From owner-svn-src-head@freebsd.org Fri Jan 22 07:19:32 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0987BA8DFF5; Fri, 22 Jan 2016 07:19:32 +0000 (UTC) (envelope-from dteske@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9CA931431; Fri, 22 Jan 2016 07:19:31 +0000 (UTC) (envelope-from dteske@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0M7JUfa062417; Fri, 22 Jan 2016 07:19:30 GMT (envelope-from dteske@FreeBSD.org) Received: (from dteske@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0M7JUjN062413; Fri, 22 Jan 2016 07:19:30 GMT (envelope-from dteske@FreeBSD.org) Message-Id: <201601220719.u0M7JUjN062413@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dteske set sender to dteske@FreeBSD.org using -f From: Devin Teske Date: Fri, 22 Jan 2016 07:19:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294548 - head/share/dtrace X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2016 07:19:32 -0000 Author: dteske Date: Fri Jan 22 07:19:30 2016 New Revision: 294548 URL: https://svnweb.freebsd.org/changeset/base/294548 Log: Add scripts for watching common entry points. MFC after: 3 days X-MFC-to: stable/10 Added: head/share/dtrace/watch_execve (contents, props changed) head/share/dtrace/watch_kill (contents, props changed) head/share/dtrace/watch_vop_remove (contents, props changed) Modified: head/share/dtrace/Makefile Modified: head/share/dtrace/Makefile ============================================================================== --- head/share/dtrace/Makefile Fri Jan 22 06:26:11 2016 (r294547) +++ head/share/dtrace/Makefile Fri Jan 22 07:19:30 2016 (r294548) @@ -22,7 +22,10 @@ SCRIPTS= blocking \ tcpconn \ tcpstate \ tcptrack \ - udptrack + udptrack \ + watch_execve \ + watch_kill \ + watch_vop_remove SCRIPTSDIR= ${SHAREDIR}/dtrace Added: head/share/dtrace/watch_execve ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/dtrace/watch_execve Fri Jan 22 07:19:30 2016 (r294548) @@ -0,0 +1,227 @@ +#!/usr/sbin/dtrace -s +/* - + * Copyright (c) 2014 Devin Teske + * All rights reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Title: dtrace(1) script to log process(es) entering vfs::vop_remove $ + * $FreeBSD$ + */ + +#pragma D option quiet +#pragma D option dynvarsize=16m +#pragma D option switchrate=10hz + +/*********************************************************/ + +syscall::execve:entry /* probe ID 1 */ +{ + this->caller_execname = execname; +} + +/*********************************************************/ + +syscall::execve:return /execname != this->caller_execname/ /* probe ID 2 */ +{ + /* + * Examine process, parent process, and grandparent process details + */ + + /******************* CURPROC *******************/ + + this->proc = curthread->td_proc; + this->pid0 = this->proc->p_pid; + this->uid0 = this->proc->p_ucred->cr_uid; + this->gid0 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc->p_args; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg0_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_4 = this->ar_length > 0 ? "..." : ""; + + /******************* PPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid1 = this->proc->p_pid; + this->uid1 = this->proc->p_ucred->cr_uid; + this->gid1 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg1_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_4 = this->ar_length > 0 ? "..." : ""; + + /******************* GPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid2 = this->proc->p_pid; + this->uid2 = this->proc->p_ucred->cr_uid; + this->gid2 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg2_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_4 = this->ar_length > 0 ? "..." : ""; + + /******************* APARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid3 = this->proc->p_pid; + this->uid3 = this->proc->p_ucred->cr_uid; + this->gid3 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg3_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_4 = this->ar_length > 0 ? "..." : ""; + + /***********************************************/ + + /* + * Print process, parent, and grandparent details + */ + + printf("%Y %s[%d]: ", timestamp + 1406598400000000000, + this->caller_execname, this->pid1); + printf("%s", this->arg0_0); + printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1); + printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2); + printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3); + printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4); + printf("\n"); + + printf(" -+= %05d %d.%d %s", + this->pid3, this->uid3, this->gid3, this->arg3_0); + printf("%s%s", this->arg3_1 != "" ? " " : "", this->arg3_1); + printf("%s%s", this->arg3_2 != "" ? " " : "", this->arg3_2); + printf("%s%s", this->arg3_3 != "" ? " " : "", this->arg3_3); + printf("%s%s", this->arg3_4 != "" ? " " : "", this->arg3_4); + printf("%s", this->arg3_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid2, this->uid2, this->gid2, this->arg2_0); + printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1); + printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2); + printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3); + printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4); + printf("%s", this->arg2_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid1, this->uid1, this->gid1, this->arg1_0); + printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1); + printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2); + printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3); + printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4); + printf("%s", this->arg1_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid0, this->uid0, this->gid0, this->arg0_0); + printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1); + printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2); + printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3); + printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4); + printf("%s", this->arg0_0 != "" ? "\n" : ""); +} Added: head/share/dtrace/watch_kill ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/dtrace/watch_kill Fri Jan 22 07:19:30 2016 (r294548) @@ -0,0 +1,233 @@ +#!