From owner-freebsd-dtrace@freebsd.org Tue Sep 8 00:31:20 2015 Return-Path: Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32BFE9CB89B for ; Tue, 8 Sep 2015 00:31:20 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from smtp.hungerhost.com (smtp.hungerhost.com [216.38.53.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E5481564 for ; Tue, 8 Sep 2015 00:31:19 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from pool-108-54-164-204.nycmny.fios.verizon.net ([108.54.164.204]:65276 helo=[172.16.33.1]) by vps.hungerhost.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from ) id 1ZZ6oh-0000wR-4I; Mon, 07 Sep 2015 20:31:19 -0400 From: "George Neville-Neil" To: "alex.burlyga.ietf alex.burlyga.ietf" Cc: freebsd-dtrace@freebsd.org Subject: Re: Broken dtrace script in /usr/share/dtrace Date: Mon, 07 Sep 2015 20:31:08 -0400 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Mailer: MailMate (1.9.2r5107) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: freebsd-dtrace@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "A discussion list for developers working on DTrace in FreeBSD." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2015 00:31:20 -0000 On 3 Sep 2015, at 13:20, alex.burlyga.ietf alex.burlyga.ietf wrote: > Wanted to show off dtrace to co-workers of mine and tried running > /usr/share/dtrace/nfsclienttime. I got an error and was not able to > run it. Patch bellow that fixes the issue on FreeBSD 10. > > Alex > > diff --git a/share/dtrace/nfsclienttime b/share/dtrace/nfsclienttime > index 335f067..e7764cf 100755 > --- a/share/dtrace/nfsclienttime > +++ b/share/dtrace/nfsclienttime > @@ -54,13 +54,13 @@ syscall:::entry > self->count = 0; > } > > -nfsclient:nfs3::start > +nfscl:nfs3::start > { > > self->timestamp = timestamp; > } > > -nfsclient:nfs3::done > +nfscl:nfs3::done > { > > self->count += (timestamp - self->timestamp); Thanks, I've applied the same fix to both nfsclienttime and nfsattrstats. Committed revision 287544. Best, George From owner-freebsd-dtrace@freebsd.org Fri Sep 11 01:43:25 2015 Return-Path: Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81695A01C82 for ; Fri, 11 Sep 2015 01:43:25 +0000 (UTC) (envelope-from rysto32@gmail.com) Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D88E1321 for ; Fri, 11 Sep 2015 01:43:25 +0000 (UTC) (envelope-from rysto32@gmail.com) Received: by igbkq10 with SMTP id kq10so30900091igb.0 for ; Thu, 10 Sep 2015 18:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=i3KRdSPKHob7nS+gQTdMmtU+CxZrVuy2KUSa2Ii/LsI=; b=dZdYfECpuTnxLPmPBSR/2f50owe2K39BWqheGQ1K2nrjdr7B7tYE/LTBCLR0+nrAgy Muyt6d+ByFfvTX0P3n3AQdbNoWS6aPL5fYck4sYiZC4xOcdbxNjvco8rjSfWPXHT7/n8 UmDlL3SDPCx6UP9exzyUQTxl4UXkIEe7L5hNCbgF/KPxLDRD8mGojuTrH9odp4EDRSF5 qHXAXeaIhfKA+ELsRDakZd3VWpB7wbjR3nQff6DVRiAaicb40o9jELo7/0jiD38sZg+L fbgYMnQRV2eWhuYP6jnWQ5Jlt666cdzeVlX0fS4J8DZQ7RZXkJDvd1zFP960cTHGQPtA A29Q== MIME-Version: 1.0 X-Received: by 10.50.66.232 with SMTP id i8mr11721121igt.34.1441935804618; Thu, 10 Sep 2015 18:43:24 -0700 (PDT) Received: by 10.107.178.67 with HTTP; Thu, 10 Sep 2015 18:43:24 -0700 (PDT) In-Reply-To: References: Date: Thu, 10 Sep 2015 21:43:24 -0400 Message-ID: Subject: Re: Dtrace in a jail From: Ryan Stone To: Ben Woods Cc: "freebsd-dtrace@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-dtrace@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "A discussion list for developers working on DTrace in FreeBSD." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2015 01:43:25 -0000 For testing purposes it would probably suffice to allow everything in /dev/dtrace/* to show up in devfs in the jail. In production this could be dangerous depending on what your use case. I believe that this would allow an untrusted root user within the jail to at least read arbitrary memory contents of the entire system (they might be able to write to arbitrary memory too, which would allow them to escape the jail). There's a good blog post by Bryan Cantril explaining the types of things that Illumos had to do to make DTrace both usable and secure from within a Solaris zone (as I understand it, this is comparable to a jail): http://dtrace.org/blogs/bmc/2012/06/07/dtrace-in-the-zone/ An interesting (but challenging!) DTrace-related