1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#!/usr/bin/env stap -DMAXMAPENTRIES=20480 $0 $@; exit $?
# errsnoop.stp
# Copyright (C) 2009 Red Hat, Inc., Eugene Teo <eteo@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# attack "stupid userspace" apps
#
global error, trace
probe syscall.* {
# assume syscall don't nest
trace[tid()] = argstr
}
probe syscall.*.return {
errno = errno_p(returnval())
if (errno != 0) {
t = tid()
argstr = trace[t]
delete trace[t]
error[name, execname(), pid(), errno, argstr] <<< 1
}
}
probe timer.s(%( $# > 0 %? $1 %: 5 %)) {
ansi_clear_screen()
printf("%17s %15s %5s %4s %-12s %s\n",
"SYSCALL", "PROCESS", "PID", "HITS", "ERRSTR", "ARGSTR")
foreach([fn, comm, pid, errno, argstr] in error- limit %( $# > 1 %? $2 %: 20 %)) {
errstr = sprintf("%3d (%s)", errno, errno_str(errno))
printf("%17s %15s %5d %4d %-12s %s\n", fn, comm, pid,
@count(error[fn, comm, pid, errno, argstr]),
# errstr, substr(argstr,0,22)) # within cols#80
errstr, argstr)
}
delete error
}
|
