Date: Fri, 5 Dec 2014 13:46:45 -0800 From: <dteske@FreeBSD.org> To: "'Mark Johnston'" <markj@freebsd.org>, <dteske@FreeBSD.org> Cc: 'Julian Elischer' <julian@freebsd.org>, freebsd-dtrace@freebsd.org Subject: RE: DTrace script to trace processes entering vfs::vop_remove Message-ID: <060a01d010d4$f7a8f260$e6fad720$@FreeBSD.org> In-Reply-To: <20141205023439.GA8710@charmander.picturesperfect.net> References: <032e01d00f4f$98a04e20$c9e0ea60$@FreeBSD.org> <20141204004501.GB29167@charmander.picturesperfect.net> <03ed01d00f66$89db0ee0$9d912ca0$@FreeBSD.org> <20141204182232.GB81713@charmander.picturesperfect.net> <04f001d01004$abaefd30$030cf790$@FreeBSD.org> <20141205023439.GA8710@charmander.picturesperfect.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multipart message in MIME format. ------=_NextPart_000_060B_01D01091.E985B260 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit > -----Original Message----- > From: Mark Johnston [mailto:markjdb@gmail.com] On Behalf Of 'Mark > Johnston' > Sent: Thursday, December 4, 2014 6:35 PM > To: dteske@FreeBSD.org > Cc: freebsd-dtrace@freebsd.org; 'Julian Elischer' > Subject: Re: DTrace script to trace processes entering vfs::vop_remove > > On Thu, Dec 04, 2014 at 12:55:40PM -0800, dteske@FreeBSD.org wrote: > > > > > > > -----Original Message----- > > > From: Mark Johnston [mailto:markjdb@gmail.com] On Behalf Of 'Mark > > > Johnston' > > > Sent: Thursday, December 4, 2014 10:23 AM > > > To: dteske@FreeBSD.org > > > Cc: freebsd-dtrace@freebsd.org; 'Julian Elischer' > > > Subject: Re: DTrace script to trace processes entering vfs::vop_remove > > > > > > On Wed, Dec 03, 2014 at 06:03:45PM -0800, dteske@FreeBSD.org wrote: > > > > > > > > > > > > > -----Original Message----- > > > > > From: Mark Johnston [mailto:markjdb@gmail.com] On Behalf Of > Mark > > > > > Johnston > > > > > Sent: Wednesday, December 3, 2014 4:45 PM > > > > > To: dteske@FreeBSD.org > > > > > Cc: freebsd-dtrace@freebsd.org; 'Julian Elischer' > > > > > Subject: Re: DTrace script to trace processes entering > vfs::vop_remove > > > > > > > > > > On Wed, Dec 03, 2014 at 03:19:31PM -0800, dteske@FreeBSD.org > wrote: > > > > > > Hi markj, list, > > > > > > > > > > > > I wrote a script for $work to help me find out "who on Earth > > > > > > keeps deleting files XYZ?" from a particular storage server. > > > > > > > > > > > > Please find attached a copy of watch_vop_remove.d which > > > > > > has the following sample output: > > > > > > > > > > > > 2014 Dec 3 11:58:52 rm[75596]: /tmp/foo > > > > > > -+= 72846 0.0 -bash > > > > > > \-+= 75589 0.0 /bin/bash /usr/home/support/bash_script > > > > > > \-+= 75596 0.0 rm -f /tmp/foo > > > > > > > > > > > > The above sample output was displayed when executing the > following > > > shell > > > > > > script: > > > > > > > > > > > > #!/bin/bash > > > > > > touch /tmp/foo > > > > > > rm -f /tmp/foo > > > > > > > > > > > > The output format displayed for each vop_remove() call is as > > follows: > > > > > > > > > > > > DATE process[PID]: PATH_TO_DELETE > > > > > > -+= GPID UID.GID grandparent_process [arguments (up to 3)] > > > > > > \-+= PPID UID.GID parent_process [arguments (up to 3)] > > > > > > \-+= PID UID.GID process [arguments (up to 3)] > > > > > > > > > > This is neat. I just had a few comments: > > > > > - You can use walltimestamp when printing the date and time, instead > > of > > > > > timestamp + blah. > > > > > > > > I read that online as well, however: > > > > walltimestamp appears to _always_ be zero. > > > > > > Right, it wasn't working properly on 8.0. :( > > > > > > gnn committed a fix for that as r238537. > > > > > > > > > > > > > > > > - It's possible to get the full argv of the current process with > > > > > curpsinfo->pr_psargs. It can be done for other processes too; see > > > > > /usr/lib/dtrace/psinfo.d. (This might not be true depending on the > > > > > FreeBSD version you're on.) > > > > > > > > Thanks! I'll have a look. > > > > > > > > > - Running this script with a make -j4 buildkernel causes dtrace to run > > > > > out of dynamic variable space. > > > > > > > > > > > > > Any recommendation on how to fix that? > > > > > > > > #pragma D option dynvarsize=what_exactly? > > > > (16m causes a warning that it's lowering the dynamic variable memory) > > > > > > It looks like a leak - once I start seeing the errors, no file removals > > > are logged at all. Dynamic variables need to be set to 0 once they're > > > finished with in order to release the consumed memory. > > > > > > > Thanks! Should be fixed in the latest (attached) version > > (watch_vop_remove2.d). > > > > However, I read here: > > http://wikis.oracle.com/display/DTrace/Variables > > > > Quote: Always assign zero to associative array elements that are no longer > > in use. > > > > And