project would be to port the DTrace permissions model over to FreeBSD to allow things like restricted use of DTrace by non-root users, or root users within a jail. On Tue, Sep 1, 2015 at 11:32 AM, Ben Woods wrote: > Hi everyone, > > I am just discovering dtrace, having heard about it a number of times but > never investigated further. I like what I see so far! > > Is there a way to use Dtrace to debug programs being run in a jail? > Attempting to run Dtrace from within the jail results in the following > error: > # dtrace -l > dtrace: failed to initialize dtrace: DTrace device not available on system > > I want to debug a program I am running in a jail which is crashing a few > seconds after being run. It doesn't crash in my FreeBSD 10.2 host, but does > in the FreeBSD 9.3 jail. > > Since I want to run Dtrace on the pid provider on my program, I want my > program to be executed by the Dtrace application. Something like: > > # dtrace -l -n 'pid$target::strcmp:entry{}' -c "./foo hello" > > > But this results in the same error about Dtrace device not being available > on the system (within the jail). > > If I instead run Dtrace and pass it the jexec command, I think it is > tracing the jexec program, rather than my program that is then being > executed within the jail. I.e. I don't think this works as expected: > > # dtrace -l -n 'pid$target::strcmp:entry{}' -c "jexec 1 foo hello" > > > Any hints on how I can trace this program running in the jail? > > Thanks, > Ben > > > -- > > -- > From: Benjamin Woods > woodsb02@gmail.com > _______________________________________________ > freebsd-dtrace@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace > To unsubscribe, send any mail to "freebsd-dtrace-unsubscribe@freebsd.org" > From owner-freebsd-dtrace@freebsd.org Fri Sep 11 04:54:51 2015 Return-Path: Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2DBBA01D22 for ; Fri, 11 Sep 2015 04:54:51 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9427918AB for ; Fri, 11 Sep 2015 04:54:51 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by padhk3 with SMTP id hk3so63543044pad.3 for ; Thu, 10 Sep 2015 21:54:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Xo0Z9vm1WvP5ghyDhh3bngtJPTRyFNG0Ul4ZipNYZ2g=; b=FHdmts22/D69yxIEahsuoVERXKfbqk5slxaA47IMMy3dLaSN9f5folK21pLJvimtxl 0/+wNHhl0V5O9Ugt5hpxnLlmMd8ZMHLqkRG8BxNpYznQ1exMNFZC58TWAV1mL3tsy9Av mvs+B8DAlEry650cnMyRjPKuXbQG1sn20xXB+N3yjdO/pg0KllirghQAUwM/i0xv9fS7 j8CY2VfsrOlMqk4h95L15WjaFXJlqDdV9cOUZpIsdc1/KO/ieVz0V8/XEMOXCa4aOHwp U6+o4eAxhWkBFffFHlunGwciENdNiXkWCDwGgGJ5+eQNhFJVgzJfRFX50uvEl7CM8TEB vWdw== X-Received: by 10.66.219.5 with SMTP id pk5mr81261058pac.111.1441947291059; Thu, 10 Sep 2015 21:54:51 -0700 (PDT) Received: from raichu ([104.232.114.184]) by smtp.gmail.com with ESMTPSA id jv5sm15070085pbc.47.2015.09.10.21.54.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Sep 2015 21:54:49 -0700 (PDT) Sender: Mark Johnston Date: Thu, 10 Sep 2015 21:54:46 -0700 From: Mark Johnston To: Ryan Stone Cc: Ben Woods , "freebsd-dtrace@freebsd.org" Subject: Re: Dtrace in a jail Message-ID: <20150911045446.GA55832@raichu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-dtrace@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "A discussion list for developers working on DTrace in FreeBSD." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2015 04:54:51 -0000 On Thu, Sep 10, 2015 at 09:43:24PM -0400, Ryan Stone wrote: > For testing purposes it would probably suffice to allow everything in > /dev/dtrace/* to show up in devfs in the jail. A copy of the kernel binary needs to be available too: the kernel's CTF section is not automatically mapped into memory during boot, but is loaded upon first use. CTF isn't strictly needed to use DTrace, though. > In production this could be > dangerous depending on what your use case. I believe that this would allow > an untrusted root user within the jail to at least read arbitrary memory > contents of the entire system (they might be able to write to arbitrary > memory too, which would allow them to escape the jail). It's definitely possible to modify user process memory, but I'm not sure about kernel memory. In particular, I'm not sure that one couldn't use DTrace within a jail to modify