with the task + * performing the flush + * @pid_name: The name of the process associated with the task + * performing the flush */ -//void flush_signals(struct task_struct *t) - probe signal.flush = kernel.function("flush_signals") { task = $t diff --git a/tapset/socket.stp b/tapset/socket.stp index 3271d4f7..de778d7c 100644 --- a/tapset/socket.stp +++ b/tapset/socket.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe socket activities. +// </tapsetdescription> %{ #include <net/sock.h> #include <asm/bitops.h> @@ -65,8 +67,8 @@ probe socket.receive = socket.recvmsg.return, ### FUNCTION SPECIFIC SEND/RECEIVE PROBES ### -/* - * probe socket.sendmsg - Message being sent on socket +/** + * probe socket.sendmsg - Message is currently being sent on a socket. * @name: Name of this probe * @size: Message size in bytes * @protocol: Protocol value @@ -93,7 +95,7 @@ probe socket.sendmsg = kernel.function ("sock_sendmsg") } /** - * probe socket.sendmsg.return - Return from Message being sent on socket + * probe socket.sendmsg.return - Return from <command>socket.sendmsg</command>. * @name: Name of this probe * @size: Size of message sent (in bytes) or error code if success = 0 * @protocol: Protocol value @@ -149,7 +151,7 @@ probe socket.recvmsg = kernel.function ("sock_recvmsg") type = $sock->type } -/* +/** * probe socket.recvmsg.return - Return from Message being received on socket * @name: Name of this probe * @size: Size of message received (in bytes) or error code if success = 0 @@ -196,14 +198,14 @@ probe socket.recvmsg.return = kernel.function ("sock_recvmsg").return * Fires at the beginning of sending a message on a socket * via the sock_aio_write() function */ -/* - * 2.6.9~2.6.15: - * static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t size, loff_t pos); - * 2.6.16~2.6.18: - * static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t count, loff_t pos); - * 2.6.19~2.6.26: - * static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); - */ +// +// 2.6.9~2.6.15: +// static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t size, loff_t pos); +// 2.6.16~2.6.18: +// static ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf, size_t count, loff_t pos); +// 2.6.19~2.6.26: +// static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); + probe socket.aio_write = kernel.function ("sock_aio_write") { name = "socket.aio_write" @@ -270,14 +272,14 @@ probe socket.aio_write.return = kernel.function ("sock_aio_write").return * Fires at the beginning of receiving a message on a socket * via the sock_aio_read() function */ -/* - * 2.6.9~2.6.15: - * static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t size, loff_t pos); - * 2.6.16~2.6.18: - * static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t count, loff_t pos); - * 2.6.19~2.6.26: - * static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); - */ +// +// 2.6.9~2.6.15: +// static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t size, loff_t pos); +// 2.6.16~2.6.18: +// static ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf, size_t count, loff_t pos); +// 2.6.19~2.6.26: +// static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); + probe socket.aio_read = kernel.function ("sock_aio_read") { name = "socket.aio_read" @@ -541,18 +543,18 @@ probe socket.close.return = kernel.function ("sock_release").return ####### PROTOCOL HELPER FUNCTIONS ######## -/* - * sock_prot_num2str - * Given a protocol number, return a string representation. +/** + * sfunction sock_prot_num2str - Given a protocol number, return a string representation. + * @proto: The protocol number. */ function sock_prot_num2str:string (proto:long) { return (proto in _prot_num2str ? _prot_num2str[proto] : "UNDEF") } -/* - * sock_prot_str2num - * Given a protocol name (string), return the corresponding protocol