I read some more about the different variable types in DTrace: > > http://dtrace.org/blogs/brendan/2011/11/25/dtrace-variable-types/ > > > > It would appear that I've solved the issue by getting rid of associative > > arrays. > > > > Can you give the latest (attached) a try? > > Yup, it appears to fix the issue for me. Thanks! > Thanks! Success-aside, I was still noticing a lingering issue (fixed in the attached most-recent "watch_vop_remove3.d"). On "all night" runs, watching a tight-[infinite-]loop of "touch /tmp/foo; rm -f /tmp/foo", I was noticing this: dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa42ea00) in action #71 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa8aea00) in action #110 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa602a00) in action #93 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa6daa00) in action #60 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa7dfa00) in action #85 at DIF: offset 52 [snip 215 lines] dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa42ea00) in action #96 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa8aea00) in action #135 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa47fa00) in action #85 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa8dba00) in action #110 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa641a00) in action #85 at DIF: offset 52 dtrace: error on enabled probe ID 24 (ID 36603: vfs:vop:vop_remove:entry): invalid address (0xffffff80aa3efa00) in action #110 at DIF: offset 52 [more lines snipped] I read-up some more on the difference between variables and the costs associated with them (specific to FreeBSD; specifically that globals may have some locking issues and should be avoided). I made a new version of the script that changes all the variables to the clause-local syntax (this->), and that fixed the issue (no more spurious errors about invalid addresses). Please find attached latest watch_vop_remove3.d, potential candidate for commit to /usr/share/dtrace/. -- Cheers, Devin ------=_NextPart_000_060B_01D01091.E985B260 Content-Type: application/octet-stream; name="watch_vop_remove3.d" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="watch_vop_remove3.d" #!/usr/sbin/dtrace -s=0A= /* -=0A= * Copyright (c) 2014 Devin Teske <dteske@FreeBSD.org>=0A= * All rights reserved.=0A= * Redistribution and use in source and binary forms, with or without=0A= * modification, are permitted provided that the following conditions=0A= * are met:=0A= * 1. Redistributions of source code must retain the above copyright=0A= * notice, this list of conditions and the following disclaimer.=0A= * 2. Redistributions in binary form must reproduce the above copyright=0A= * notice, this list of conditions and the following disclaimer in the=0A= * documentation and/or other materials provided with the = distribution.=0A= * =0A= * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND=0A= * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE=0A= * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = PURPOSE=0A= * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE = LIABLE=0A= * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR = CONSEQUENTIAL=0A= * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE = GOODS=0A= * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)=0A= * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, = STRICT=0A= * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY = WAY=0A= * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF=0A= * SUCH DAMAGE.=0A= *=0A= * $Title: dtrace(1) script to log process(es) entering vfs::vop_remove $=0A= */=0A= =0A= #pragma D option quiet=0A= #pragma D option dynvarsize=3D16m=0A= #pragma D option switchrate=3D10hz=0A= =0A= /*********************************************************/=0A= =0A= vfs::vop_remove:entry /* probe ID 1 */=0A= {=0A= this->vp =3D (struct vnode *)arg0;=0A= this->ncp =3D &(this->vp->v_cache_dst) !=3D NULL ?=0A= this->vp->v_cache_dst.tqh_first : 0;=0A= this->fi_name =3D args[1] ? (=0A= args[1]->a_cnp !=3D NULL ?=0A= stringof(args[1]->a_cnp->cn_nameptr) : ""=0A= ) : "";=0A= this->mount =3D this->vp->v_mount; /* ptr to vfs we are in */=0A= this->fi_fs =3D this->mount !=3D 0 ?=0A= stringof(this->mount->mnt_stat.f_fstypename) : "";=0A= this->fi_mount =3D this->mount !=3D 0 ?=0A= stringof(this->mount->mnt_stat.f_mntonname) : "";=0A= this->d_name =3D args[0]->v_cache_dd !=3D NULL ?=0A= stringof(args[0]->v_cache_dd->nc_name) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->vp =3D=3D 0 || this->fi_fs =3D=3D 0 ||=0A= this->fi_fs =3D=3D "devfs" || this->fi_fs =3D=3D "" ||=0A= this->fi_name =3D=3D ""/ /* probe ID 2 */=0A= {=0A= this->ncp =3D 0;=0A= }=0A= =0A= /*********************************************************/=0A= =0A= vfs::vop_remove:entry /this->ncp/ /* probe ID 3 (depth 1) */=0A= {=0A= this->dvp =3D this->ncp->nc_dvp !