a process outside the jail, so enabling DTrace in a jail on anything other than test systems is not a good idea. > > > There's a good blog post by Bryan Cantril explaining the types of things > that Illumos had to do to make DTrace both usable and secure from within a > Solaris zone (as I understand it, this is comparable to a jail): > > http://dtrace.org/blogs/bmc/2012/06/07/dtrace-in-the-zone/ > > An interesting (but challenging!) DTrace-related project would be to port > the DTrace permissions model over to FreeBSD to allow things like > restricted use of DTrace by non-root users, or root users within a jail. > > > On Tue, Sep 1, 2015 at 11:32 AM, Ben Woods wrote: > > > Hi everyone, > > > > I am just discovering dtrace, having heard about it a number of times but > > never investigated further. I like what I see so far! > > > > Is there a way to use Dtrace to debug programs being run in a jail? > > Attempting to run Dtrace from within the jail results in the following > > error: > > # dtrace -l > > dtrace: failed to initialize dtrace: DTrace device not available on system > > > > I want to debug a program I am running in a jail which is crashing a few > > seconds after being run. It doesn't crash in my FreeBSD 10.2 host, but does > > in the FreeBSD 9.3 jail. > > > > Since I want to run Dtrace on the pid provider on my program, I want my > > program to be executed by the Dtrace application. Something like: > > > > # dtrace -l -n 'pid$target::strcmp:entry{}' -c "./foo hello" > > > > > > But this results in the same error about Dtrace device not being available > > on the system (within the jail). > > > > If I instead run Dtrace and pass it the jexec command, I think it is > > tracing the jexec program, rather than my program that is then being > > executed within the jail. I.e. I don't think this works as expected: > > > > # dtrace -l -n 'pid$target::strcmp:entry{}' -c "jexec 1 foo hello" > > > > > > Any hints on how I can trace this program running in the jail? > > > > Thanks, > > Ben > > > > > > -- > > > > -- > > From: Benjamin Woods > > woodsb02@gmail.com > > _______________________________________________ > > freebsd-dtrace@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace > > To unsubscribe, send any mail to "freebsd-dtrace-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-dtrace@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace > To unsubscribe, send any mail to "freebsd-dtrace-unsubscribe@freebsd.org" From owner-freebsd-dtrace@freebsd.org Fri Sep 11 08:33:03 2015 Return-Path: Delivered-To: freebsd-dtrace@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C767B9BFA13 for ; Fri, 11 Sep 2015 08:33:03 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id D8D0319A7; Fri, 11 Sep 2015 08:32:59 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua [212.40.38.100]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id LAA00800; Fri, 11 Sep 2015 11:32:55 +0300 (EEST) (envelope-from avg@FreeBSD.org) Received: from localhost ([127.0.0.1]) by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD)) id 1ZaJlP-000KLk-5z; Fri, 11 Sep 2015 11:32:55 +0300 Subject: Re: Dtrace in a jail To: "freebsd-dtrace@freebsd.org" References: <20150911045446.GA55832@raichu> From: Andriy Gapon X-Enigmail-Draft-Status: N1110 Message-ID: <55F29179.7030305@FreeBSD.org> Date: Fri, 11 Sep 2015 11:31:53 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150911045446.GA55832@raichu> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-dtrace@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "A discussion list for developers working on DTrace in FreeBSD." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2015 08:33:03 -0000 On 11/09/2015 07:54, Mark Johnston wrote: > A copy of the kernel binary needs to be available too: the kernel's CTF > section is not automatically mapped into memory during boot, but is > loaded upon first use. CTF isn't strictly needed to use DTrace, though. [Off-topic] Pity that we do not have /dev/ksyms that exposes the actual (in-memory) kernel layout as an ELF object. Also, it's a pity that our crashdump format does not provide for saving a kernel along a memory dump (esp. given that a size of the former << a size of the latter). -- Andriy Gapon