number. +/** + * sfunction sock_prot_str2num - Given a protocol name (string), return the corresponding protocol number. + * @proto: The protocol name. */ function sock_prot_str2num:long (proto:string) { @@ -561,19 +563,19 @@ function sock_prot_str2num:long (proto:string) ######### PROTOCOL FAMILY HELPER FUNCTIONS ########### -/* - * sock_fam_num2str - * Given a protocol family number, return a string representation. +/** + * sfunction sock_fam_num2str - Given a protocol family number, return a string representation. + * @family: The family number. */ function sock_fam_num2str:string (family:long) { return (family in _fam_num2str ? _fam_num2str[family] : "UNDEF") } -/* - * sock_fam_str2num - * Given a protocol family name (string), return the corresponding +/** + * sfunction sock_fam_str2num - Given a protocol family name (string), return the corresponding * protocol family number. + * @family: The family name. */ function sock_fam_str2num:long (family:string) { @@ -582,18 +584,18 @@ function sock_fam_str2num:long (family:string) ######### SOCKET STATE HELPER FUNCTIONS ########## -/* - * sock_state_num2str - * Given a socket state number, return a string representation. +/** + * sfunction sock_state_num2str - Given a socket state number, return a string representation. + * @state: The state number. */ function sock_state_num2str:string (state:long) { return (state in _state_num2str ? _state_num2str[state] : "UNDEF") } -/* - * sock_state_str2num - * Given a socket state string, return the corresponding state number. +/** + * sfunction sock_state_str2num - Given a socket state string, return the corresponding state number. + * @state: The state name. */ function sock_state_str2num:long (state:string) { diff --git a/tapset/string.stp b/tapset/string.stp index 2f43aecc..35ee9fa2 100644 --- a/tapset/string.stp +++ b/tapset/string.stp @@ -25,6 +25,18 @@ function substr:string(str:string,start:long, length:long) %{ /* pure */ strlcpy(THIS->__retvalue, THIS->str + THIS->start, length); %} +/** @addtogroup library +* @code function stringat:string(str:string, pos:long) @endcode +* @param str string +* @param pos the given position. 0 = start of the string +* @return Returns the char in given position of string. +*/ +function stringat:long(str:string, pos:long) %{ /* pure */ + if (THIS->pos >= 0 && THIS->pos < strlen(THIS->str)) + THIS->__retvalue = THIS->str[THIS->pos]; + else + THIS->__retvalue = 0; +%} /** @addtogroup library * @code isinstr:long(s1:string,s2:string) @endcode diff --git a/tapset/syscalls.stp b/tapset/syscalls.stp index 256174d3..a215dc12 100644 --- a/tapset/syscalls.stp +++ b/tapset/syscalls.stp @@ -733,7 +733,7 @@ probe syscall.faccessat.return = kernel.function("SyS_faccessat").return !, probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, kernel.function("sys_fadvise64") ? { name = "fadvise64" - fs = $fd + fd = $fd offset = $offset len = $len advice = $advice @@ -751,7 +751,7 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, kernel.function("sys_fadvise64_64") ? { name = "fadvise64_64" - fs = $fd + fd = $fd offset = $offset len = $len advice = $advice @@ -771,7 +771,7 @@ probe syscall.fadvise64_64.return = kernel.function("SyS_fadvise64_64").return ! probe syscall.fadvise64 = kernel.function("SyS_fadvise64") !, kernel.function("sys_fadvise64") { name = "fadvise64" - fs = 0 + fd = 0 offset = 0 len = 0 advice = 0 @@ -789,7 +789,7 @@ probe syscall.fadvise64.return = kernel.function("SyS_fadvise64").return !, probe syscall.fadvise64_64 = kernel.function("SyS_fadvise64_64") !, kernel.function("sys_fadvise64_64") { name = "fadvise64_64" - fs = 0 + fd = 0 offset = 0 len = 0 advice = 0 diff --git a/tapset/task.stp b/tapset/task.stp index 07337156..f1a10b0a 100644 --- a/tapset/task.stp +++ b/tapset/task.stp @@ -63,6 +63,30 @@ function task_pid:long (task:long) } +// Return the task of the given process id +function pid2task:long (pid:long) %{ /* pure */ + struct task_struct *t = NULL; + pid_t t_pid = (pid_t)(long)THIS->pid; + rcu_read_lock(); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) + t = find_task_by_vpid (t_pid); +#else + t = find_task_by_pid (t_pid); +#endif + rcu_read_unlock(); + THIS->__retvalue = (long)t; + CATCH_DEREF_FAULT(); +%} + +// Return the name of the given process id +function pid2execname:string (pid:long) { + tsk = pid2task(pid) + if (tsk) + return task_execname(tsk) + return "" +} + + // Return the thread id of the given task function task_tid:long (task:long) { diff --git a/tapset/tcp.stp b/tapset/tcp.stp index 995d6abc..2c5dce7e 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -7,12 +7,15 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe events that occur in the TCP layer, +// </tapsetdescription> %{ #include <linux/version.h> #include <net/sock.h> #include <net/tcp.h> #include <net/ip.h> +#include <linux/skbuff.h> %} // Get retransmission timeout in usecs. RTO is initialized from default @@ -71,6 +74,80 @@ function tcp_ts_get_info_state:long(sock:long) CATCH_DEREF_FAULT(); %} +/* return the TCP destination port for a given sock */ +function __tcp_sock_dport:long (sock:long){ + return @cast(sock, "inet_sock")->dport +} + +/* returns the TCP header for recent (<2.6.21) kernel */ +function __get_skb_tcphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_transport_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header))); + #else + THIS->__retvalue = (long)kread(&(skb->transport_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* returns the TCP header for a given sk_buff structure */ +function __get_skb_tcphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + tcphdr = @cast(skb, "sk_buff")->h->raw + return tcphdr +%: + return __get_skb_tcphdr_new(skb) +%) +} + +/* returns TCP URG flag for a given sk_buff structure */ +function __tcp_skb_urg:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->urg +} + +/* returns TCP ACK flag for a given sk_buff structure */ +function __tcp_skb_ack:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->ack +} + +/* returns TCP PSH flag for a given sk_buff structure */ +function __tcp_skb_psh:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->psh +} + +/* returns TCP RST flag for a given sk_buff structure */ +function __tcp_skb_rst:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->rst +} + +/* returns TCP SYN flag for a given sk_buff structure */ +function __tcp_skb_syn:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->syn +} + +/* returns TCP FIN flag for a given sk_buff structure */ +function __tcp_skb_fin:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->fin +} + +/* returns TCP source port for a given sk_buff structure */ +function __tcp_skb_sport:long (tcphdr){ + return ntohs(@cast(tcphdr, "tcphdr")->source) +} + +/* returns TCP destination port for a given sk_buff structure */ +function __tcp_skb_dport:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->dest +} + +/* return the TCP source port for a given sock */ +function __tcp_sock_sport:long (sock:long){ + return @cast(sock, "inet_sock")->sport +} + global sockstate[13], sockstate_init_p function tcp_sockstate_str:string (state:long) { if (! sockstate_init_p) { @@ -180,6 +257,10 @@ probe tcp.sendmsg.return = kernel.function("tcp_sendmsg").return { * @name: Name of this probe * @sock: Network socket * @size: Number of bytes to be received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port * Context: * The process which receives a tcp message */ @@ -187,12 +268,20 @@ probe tcp.recvmsg = kernel.function("tcp_recvmsg") { name = "tcp.recvmsg" sock = $sk size = $len + saddr = ip_ntop(__ip_sock_saddr($sk)) + daddr = ip_ntop(__ip_sock_daddr($sk)) + sport = __tcp_sock_sport($sk) + dport = __tcp_sock_dport($sk) } /** * probe tcp.recvmsg.return - Receiving TCP message complete * @name: Name of this probe * @size: Number of bytes received or error code if an error occurred. + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port * * Context: * The process which receives a tcp message @@ -200,6 +289,10 @@ probe tcp.recvmsg = kernel.function("tcp_recvmsg") { probe tcp.recvmsg.return = kernel.function("tcp_recvmsg").return { name = "tcp.recvmsg" size = $return + saddr = ip_ntop(__ip_sock_saddr($sk)) + daddr = ip_ntop(__ip_sock_daddr($sk)) + sport = __tcp_sock_sport($sk) + dport = __tcp_sock_dport($sk) } /** @@ -207,6 +300,10 @@ probe tcp.recvmsg.return = kernel.function("tcp_recvmsg").return { * @name: Name of this probe * @sock: Network socket * @flags: TCP flags (e.g. FIN, etc) + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port * * Context: * The process which disconnects tcp @@ -215,6 +312,10 @@ probe tcp.disconnect = kernel.function("tcp_disconnect") { name = "tcp.disconnect" sock = $sk flags = $flags + saddr = ip_ntop(__ip_sock_saddr($sk)) + daddr = ip_ntop(__ip_sock_daddr($sk)) + sport = __tcp_sock_sport($sk) + dport = __tcp_sock_dport($sk) } /** @@ -264,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return { ret = $return } +/** + * probe tcp.receive - Called when a TCP packet is received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port + * @urg: TCP URG flag + * @ack: TCP ACK flag + * @psh: TCP PSH flag + * @rst: TCP RST flag + * @syn: TCP SYN flag + * @fin: TCP FIN flag + */ +probe tcp.receive = kernel.function("tcp_v4_rcv") { + iphdr = __get_skb_iphdr($skb) + saddr = ip_ntop(__ip_skb_saddr(iphdr)) + daddr = ip_ntop(__ip_skb_daddr(iphdr)) + protocol = __ip_skb_proto(iphdr) + + tcphdr = __get_skb_tcphdr($skb) + dport = __tcp_skb_dport(tcphdr) + sport = __tcp_skb_sport(tcphdr) + urg = __tcp_skb_urg(tcphdr) + ack = __tcp_skb_ack(tcphdr) + psh = __tcp_skb_psh(tcphdr) + rst = __tcp_skb_rst(tcphdr) + syn = __tcp_skb_syn(tcphdr) + fin = __tcp_skb_fin(tcphdr) +} diff --git a/tapset/timestamp.stp b/tapset/timestamp.stp index ce8f7558..0b9d350a 100644 --- a/tapset/timestamp.stp +++ b/tapset/timestamp.stp @@ -6,7 +6,11 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// Each timestamp function returns a value to indicate when a function is executed. These +//returned values can then be used to indicate when an event occurred, provide an ordering for events, +//or compute the amount of time elapsed between two time stamps. +// </tapsetdescription> /** * sfunction get_cycles - Processor cycle count. * diff --git a/tapset/ucontext-symbols.stp b/tapset/ucontext-symbols.stp new file mode 100644 index 00000000..5502f5cd --- /dev/null +++ b/tapset/ucontext-symbols.stp @@ -0,0 +1,75 @@ +// User context symbols tapset +// Copyright (C) 2009 Red Hat Inc. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +// <tapsetdescription> +// User context symbol functions provide additional information about +// addresses from an application. These functions can provide +// information about the user space map (library) that the event occured or +// the function symbol of an address. +// </tapsetdescription> + +%{ +#ifndef STP_NEED_SYMBOL_DATA +#define STP_NEED_SYMBOL_DATA 1 +#endif +#ifndef STP_NEED_VMA_TRACKER +#define STP_NEED_VMA_TRACKER 1 +#endif +%} + +/** + * sfunction usymname - Return the symbol of an address in the current task. EXPERIMENTAL! + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function usymname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 0); +%} + +/** + * sfunction usymdata - Return the symbol and module offset of an address. EXPERIMENTAL! + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address in the current task if known, plus the module name + * (between