/usr/sbin/dtrace -s +/* - + * Copyright (c) 2014-2015 Devin Teske + * All rights reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Title: dtrace(1) script to log process(es) entering syscall::kill $ + * $FreeBSD$ + */ + +#pragma D option quiet +#pragma D option dynvarsize=16m +#pragma D option switchrate=10hz + +/*********************************************************/ + +syscall::execve:entry /* probe ID 1 */ +{ + this->caller_execname = execname; +} + +/*********************************************************/ + +fbt::kill:entry /* probe ID 2 */ +{ + this->kill_args = (struct kill_args *)arg1; + this->pid_to_kill = this->kill_args->pid; + this->kill_signal = this->kill_args->signum; + + /* + * Examine process, parent process, and grandparent process details + */ + + /******************* CURPROC *******************/ + + this->proc = curthread->td_proc; + this->pid0 = this->proc->p_pid; + this->uid0 = this->proc->p_ucred->cr_uid; + this->gid0 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc->p_args; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg0_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_4 = this->ar_length > 0 ? "..." : ""; + + /******************* PPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid1 = this->proc->p_pid; + this->uid1 = this->proc->p_ucred->cr_uid; + this->gid1 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg1_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_4 = this->ar_length > 0 ? "..." : ""; + + /******************* GPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid2 = this->proc->p_pid; + this->uid2 = this->proc->p_ucred->cr_uid; + this->gid2 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg2_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_4 = this->ar_length > 0 ? "..." : ""; + + /******************* APARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid3 = this->proc->p_pid; + this->uid3 = this->proc->p_ucred->cr_uid; + this->gid3 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg3_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg3_4 = this->ar_length > 0 ? "..." : ""; + + /***********************************************/ + + /* + * Print process, parent, and grandparent details + */ + + printf("%Y %s[%d]: ", timestamp + 1406598400000000000, + this->caller_execname, this->pid1); + printf("%s", this->arg0_0); + printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1); + printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2); + printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3); + printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4); + printf(" (sending signal %u to pid %u)", + this->kill_signal, this->pid_to_kill); + printf("\n"); + + printf(" -+= %05d %d.%d %s", + this->pid3, this->uid3, this->gid3, this->arg3_0); + printf("%s%s", this->arg3_1 != "" ? " " : "", this->arg3_1); + printf("%s%s", this->arg3_2 != "" ? " " : "", this->arg3_2); + printf("%s%s", this->arg3_3 != "" ? " " : "", this->arg3_3); + printf("%s%s", this->arg3_4 != "" ? " " : "", this->arg3_4); + printf("%s", this->arg3_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid2, this->uid2, this->gid2, this->arg2_0); + printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1); + printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2); + printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3); + printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4); + printf("%s", this->arg2_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid1, this->uid1, this->gid1, this->arg1_0); + printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1); + printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2); + printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3); + printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4); + printf("%s", this->arg1_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid0, this->uid0, this->gid0, this->arg0_0); + printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1); + printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2); + printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3); + printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4); + printf("%s", this->arg0_0 != "" ? "\n" : ""); +} Added: head/share/dtrace/watch_vop_remove ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/dtrace/watch_vop_remove Fri Jan 22 07:19:30 2016 (r294548) @@ -0,0 +1,476 @@ +#!/usr/sbin/dtrace -s +/* - + * Copyright (c) 2014 Devin Teske + * All rights reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Title: dtrace(1) script to log process(es) entering vfs::vop_remove $ + * $FreeBSD$ + */ + +#pragma D option quiet +#pragma D option dynvarsize=16m +#pragma D option switchrate=10hz + +/*********************************************************/ + +vfs::vop_remove:entry /* probe ID 1 */ +{ + this->vp = (struct vnode *)arg0; + this->ncp = &(this->vp->v_cache_dst) != NULL ? + this->vp->v_cache_dst.tqh_first : 0; + this->fi_name = args[1] ? ( + args[1]->a_cnp != NULL ? + stringof(args[1]->a_cnp->cn_nameptr) : "" + ) : ""; + this->mount = this->vp->v_mount; /* ptr to vfs we are in */ + this->fi_fs = this->mount != 0 ? + stringof(this->mount->mnt_stat.f_fstypename) : ""; + this->fi_mount = this->mount != 0 ? + stringof(this->mount->mnt_stat.f_mntonname) : ""; + this->d_name = args[0]->v_cache_dd != NULL ? + stringof(args[0]->v_cache_dd->nc_name) : ""; +} + +vfs::vop_remove:entry /this->vp == 0 || this->fi_fs == 0 || + this->fi_fs == "devfs" || this->fi_fs == "" || + this->fi_name == ""/ /* probe ID 2 */ +{ + this->ncp = 0; +} + +/*********************************************************/ + +vfs::vop_remove:entry /this->ncp/ /* probe ID 3 (depth 1) */ +{ + this->dvp = this->ncp->nc_dvp != NULL ? ( + &(this->ncp->nc_dvp->v_cache_dst) != NULL ? + this->ncp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name1 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->name1 == 0 || this->fi_fs == 0 || + this->fi_fs == "devfs" || this->fi_fs == "" || + this->name1 == "/" || this->name1 == ""/ /* probe ID 4 */ +{ + this->dvp = 0; +} + +/*********************************************************/ + +/* + * BEGIN Pathname-depth iterators (copy/paste as many times as-desired) + */ + +vfs::vop_remove:entry /this->dvp/ /* probe ID 5 (depth 2) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name2 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 6 (depth 3) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name3 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 7 (depth 4) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name4 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 8 (depth 5) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name5 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 9 (depth 6) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name6 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 10 (depth 7) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name7 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 11 (depth 8) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name8 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 