=3D NULL ? (=0A= &(this->ncp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->ncp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name1 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->name1 =3D=3D 0 || this->fi_fs =3D=3D 0 ||=0A= this->fi_fs =3D=3D "devfs" || this->fi_fs =3D=3D "" ||=0A= this->name1 =3D=3D "/" || this->name1 =3D=3D ""/ /* probe ID 4 */=0A= {=0A= this->dvp =3D 0;=0A= }=0A= =0A= /*********************************************************/=0A= =0A= /*=0A= * BEGIN Pathname-depth iterators (copy/paste as many times as-desired)=0A= */=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 5 (depth 2) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name2 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 6 (depth 3) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name3 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 7 (depth 4) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name4 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 8 (depth 5) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name5 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 9 (depth 6) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name6 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 10 (depth 7) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name7 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 11 (depth 8) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name8 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 12 (depth 9) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name9 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 13 (depth 10) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name10 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 14 (depth 11) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name11 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 15 (depth 12) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name12 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 16 (depth 13) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name13 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 17 (depth 14) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name14 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 18 (depth 15) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name15 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 19 (depth 16) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name16 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 20 (depth 17) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name17 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 21 (depth 18) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name18 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 22 (depth 19) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name19 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= vfs::vop_remove:entry /this->dvp/ /* probe ID 23 (depth 20) */=0A= {=0A= this->dvp =3D this->dvp->nc_dvp !=3D NULL ? (=0A= &(this->dvp->nc_dvp->v_cache_dst) !=3D NULL ?=0A= this->dvp->nc_dvp->v_cache_dst.tqh_first : 0=0A= ) : 0;=0A= this->name20 =3D this->dvp !=3D 0 ? (=0A= this->dvp->nc_name !=3D 0 ? stringof(this->dvp->nc_name) : ""=0A= ) : "";=0A= }=0A= =0A= /*=0A= * END Pathname-depth iterators=0A= */=0A= =0A= /*********************************************************/=0A= =0A= vfs::vop_remove:entry /this->fi_mount !=3D 0/ /* probe ID 24 */=0A= {=0A= printf("%Y %s[%d]: ", timestamp + 1406598400000000000, execname, pid);=0A= =0A= /*=0A= * Print full path of file to delete=0A= * NB: Up-to but not including the parent directory (printed below)=0A= */=0A= printf("%s%s", this->fi_mount, this->fi_mount !=3D 0 ? (=0A= this->fi_mount =3D=3D "/" ? "" : "/"=0A= ) : "/");=0A= printf("%s%s", this->name =3D this->name20, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name19, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name18, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name17, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name16, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name15, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name14, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name13, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name12, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name11, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name10, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name9, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name8, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name7, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name6, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name5, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name4, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name3, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name2, this->name !