brackets) and the offset inside the module (shared library), + * plus the size of the symbol function. If any element is not known it + * will be ommitted and if the symbol name is unknown it will return the + * hex string for the given address. + */ +function usymdata:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 1); +%} + +/** + * sfunction print_ustack - Print out stack for the current task from string. EXPERIMENTAL! + * @stk: String with list of hexidecimal addresses for the current task. + * + * Perform a symbolic lookup of the addresses in the given string, + * which is assumed to be the result of a prior call to + * <command>ubacktrace()</command> for the current task. + * + * Print one line per address, including the address, the + * name of the function containing the address, and an estimate of + * its position within that function. Return nothing. + */ +function print_ustack(stk:string) %{ + char *ptr = THIS->stk; + char *tok = strsep(&ptr, " "); + while (tok && *tok) { + _stp_print_char(' '); + _stp_usymbol_print (simple_strtol(tok, NULL, 16), current); + _stp_print_char('\n'); + tok = strsep(&ptr, " "); + } +%} diff --git a/tapset/ucontext-unwind.stp b/tapset/ucontext-unwind.stp new file mode 100644 index 00000000..0801f1c9 --- /dev/null +++ b/tapset/ucontext-unwind.stp @@ -0,0 +1,52 @@ +// User context unwind tapset +// Copyright (C) 2009 Red Hat Inc. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +%{ +#ifndef STP_NEED_UNWIND_DATA +#define STP_NEED_UNWIND_DATA 1 +#endif +#ifndef STP_NEED_SYMBOL_DATA +#define STP_NEED_SYMBOL_DATA 1 +#endif +#ifndef STP_NEED_VMA_TRACKER +#define STP_NEED_VMA_TRACKER 1 +#endif +%} + +/** + * sfunction print_ubacktrace - Print stack back trace for current task. EXPERIMENTAL! + * + * Equivalent to <command>print_ustack(ubacktrace())</command>, + * except that deeper stack nesting may be supported. Return nothing. + */ +function print_ubacktrace () %{ + if (CONTEXT->regs) { + _stp_stack_print(CONTEXT->regs, 1, CONTEXT->pi, MAXTRACE, + current); + } else { + _stp_printf("Systemtap probe: %s\n", CONTEXT->probe_point); + } +%} + +/** + * sfunction ubacktrace - Hex backtrace of current task stack. EXPERIMENTAL! + * + * Return a string of hex addresses that are a backtrace of the + * stack of the current task. Output may be truncated as per maximum + * string length. Returns empty string when current probe point cannot + * determine user backtrace. + */ + +function ubacktrace:string () %{ /* pure */ + if (CONTEXT->regs) + _stp_stack_snprint (THIS->__retvalue, MAXSTRINGLEN, + CONTEXT->regs, 0, CONTEXT->pi, MAXTRACE, + current); + else + strlcpy (THIS->__retvalue, "", MAXSTRINGLEN); +%} diff --git a/tapset/udp.stp b/tapset/udp.stp index 707cf77d..2255074a 100644 --- a/tapset/udp.stp +++ b/tapset/udp.stp @@ -5,7 +5,9 @@ // redistribute it and/or modify it under the terms of the GNU General // Public License (GPL); either version 2, or (at your option) any // later version. - +// <tapsetdescription> +// This family of probe points is used to probe events that occur in the UDP layer. +// </tapsetdescription> %{ #include <linux/version.h> #include <net/sock.h> @@ -15,12 +17,12 @@ /** * probe udp.sendmsg - Fires whenever a process sends a UDP message - * @name: Name of this probe - * @sock: Network socket - * @size: Number of bytes to send + * @name: The name of this probe + * @sock: Network socket used by the process + * @size: Number of bytes sent by the process * * Context: - * The process which sends a udp message + * The process which sent a UDP message */ probe udp.sendmsg = kernel.function("udp_sendmsg") { name = "udp.sendmsg" @@ -30,11 +32,11 @@ probe udp.sendmsg = kernel.function("udp_sendmsg") { /** * probe udp.sendmsg.return - Fires whenever an attempt to send a UDP message is completed - * @name: Name