12 (depth 9) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name9 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 13 (depth 10) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name10 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 14 (depth 11) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name11 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 15 (depth 12) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name12 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 16 (depth 13) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name13 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 17 (depth 14) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name14 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 18 (depth 15) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name15 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 19 (depth 16) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name16 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 20 (depth 17) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name17 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 21 (depth 18) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name18 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 22 (depth 19) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name19 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +vfs::vop_remove:entry /this->dvp/ /* probe ID 23 (depth 20) */ +{ + this->dvp = this->dvp->nc_dvp != NULL ? ( + &(this->dvp->nc_dvp->v_cache_dst) != NULL ? + this->dvp->nc_dvp->v_cache_dst.tqh_first : 0 + ) : 0; + this->name20 = this->dvp != 0 ? ( + this->dvp->nc_name != 0 ? stringof(this->dvp->nc_name) : "" + ) : ""; +} + +/* + * END Pathname-depth iterators + */ + +/*********************************************************/ + +vfs::vop_remove:entry /this->fi_mount != 0/ /* probe ID 24 */ +{ + printf("%Y %s[%d]: ", timestamp + 1406598400000000000, execname, pid); + + /* + * Print full path of file to delete + * NB: Up-to but not including the parent directory (printed below) + */ + printf("%s%s", this->fi_mount, this->fi_mount != 0 ? ( + this->fi_mount == "/" ? "" : "/" + ) : "/"); + printf("%s%s", this->name = this->name20, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name19, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name18, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name17, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name16, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name15, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name14, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name13, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name12, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name11, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name10, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name9, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name8, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name7, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name6, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name5, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name4, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name3, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name2, this->name != "" ? "/" : ""); + printf("%s%s", this->name = this->name1, this->name != "" ? "/" : ""); + + /* Print the parent directory name */ + this->name = this->d_name != 0 ? this->d_name : ""; + printf("%s%s", this->name, this->name != "" ? "/" : ""); + + /* Print the entry name */ + this->name = this->fi_name != 0 ? this->fi_name : ""; + printf("%s", this->name); + + printf("\n"); + + /* + * Examine process, parent process, and grandparent process details + */ + + /******************* CURPROC *******************/ + + this->proc = curthread->td_proc; + this->pid0 = this->proc->p_pid; + this->uid0 = this->proc->p_ucred->cr_uid; + this->gid0 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc->p_args; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg0_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg0_4 = this->ar_length > 0 ? "..." : ""; + + /******************* PPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid1 = this->proc->p_pid; + this->uid1 = this->proc->p_ucred->cr_uid; + this->gid1 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg1_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg1_4 = this->ar_length > 0 ? "..." : ""; + + /******************* GPARENT *******************/ + + this->proc = this->proc->p_pptr; + this->pid2 = this->proc->p_pid; + this->uid2 = this->proc->p_ucred->cr_uid; + this->gid2 = this->proc->p_ucred->cr_rgid; + this->p_args = this->proc ? this->proc->p_args : 0; + this->ar_length = this->p_args ? this->p_args->ar_length : 0; + this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0); + + this->arg2_0 = this->ar_length > 0 ? + this->ar_args : stringof(this->proc->p_comm); + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_1 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_2 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_3 = this->ar_length > 0 ? this->ar_args : ""; + this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0; + this->ar_args += this->len; + this->ar_length -= this->len; + + this->arg2_4 = this->ar_length > 0 ? "..." : ""; + + /***********************************************/ + + /* + * Print process, parent, and grandparent details + */ + + printf(" -+= %05d %d.%d %s", + this->pid2, this->uid2, this->gid2, this->arg2_0); + printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1); + printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2); + printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3); + printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4); + printf("%s", this->arg2_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid1, this->uid1, this->gid1, this->arg1_0); + printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1); + printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2); + printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3); + printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4); + printf("%s", this->arg1_0 != "" ? "\n" : ""); + + printf(" \-+= %05d %d.%d %s", + this->pid0, this->uid0, this->gid0, this->arg0_0); + printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1); + printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2); + printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3); + printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4); + printf("%s", this->arg0_0 != "" ? "\n" : ""); +}