=3D "" ? "/" : = "");=0A= printf("%s%s", this->name =3D this->name1, this->name !=3D "" ? "/" : = "");=0A= =0A= /* Print the parent directory name */=0A= this->name =3D this->d_name !=3D 0 ? this->d_name : "";=0A= printf("%s%s", this->name, this->name !=3D "" ? "/" : "");=0A= =0A= /* Print the entry name */=0A= this->name =3D this->fi_name !=3D 0 ? this->fi_name : "";=0A= printf("%s", this->name);=0A= =0A= printf("\n");=0A= =0A= /*=0A= * Examine process, parent process, and grandparent process details=0A= */=0A= =0A= /******************* CURPROC *******************/=0A= =0A= this->proc =3D curthread->td_proc;=0A= this->pid0 =3D this->proc->p_pid;=0A= this->uid0 =3D this->proc->p_ucred->cr_uid;=0A= this->gid0 =3D this->proc->p_ucred->cr_rgid;=0A= this->p_args =3D this->proc->p_args;=0A= this->ar_length =3D this->p_args ? this->p_args->ar_length : 0;=0A= this->ar_args =3D (char *)(this->p_args ? this->p_args->ar_args : 0);=0A= =0A= this->arg0_0 =3D this->ar_length > 0 ?=0A= this->ar_args : stringof(this->proc->p_comm);=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg0_1 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg0_2 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg0_3 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg0_4 =3D this->ar_length > 0 ? "..." : "";=0A= =0A= /******************* PPARENT *******************/=0A= =0A= this->proc =3D this->proc->p_pptr;=0A= this->pid1 =3D this->proc->p_pid;=0A= this->uid1 =3D this->proc->p_ucred->cr_uid;=0A= this->gid1 =3D this->proc->p_ucred->cr_rgid;=0A= this->p_args =3D this->proc ? this->proc->p_args : 0;=0A= this->ar_length =3D this->p_args ? this->p_args->ar_length : 0;=0A= this->ar_args =3D (char *)(this->p_args ? this->p_args->ar_args : 0);=0A= =0A= this->arg1_0 =3D this->ar_length > 0 ?=0A= this->ar_args : stringof(this->proc->p_comm);=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg1_1 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg1_2 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg1_3 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg1_4 =3D this->ar_length > 0 ? "..." : "";=0A= =0A= /******************* GPARENT *******************/=0A= =0A= this->proc =3D this->proc->p_pptr;=0A= this->pid2 =3D this->proc->p_pid;=0A= this->uid2 =3D this->proc->p_ucred->cr_uid;=0A= this->gid2 =3D this->proc->p_ucred->cr_rgid;=0A= this->p_args =3D this->proc ? this->proc->p_args : 0;=0A= this->ar_length =3D this->p_args ? this->p_args->ar_length : 0;=0A= this->ar_args =3D (char *)(this->p_args ? this->p_args->ar_args : 0);=0A= =0A= this->arg2_0 =3D this->ar_length > 0 ?=0A= this->ar_args : stringof(this->proc->p_comm);=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg2_1 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg2_2 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg2_3 =3D this->ar_length > 0 ? this->ar_args : "";=0A= this->len =3D this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;=0A= this->ar_args +=3D this->len;=0A= this->ar_length -=3D this->len;=0A= =0A= this->arg2_4 =3D this->ar_length > 0 ? "..." : "";=0A= =0A= /***********************************************/=0A= =0A= /*=0A= * Print process, parent, and grandparent details=0A= */=0A= =0A= printf(" -+=3D %05d %d.%d %s",=0A= this->pid2, this->uid2, this->gid2, this->arg2_0);=0A= printf("%s%s", this->arg2_1 !=3D "" ? " " : "", this->arg2_1);=0A= printf("%s%s", this->arg2_2 !=3D "" ? " " : "", this->arg2_2);=0A= printf("%s%s", this->arg2_3 !=3D "" ? " " : "", this->arg2_3);=0A= printf("%s%s", this->arg2_4 !=3D "" ? " " : "", this->arg2_4);=0A= printf("%s", this->arg2_0 !=3D "" ? "\n" : "");=0A= =0A= printf(" \-+=3D %05d %d.%d %s",=0A= this->pid1, this->uid1, this->gid1, this->arg1_0);=0A= printf("%s%s", this->arg1_1 !=3D "" ? " " : "", this->arg1_1);=0A= printf("%s%s", this->arg1_2 !=3D "" ? " " : "", this->arg1_2);=0A= printf("%s%s", this->arg1_3 !=3D "" ? " " : "", this->arg1_3);=0A= printf("%s%s", this->arg1_4 !=3D "" ? " " : "", this->arg1_4);=0A= printf("%s", this->arg1_0 !=3D "" ? "\n" : "");=0A= =0A= printf(" \-+=3D %05d %d.%d %s",=0A= this->pid0, this->uid0, this->gid0, this->arg0_0);=0A= printf("%s%s", this->arg0_1 !=3D "" ? " " : "", this->arg0_1);=0A= printf("%s%s", this->arg0_2 !=3D "" ? " " : "", this->arg0_2);=0A= printf("%s%s", this->arg0_3 !=3D "" ? " " : "", this->arg0_3);=0A= printf("%s%s", this->arg0_4 !=3D "" ? " " : "", this->arg0_4);=0A= printf("%s", this->arg0_0 !=3D "" ? "\n" : "");=0A= }=0A= ------=_NextPart_000_060B_01D01091.E985B260--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?060a01d010d4$f7a8f260$e6fad720$>