of this probe - * @size: Number of bytes sent + * @name: The name of this probe + * @size: Number of bytes sent by the process * * Context: - * The process which sends a udp message + * The process which sent a UDP message */ probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { name = "udp.sendmsg" @@ -43,12 +45,12 @@ probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { /** * probe udp.recvmsg - Fires whenever a UDP message is received - * @name: Name of this probe - * @sock: Network socket - * @size: Number of bytes received + * @name: The name of this probe + * @sock: Network socket used by the process + * @size: Number of bytes received by the process * * Context: - * The process which receives a udp message + * The process which received a UDP message */ probe udp.recvmsg = kernel.function("udp_recvmsg") { name = "udp.recvmsg" @@ -57,12 +59,12 @@ probe udp.recvmsg = kernel.function("udp_recvmsg") { } /** - * probe udp.recvmsg.return - An attempt to receive a UDP message received has been completed - * @name: Name of this probe - * @size: Number of bytes received + * probe udp.recvmsg.return - Fires whenever an attempt to receive a UDP message received is completed + * @name: The name of this probe + * @size: Number of bytes received by the process * * Context: - * The process which receives a udp message + * The process which received a UDP message */ probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { name = "udp.recvmsg" @@ -70,13 +72,13 @@ probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { } /** - * probe udp.disconnect - A process requests for UPD to be UDP disconnected - * @name: Name of this probe - * @sock: Network socket + * probe udp.disconnect - Fires when a process requests for a UDP disconnection + * @name: The name of this probe + * @sock: Network socket used by the process * @flags: Flags (e.g. FIN, etc) * * Context: - * The process which disconnects UDP + * The process which requests a UDP disconnection */ probe udp.disconnect = kernel.function("udp_disconnect") { name = "udp.disconnect" @@ -86,11 +88,11 @@ probe udp.disconnect = kernel.function("udp_disconnect") { /** * probe udp.disconnect.return - UDP has been disconnected successfully - * @name: Name of this probe + * @name: The name of this probe * @ret: Error code (0: no error) * * Context: - * The process which disconnects udp + * The process which requested a UDP disconnection */ probe udp.disconnect.return = kernel.function("udp_disconnect").return { name = "udp.disconnect" diff --git a/tapset/utrace.stp b/tapset/utrace.stp index 34cb32c5..0d26ed5f 100644 --- a/tapset/utrace.stp +++ b/tapset/utrace.stp @@ -1,18 +1,26 @@ /* utrace-only subset of register accessors */ - %{ #include "syscall.h" %} -function _utrace_syscall_nr:long () %{ - THIS->__retvalue = __stp_user_syscall_nr(CONTEXT->regs); /* pure */ +function _utrace_syscall_nr:long () %{ /* pure */ + THIS->__retvalue = syscall_get_nr(current, CONTEXT->regs); %} -function _utrace_syscall_arg:long (n:long) %{ - THIS->__retvalue = *__stp_user_syscall_arg(current, CONTEXT->regs, (int)THIS->n); /* pure */ +function _utrace_syscall_arg:long (n:long) %{ /* pure */ + unsigned long arg = 0; + syscall_get_arguments(current, CONTEXT->regs, (int)THIS->n, 1, &arg); + THIS->__retvalue = arg; %} -function _utrace_syscall_return:long () %{ - THIS->__retvalue = *__stp_user_syscall_return_value(current, CONTEXT->regs); /* pure */ +function _utrace_syscall_return:long () %{ /* pure */ + /* + * Here's the reason for the "unsigned long" cast. Since all + * values inside systemtap are 64-bit numbers, return values were + * getting sign extended. This caused return values to not match + * up with the same values passes as arguments. + */ + THIS->__retvalue = (unsigned long)syscall_get_return_value(current, + CONTEXT->regs); %} |