diff options
Diffstat (limited to 'tapset')
| -rw-r--r-- | tapset/DEVGUIDE | 6 | ||||
| -rw-r--r-- | tapset/ansi.stp | 70 | ||||
| -rw-r--r-- | tapset/context-symbols.stp | 61 | ||||
| -rw-r--r-- | tapset/context-unwind.stp | 3 | ||||
| -rw-r--r-- | tapset/context.stp | 25 | ||||
| -rw-r--r-- | tapset/errno.stp | 14 | ||||
| -rw-r--r-- | tapset/i686/syscalls.stp | 2 | ||||
| -rw-r--r-- | tapset/ip.stp | 46 | ||||
| -rw-r--r-- | tapset/kprocess.stp (renamed from tapset/process.stp) | 30 | ||||
| -rw-r--r-- | tapset/tcp.stp | 94 | ||||
| -rw-r--r-- | tapset/ucontext-symbols.stp | 52 | ||||
| -rw-r--r-- | tapset/utrace.stp | 8 |
12 files changed, 380 insertions, 31 deletions
diff --git a/tapset/DEVGUIDE b/tapset/DEVGUIDE index e6bc3fb8..693521a8 100644 --- a/tapset/DEVGUIDE +++ b/tapset/DEVGUIDE @@ -59,8 +59,8 @@ For example, process execs can occur in either the do_execve() or the compat_do_execve() functions. The following alias inserts probes at the beginning of those functions: -probe process.exec = kernel.function("do_execve"), - kernel.function("compat_do_execve") { +probe kprocess.exec = kernel.function("do_execve"), + kernel.function("compat_do_execve") { < probe body > } @@ -87,7 +87,7 @@ process is retrieved by calling task_pid() and passing it the task_struct pointer. In this case, the auxiliary function is an embedded C function that's defined in the task tapset (task.stp). -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) } diff --git a/tapset/ansi.stp b/tapset/ansi.stp new file mode 100644 index 00000000..0152fb37 --- /dev/null +++ b/tapset/ansi.stp @@ -0,0 +1,70 @@ +# ANSI escape sequences tapset +# Copyright (C) 2009 Red Hat, Inc., Eugene Teo <eteo@redhat.com> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# Based on some previous work done by Masami Hiramatsu for stapgames. +# Reference: http://en.wikipedia.org/wiki/ANSI_escape_code +# + +function ansi_clear_screen() { + print("\033[1;1H\033[J") +} + +# Foreground colors | Background colors +# Black 30 | Black 40 +# Blue 34 | Red 41 +# Green 32 | Green 42 +# Cyan 36 | Yellow 43 +# Red 31 | Blue 44 +# Purple 35 | Magenta 45 +# Brown 33 | Cyan 46 +# Light Gray 37 | White 47 +function ansi_set_color(fg:long) { + printf("\033[%dm", fg) +} + +function ansi_set_color2(fg:long, bg:long) { + printf("\033[%d;%dm", bg, fg) +} + +# All attributes off 0 +# Intensity: Bold 1 +# Underline: Single 4 +# Blink: Slow 5 +# Blink: Rapid 6 +# Image: Negative 7 +function ansi_set_color3(fg:long, bg:long, attr:long) { + attr_str = attr ? sprintf(";%dm", attr) : "m" + printf("\033[%d;%d%s", bg, fg, attr_str) +} + +function ansi_reset_color() { + ansi_set_color3(0, 0, 0) +} + +function ansi_new_line() { + printf("\12") +} + +function ansi_cursor_move(x:long, y:long) { + printf("\033[%d;%dH", y, x) +} + +function ansi_cursor_hide() { + print("\033[>5I") +} + +function ansi_cursor_save() { + print("\033[s") +} + +function ansi_cursor_restore() { + print("\033[u") +} + +function ansi_cursor_show() { + print("\033[>5h") +} diff --git a/tapset/context-symbols.stp b/tapset/context-symbols.stp index a3aae408..783f1b7b 100644 --- a/tapset/context-symbols.stp +++ b/tapset/context-symbols.stp @@ -66,7 +66,7 @@ function probefunc:string () %{ /* pure */ #else ((unsigned long)REG_IP(CONTEXT->regs) >= (unsigned long)PAGE_OFFSET)) { #endif - _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs)); + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, REG_IP(CONTEXT->regs), current, 0); if (THIS->__retvalue[0] == '.') /* powerpc symbol has a dot*/ strlcpy(THIS->__retvalue,THIS->__retvalue + 1,MAXSTRINGLEN); } else { @@ -89,8 +89,59 @@ function probemod:string () %{ /* pure */ while (*ptr != '"' && --len && *ptr) *dst++ = *ptr++; *dst = 0; - } else { - /* XXX: need a PC- and symbol-table-based fallback. */ - THIS->__retvalue[0] = '\0'; - } + } else if (CONTEXT->regs) { + struct _stp_module *m; + m = _stp_mod_sec_lookup (REG_IP(CONTEXT->regs), current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); + } else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); +%} + +/** + * sfunction modname - Return the kernel module name loaded at the address. + * @addr: The address. + * + * Description: Returns the module name associated with the given + * address if known. If not known it will return the string "<unknown>". + * If the address was not in a kernel module, but in the kernel itself, + * then the string "kernel" will be returned. + */ +function modname:string (addr: long) %{ /* pure */ + struct _stp_module *m; + m = _stp_mod_sec_lookup (THIS->addr, current, NULL); + if (m && m->name) + strlcpy (THIS->__retvalue, m->name, MAXSTRINGLEN); + else + strlcpy (THIS->__retvalue, "<unknown>", MAXSTRINGLEN); +%} + +/** + * sfunction symname - Return the symbol associated with the given address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function symname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + NULL, 0); +%} + +/** + * sfunction symdata - Return the symbol and module offset for the address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known, plus the module name (between brackets) and + * the offset inside the module, plus the size of the symbol function. + * If any element is not known it will be ommitted and if the symbol name + * is unknown it will return the hex string for the given address. + */ +function symdata:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + NULL, 1); %} diff --git a/tapset/context-unwind.stp b/tapset/context-unwind.stp index 90d4e0f4..b3d19e29 100644 --- a/tapset/context-unwind.stp +++ b/tapset/context-unwind.stp @@ -56,7 +56,8 @@ function backtrace:string () %{ /* pure */ function caller:string() %{ /* pure */ if (CONTEXT->pi) _stp_symbol_snprint( THIS->__retvalue, MAXSTRINGLEN, - (unsigned long)_stp_ret_addr_r(CONTEXT->pi)); + (unsigned long)_stp_ret_addr_r(CONTEXT->pi), + current, 0); else strlcpy(THIS->__retvalue,"unknown",MAXSTRINGLEN); %} diff --git a/tapset/context.stp b/tapset/context.stp index 9f4be0e6..36d68c8d 100644 --- a/tapset/context.stp +++ b/tapset/context.stp @@ -11,6 +11,11 @@ //provide information such as a backtrace to where the event occured and the current register values for the //processor. // </tapsetdescription> + +%{ +#include <asm/processor.h> +%} + /** * sfunction print_regs - Print a register dump. */ @@ -227,3 +232,23 @@ function stack_unused:long () %{ /* pure */ THIS->__retvalue = (long)&a & (THREAD_SIZE-1); %} +/** + * sfunction uaddr - User space address of current running task. + * + * Description: Returns the address in userspace that the current + * task was at when the probe occured. When the current running task + * isn't a user space thread, or the address cannot be found, zero + * is returned. + */ +function uaddr:long () %{ /* pure */ + int64_t addr = 0; + if (current->mm) + { + struct pt_regs *uregs; + uregs = task_pt_regs(current); + if (uregs) + addr = (int64_t) REG_IP(uregs); + } + THIS->__retvalue = addr; +%} + diff --git a/tapset/errno.stp b/tapset/errno.stp index eda9bff1..011ff7e2 100644 --- a/tapset/errno.stp +++ b/tapset/errno.stp @@ -345,12 +345,20 @@ static const int Maxerrno = sizeof(errlist)/sizeof(char *); function errno_str:string (err:long) %{ /* pure */ long e = THIS->err; - if (e < 0 && e > -Maxerrno && errlist[-e]) - strlcpy (THIS->__retvalue, errlist[-e], MAXSTRINGLEN); - else if (e > 0 && e < Maxerrno && errlist[e]) + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) strlcpy (THIS->__retvalue, errlist[e], MAXSTRINGLEN); %} +function errno_p:long (err:long) %{ /* pure */ + long e = THIS->err; + e = (e > 0 ? e : -e); + if (e > 0 && e < Maxerrno && errlist[e]) + THIS->__retvalue = e; + else + THIS->__retvalue = 0; +%} + %{ static long _stp_returnval(struct pt_regs *regs) { if (regs) { diff --git a/tapset/i686/syscalls.stp b/tapset/i686/syscalls.stp index 8e69f622..2a89c19d 100644 --- a/tapset/i686/syscalls.stp +++ b/tapset/i686/syscalls.stp @@ -119,7 +119,7 @@ probe syscall.set_zone_reclaim.return = # probe syscall.sigaltstack = kernel.function("sys_sigaltstack") { name = "sigaltstack" - ussp = %( kernel_vr < "2.6.25" %? $ebx %: $bx %) + ussp = %( kernel_vr < "2.6.25" %? $ebx %: %( kernel_vr < "2.6.29" %? $bx %: $regs->bx %) %) argstr = sprintf("%p", ussp) } probe syscall.sigaltstack.return = kernel.function("sys_sigaltstack").return { diff --git a/tapset/ip.stp b/tapset/ip.stp index 1e2e263c..299d88d2 100644 --- a/tapset/ip.stp +++ b/tapset/ip.stp @@ -7,6 +7,10 @@ // // Based on previous work done by Arnaldo Carvalho de Melo <acme@redhat.com> +%{ +#include <linux/skbuff.h> +%} + /** * sfunction ip_ntop - returns a string representation from an integer IP number * @addr: the ip represented as an integer @@ -30,3 +34,45 @@ function __ip_sock_daddr:long (sock:long) { return @cast(sock, "inet_sock")->daddr } + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} diff --git a/tapset/process.stp b/tapset/kprocess.stp index e39f740a..316e03ce 100644 --- a/tapset/process.stp +++ b/tapset/kprocess.stp @@ -1,4 +1,4 @@ -// process tapset +// kernel process tapset // Copyright (C) 2006 Intel Corporation. // // This file is part of systemtap, and is free software. You can @@ -15,7 +15,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ /** - * probe process.create - Fires whenever a new process is successfully created + * probe kprocess.create - Fires whenever a new process is successfully created * @new_pid: The PID of the newly created process * * Context: @@ -24,7 +24,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ * Fires whenever a new process is successfully created, either as a result of * <command>fork</command> (or one of its syscall variants), or a new kernel thread. */ -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return if (_IS_ERR(task)) next new_pid = task_pid(task) @@ -32,7 +32,7 @@ probe process.create = kernel.function("copy_process").return { /** - * probe process.start - Starting new process + * probe kprocess.start - Starting new process * * Context: * Newly created process. @@ -40,11 +40,11 @@ probe process.create = kernel.function("copy_process").return { * Fires immediately before a new process begins execution. * */ -probe process.start = kernel.function("schedule_tail") { } +probe kprocess.start = kernel.function("schedule_tail") { } /** - * probe process.exec - Attempt to exec to a new program + * probe kprocess.exec - Attempt to exec to a new program * @filename: The path to the new executable * * Context: @@ -52,7 +52,7 @@ probe process.start = kernel.function("schedule_tail") { } * * Fires whenever a process attempts to exec to a new program. */ -probe process.exec = +probe kprocess.exec = kernel.function("do_execve"), kernel.function("compat_do_execve") ? { @@ -61,7 +61,7 @@ probe process.exec = /** - * probe process.exec_complete - Return from exec to a new program + * probe kprocess.exec_complete - Return from exec to a new program * @errno: The error number resulting from