1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
// Copyright (C) 2005, 2006 IBM Corp.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
/* the trace hooks defined here are used by lket internally and they
will be turned on by default */
/* record the newly created process name */
function log_execve_tracedata(var:long)
%{
long tmp=(long)THIS->var;
_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_EXECVE, "%4b%4b%4b%0s",
(_FMT_)current->pid, (_FMT_)current->tgid,
(_FMT_)current->parent->tgid,
(char *)tmp /* FIXME: deref hazard! */);
%}
/* record the newly forked process id */
function log_fork_tracedata(task:long)
%{
/*
pid_t pid = (pid_t)THIS->var;
_lket_trace(_GROUP_PROCESS, THIS->var_id, "%4b", (_FMT_)pid);
*/
struct task_struct *task = (struct task_struct *)((long)THIS->task);
struct task_struct *parent = kread(&(task->parent));
_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_FORK, "%4b%4b%4b",
(_FMT_)kread(&(task->pid)),
(_FMT_)kread(&(task->tgid)),
(_FMT_)kread(&(parent->tgid)));
CATCH_DEREF_FAULT();
%}
/************************************************************
* This function could be used to take a snapshot of all the *
* processes. It's not a probe, so the data format doesn't *
* follow the format used by probe handlers *
************************************************************/
function process_snapshot()
%{
struct task_struct *tsk;
struct list_head *cur, *head;
_stp_pbuf *pb;
int cpu = smp_processor_id();
char *total_length;
head = &(current->tasks);
/* iterate all the processes, and record the pid and process
name for each entry */
/* FIXME: need some sort of lock before doing this! */
for_each_process(tsk) {
_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_SNAPSHOT, "%4b%4b%4b%0s",
(_FMT_)tsk->pid, (_FMT_)tsk->tgid, (_FMT_)tsk->parent->tgid, tsk->comm);
#if !defined(ASCII_TRACE)
pb = per_cpu_ptr(Stp_pbuf, smp_processor_id());
total_length = &(pb->buf[0]);
*(int16_t *)total_length = pb->len - 4;
#endif
_stp_print_flush();
}
%}
probe addevent.process = addevent.process.exit {}
probe addevent.process.exit = addevent.process.exit.entry {}
probe addevent.process.exit.entry
+= _addevent.process.exit.entry
{
update_record()
}
probe _addevent.process.exit.entry
= process.exit
{
log_process_exit(code)
}
function log_process_exit(code:long)
%{
_lket_trace(_GROUP_PROCESS, _HOOKID_PROCESS_EXIT_ENTRY,
"%8b", THIS->code);
%}
probe lket_internal.process { }
probe lket_internal.process
= lket_internal.process.execve,
lket_internal.process.fork
{}
/*
we should capture both do_execve for 64-bit app
and compat_do_execve for 32-bit app
*/
probe lket_internal.process.execve
+= _lket_internal.process.execve
{
update_record()
}
probe _lket_internal.process.execve
= process.exec
{
if(stoptrace_exec==1) next;
log_execve_tracedata($filename)
}
probe lket_internal.process.fork
+= _lket_internal.process.fork
{
update_record()
}
probe _lket_internal.process.fork
= process.create
{
if(stoptrace_fork==1) next;
log_fork_tracedata($return)
}
|
