|
|
c1bac6 |
HAND-MODIFIED commit 18b9b5e7be0a0d4e7aa0c235e95286eaf894fa6a
|
|
|
c1bac6 |
Author: Jonathan Lebon <jlebon@redhat.com>
|
|
|
c1bac6 |
Date: Tue Jan 14 11:15:17 2014 -0500
|
|
|
c1bac6 |
|
|
|
c1bac6 |
kprocess.exec: rely on syscall.execve
|
|
|
c1bac6 |
|
|
|
c1bac6 |
By relying on syscall.execve, we get the benefits of compatibility
|
|
|
c1bac6 |
across different kernel versions, as well as access to the arguments.
|
|
|
c1bac6 |
|
|
|
c1bac6 |
[fche] allow stap version 2.4 (rhel7.0.*) to use the modified aliases too.
|
|
|
c1bac6 |
|
|
|
c1bac6 |
diff --git a/tapset/linux/kprocess.stp b/tapset/linux/kprocess.stp
|
|
|
c1bac6 |
index f30a66b..848c53e 100644
|
|
|
c1bac6 |
--- a/tapset/linux/kprocess.stp
|
|
|
c1bac6 |
+++ b/tapset/linux/kprocess.stp
|
|
|
c1bac6 |
@@ -1,5 +1,6 @@
|
|
|
c1bac6 |
// kernel process tapset
|
|
|
c1bac6 |
// Copyright (C) 2006 Intel Corporation.
|
|
|
c1bac6 |
+// Copyright (C) 2014 Red Hat Inc.
|
|
|
c1bac6 |
//
|
|
|
c1bac6 |
// This file is part of systemtap, and is free software. You can
|
|
|
c1bac6 |
// redistribute it and/or modify it under the terms of the GNU General
|
|
|
c1bac6 |
@@ -47,38 +48,70 @@ probe kprocess.start = kernel.function("schedule_tail") { }
|
|
|
c1bac6 |
|
|
|
c1bac6 |
/**
|
|
|
c1bac6 |
* probe kprocess.exec - Attempt to exec to a new program
|
|
|
c1bac6 |
+ *
|
|
|
c1bac6 |
* @filename: The path to the new executable
|
|
|
c1bac6 |
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
|
|
|
c1bac6 |
+ * @args: The arguments to pass to the new executable, including
|
|
|
c1bac6 |
+ * the 0th arg (SystemTap v2.5+)
|
|
|
c1bac6 |
+ * @argstr: A string containing the filename followed by the
|
|
|
c1bac6 |
+ * arguments to pass, excluding 0th arg (SystemTap v2.5+)
|
|
|
c1bac6 |
*
|
|
|
c1bac6 |
* Context:
|
|
|
c1bac6 |
* The caller of exec.
|
|
|
c1bac6 |
*
|
|
|
c1bac6 |
- * Fires whenever a process attempts to exec to a new program.
|
|
|
c1bac6 |
+ * Fires whenever a process attempts to exec to a new program. Aliased
|
|
|
c1bac6 |
+ * to the syscall.execve probe in SystemTap v2.5+.
|
|
|
c1bac6 |
*/
|
|
|
c1bac6 |
+%(systemtap_v <= "2.3" %?
|
|
|
c1bac6 |
probe kprocess.exec =
|
|
|
c1bac6 |
kernel.function("do_execve"),
|
|
|
c1bac6 |
kernel.function("compat_do_execve") ?
|
|
|
c1bac6 |
{
|
|
|
c1bac6 |
filename = kernel_string($filename)
|
|
|
c1bac6 |
}
|
|
|
c1bac6 |
+%:
|
|
|
c1bac6 |
+probe kprocess.exec = syscall.execve
|
|
|
c1bac6 |
+{
|
|
|
c1bac6 |
+ /*
|
|
|
c1bac6 |
+ name = "execve"
|
|
|
c1bac6 |
+ filename = user_string_quoted(@choose_defined($filename, $name))
|
|
|
c1bac6 |
+ # kernel 3.0 changed the pointer's name to __argv
|
|
|
c1bac6 |
+ __argv = @choose_defined($__argv, $argv)
|
|
|
c1bac6 |
+ args = __get_argv(__argv, 0)
|
|
|
c1bac6 |
+ argstr = sprintf("%s %s", filename, __get_argv(__argv, 1))
|
|
|
c1bac6 |
+ */
|
|
|
c1bac6 |
+}
|
|
|
c1bac6 |
+%)
|
|
|
c1bac6 |
|
|
|
c1bac6 |
|
|
|
c1bac6 |
/**
|
|
|
c1bac6 |
* probe kprocess.exec_complete - Return from exec to a new program
|
|
|
c1bac6 |
* @errno: The error number resulting from the exec
|
|
|
c1bac6 |
* @success: A boolean indicating whether the exec was successful
|
|
|
c1bac6 |
+ * @name: Name of the system call ("execve") (SystemTap v2.5+)
|
|
|
c1bac6 |
+ * @retstr: A string representation of errno (SystemTap v2.5+)
|
|
|
c1bac6 |
*
|
|
|
c1bac6 |
* Context:
|
|
|
c1bac6 |
* On success, the context of the new executable.
|
|
|
c1bac6 |
* On failure, remains in the context of the caller.
|
|
|
c1bac6 |
*
|
|
|
c1bac6 |
- * Fires at the completion of an exec call.
|
|
|
c1bac6 |
+ * Fires at the completion of an exec call. Aliased to the
|
|
|
c1bac6 |
+ * syscall.execve.return probe in SystemTap v2.5+.
|
|
|
c1bac6 |
*/
|
|
|
c1bac6 |
+%(systemtap_v <= "2.3" %?
|
|
|
c1bac6 |
probe kprocess.exec_complete =
|
|
|
c1bac6 |
kernel.function("do_execve").return,
|
|
|
c1bac6 |
kernel.function("compat_do_execve").return ?
|
|
|
c1bac6 |
+%:
|
|
|
c1bac6 |
+probe kprocess.exec_complete = syscall.execve.return
|
|
|
c1bac6 |
+%)
|
|
|
c1bac6 |
{
|
|
|
c1bac6 |
errno = $return
|
|
|
c1bac6 |
success = (errno >= 0)
|
|
|
c1bac6 |
+ /*
|
|
|
c1bac6 |
+ name = "execve"
|
|
|
c1bac6 |
+ retstr = return_str(1, $return)
|
|
|
c1bac6 |
+ */
|
|
|
c1bac6 |
}
|
|
|
c1bac6 |
|
|
|
c1bac6 |
|
|
|
c1bac6 |
diff --git a/tapset/linux/syscalls.stp b/tapset/linux/syscalls.stp
|
|
|
c1bac6 |
index 613640d..f33923b 100644
|
|
|
c1bac6 |
--- a/tapset/linux/syscalls.stp
|
|
|
c1bac6 |
+++ b/tapset/linux/syscalls.stp
|
|
|
c1bac6 |
@@ -716,6 +716,7 @@ probe syscall.eventfd.return = kernel.function("sys_eventfd2").return !,
|
|
|
c1bac6 |
}
|
|
|
c1bac6 |
|
|
|
c1bac6 |
# execve _____________________________________________________
|
|
|
c1bac6 |
+# NB: kprocess.exec[_complete] is aliased to syscall.execve[.return]
|
|
|
c1bac6 |
%( kernel_v >= "3.7" %?
|
|
|
c1bac6 |
# In kernels >= 3.7, sys_execve() has been moved to generic code, so we
|
|
|
c1bac6 |
# can use it with confidence.
|