the exec * @success: A boolean indicating whether the exec was successful * @@ -71,7 +71,7 @@ probe process.exec = * * Fires at the completion of an exec call. */ -probe process.exec_complete = +probe kprocess.exec_complete = kernel.function("do_execve").return, kernel.function("compat_do_execve").return ? { @@ -81,23 +81,23 @@ probe process.exec_complete = /** - * probe process.exit - Exit from process + * probe kprocess.exit - Exit from process * @code: The exit code of the process * * Context: * The process which is terminating. * * Fires when a process terminates. This will always be followed by a - * process.release, though the latter may be delayed if the process waits in a + * kprocess.release, though the latter may be delayed if the process waits in a * zombie state. */ -probe process.exit = kernel.function("do_exit") { +probe kprocess.exit = kernel.function("do_exit") { code = $code } /** - * probe process.release - Process released + * probe kprocess.release - Process released * @task: A task handle to the process being released * @pid: PID of the process being released * @@ -106,10 +106,10 @@ probe process.exit = kernel.function("do_exit") { * termination, else the context of the process itself. * * Fires when a process is released from the kernel. This always follows a - * process.exit, though it may be delayed somewhat if the process waits in a + * kprocess.exit, though it may be delayed somewhat if the process waits in a * zombie state. */ -probe process.release = kernel.function("release_task") { +probe kprocess.release = kernel.function("release_task") { task = $p pid = $p->pid; } diff --git a/tapset/tcp.stp b/tapset/tcp.stp index bb96b0cb..2c5dce7e 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -15,6 +15,7 @@ #include <net/sock.h> #include <net/tcp.h> #include <net/ip.h> +#include <linux/skbuff.h> %} // Get retransmission timeout in usecs. RTO is initialized from default @@ -78,6 +79,70 @@ function __tcp_sock_dport:long (sock:long){ return @cast(sock, "inet_sock")->dport } +/* returns the TCP header for recent (<2.6.21) kernel */ +function __get_skb_tcphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_transport_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header))); + #else + THIS->__retvalue = (long)kread(&(skb->transport_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* returns the TCP header for a given sk_buff structure */ +function __get_skb_tcphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + tcphdr = @cast(skb, "sk_buff")->h->raw + return tcphdr +%: + return __get_skb_tcphdr_new(skb) +%) +} + +/* returns TCP URG flag for a given sk_buff structure */ +function __tcp_skb_urg:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->urg +} + +/* returns TCP ACK flag for a given sk_buff structure */ +function __tcp_skb_ack:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->ack +} + +/* returns TCP PSH flag for a given sk_buff structure */ +function __tcp_skb_psh:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->psh +} + +/* returns TCP RST flag for a given sk_buff structure */ +function __tcp_skb_rst:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->rst +} + +/* returns TCP SYN flag for a given sk_buff structure */ +function __tcp_skb_syn:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->syn +} + +/* returns TCP FIN flag for a given sk_buff structure */ +function __tcp_skb_fin:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->fin +} + +/* returns TCP source port for a given sk_buff structure */ +function __tcp_skb_sport:long (tcphdr){ + return ntohs(@cast(tcphdr, "tcphdr")->source) +} + +/* returns TCP destination port for a given sk_buff structure */ +function __tcp_skb_dport:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->dest +} + /* return the TCP source port for a given sock */ function __tcp_sock_sport:long (sock:long){ return @cast(sock, "inet_sock")->sport @@ -300,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return { ret = $return } +/** + * probe tcp.receive - Called when a TCP packet is received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port + * @urg: TCP URG flag + * @ack: TCP ACK flag + * @psh: TCP PSH flag + * @rst: TCP RST flag + * @syn: TCP SYN flag + * @fin: TCP FIN flag + */ +probe tcp.receive = kernel.function("tcp_v4_rcv") { + iphdr = __get_skb_iphdr($skb) + saddr = ip_ntop(__ip_skb_saddr(iphdr)) + daddr = ip_ntop(__ip_skb_daddr(iphdr)) + protocol = __ip_skb_proto(iphdr) + + tcphdr = __get_skb_tcphdr($skb) + dport = __tcp_skb_dport(tcphdr) + sport = __tcp_skb_sport(tcphdr) + urg = __tcp_skb_urg(tcphdr) + ack = __tcp_skb_ack(tcphdr) + psh = __tcp_skb_psh(tcphdr) + rst = __tcp_skb_rst(tcphdr) + syn = __tcp_skb_syn(tcphdr) + fin = __tcp_skb_fin(tcphdr) +} diff --git a/tapset/ucontext-symbols.stp b/tapset/ucontext-symbols.stp new file mode 100644 index 00000000..3813a8bf --- /dev/null +++ b/tapset/ucontext-symbols.stp @@ -0,0 +1,52 @@ +// User context symbols tapset +// Copyright (C) 2009 Red Hat Inc. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. + +// <tapsetdescription> +// User context symbol functions provide additional information about +// addresses from an application. These functions can provide +// information about the user space map (library) that the event occured or +// the function symbol of an address. +// </tapsetdescription> + +%{ +#ifndef STP_NEED_SYMBOL_DATA +#define STP_NEED_SYMBOL_DATA 1 +#endif +#ifndef STP_NEED_VMA_TRACKER +#define STP_NEED_VMA_TRACKER 1 +#endif +%} + +/** + * sfunction usymname - Return the symbol of an address in the current task. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address if known. If not known it will return the hex string + * representation of addr. + */ +function usymname:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 0); +%} + +/** + * sfunction usymdata - Return the symbol and module offset of an address. + * @addr: The address to translate. + * + * Description: Returns the (function) symbol name associated with the + * given address in the current task if known, plus the module name + * (between brackets) and the offset inside the module (shared library), + * plus the size of the symbol function. If any element is not known it + * will be ommitted and if the symbol name is unknown it will return the + * hex string for the given address. + */ +function usymdata:string (addr: long) %{ /* pure */ + _stp_symbol_snprint(THIS->__retvalue, MAXSTRINGLEN, THIS->addr, + current, 1); +%} diff --git a/tapset/utrace.stp b/tapset/utrace.stp index 34cb32c5..00f427e6 100644 --- a/tapset/utrace.stp +++ b/tapset/utrace.stp @@ -6,13 +6,15 @@ %} function _utrace_syscall_nr:long () %{ - THIS->__retvalue = __stp_user_syscall_nr(CONTEXT->regs); /* pure */ + THIS->__retvalue = syscall_get_nr(current, CONTEXT->regs); /* pure */ %} function _utrace_syscall_arg:long (n:long) %{ - THIS->__retvalue = *__stp_user_syscall_arg(current, CONTEXT->regs, (int)THIS->n); /* pure */ + unsigned long arg = 0; /* pure */ + syscall_get_arguments(current, CONTEXT->regs, (int)THIS->n, 1, &arg); + THIS->__retvalue = arg; %} function _utrace_syscall_return:long () %{ - THIS->__retvalue = *__stp_user_syscall_return_value(current, CONTEXT->regs); /* pure */ + THIS->__retvalue = syscall_get_return_value(current, CONTEXT->regs); /* pure */ %} |