#systemtap on 2017-12-29 — irc logs at freenode.irclog.whitequark.org

2015-11-12 23:18 fche changed the topic of #systemtap to: http://sourceware.org/systemtap; email systemtap@sourceware.org if answers here not timely, conversations may be logged

00:23 orivej has quit [Ping timeout: 252 seconds]

01:53 hpt has joined #systemtap

04:22 orivej has joined #systemtap

05:49 _whitelogger has joined #systemtap

06:43 nkambo has joined #systemtap

08:33 gila has joined #systemtap

08:54 sanoj has joined #systemtap

09:12 MaartenK has joined #systemtap

09:12 <MaartenK> hi all

09:13 <MaartenK> is it possible to use systemtap to modify the output of getdents for a single user and a single process?

09:31 hpt has quit [Quit: Lost terminal]

09:54 gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]

09:55 sanoj has quit [Ping timeout: 246 seconds]

09:59 gila has joined #systemtap

11:32 orivej has quit [Ping timeout: 268 seconds]

11:44 <MaartenK> hmm, getting closer

11:44 <MaartenK> I have this simple handler now:

11:44 <MaartenK> probe syscall.getdents {

11:44 <MaartenK> if (execname() == "ls") {

11:44 <MaartenK> }

11:44 <MaartenK> printf("%s\n", d_name(dirp_uaddr));

11:44 <MaartenK> }

11:44 <MaartenK> and I would like to get the directory name

11:45 <MaartenK> but I am getting a "ERROR: kernel string copy fault

11:45 <MaartenK> "

11:45 <MaartenK> can anyone point me in the right direction?

11:45 <MaartenK> i would like to get the path of the directlry (like "/something" on which the getdents call is performed

11:48 <MaartenK> within the source code I see that dirp_uaddr is defined as $dirent, so I expect that the d_name call should return what I need

11:50 <MaartenK> but it does not...

13:19 gila has quit [Quit: My Mac Pro has gone to sleep. ZZZzzz…]

13:29 nkambo has quit [Ping timeout: 240 seconds]

13:45 orivej has joined #systemtap

13:47 <fche> d_name is for use on kernel-memory-resident dirent structures; these are syscalls passing user-space copies

13:47 <fche> ^Maa

13:47 <fche> ^MaartenK

13:47 <fche> Pretty-printing $dirp$$ might work just to see what's inside

13:48 <fche> you may be able to modify contents with set_user_* (& $dirp->field) kindof thing

13:48 <fche> or trap readdir(3) in glibc with user-space probes; then there's only one address space to worry about

13:54 orivej has quit [Ping timeout: 248 seconds]

14:06 <MaartenK> fche: cool, thanks :)

14:06 <MaartenK> I got the path by running fullpath_struct_file(task_current(), task_fd_lookup(task_current(), fd) now

14:06 <MaartenK> but it feels a little bit dirty :)

14:56 <fche> that's a good way too

14:57 <fche> a feeling of dirtiness is natural when one's performing live vivisection on running software

14:57 <MaartenK> fair point

15:00 <MaartenK> just one more question regarding the set_user_* command, I am trying to update the d_ino long in the dirent struct like this: set_user_long(&(direnttofix["pointer"]->d_ino), 4);

15:00 <MaartenK> where direnttofix["pointer"] ccntains the pointer to the struct

15:01 <MaartenK> which results in the following error:

15:01 <MaartenK> semantic error: unknown type in dereference: operator '&' at fixlicenses.stp:12:17

15:01 <MaartenK> source: set_user_long(&(direnttofix["pointer"]->d_ino), 4);

15:01 <MaartenK> am I missing something there?

15:02 <fche> you'd have to @cast() that pointer to a struct*

15:02 <fche> ie @cast(direnttofix[tid() or whatever], "dirent") -> d_ino

15:07 <MaartenK> ok, so the end result should be this: set_user_long((@cast(direnttofix["pointer"], "linux_dirent")->d_ino), 4); ?

15:15 <MaartenK> hmm, that actually runs, but gives me an ERROR: user long copy fault at 0x0000000000060001

15:15 <MaartenK> when the call is made

15:26 <fche> that tells me the direnttofix[...] value was not right?

15:26 <fche> what is the value of that direnttofix["pointer"] expression?

15:28 <MaartenK> running it now, at this moment the value is 11500176

15:28 <fche> where did the value come from? that too looks kind of low for a normal heap or stack address

15:28 <MaartenK> i created it with the following line direnttofix["pointer"] = pointer_arg(2);

15:29 <MaartenK> where the second argument is the linux_dirent struct of the getdents call (see https://linux.die.net/man/2/getdents64)

15:33 <fche> that looks ok, but you may need asmlinkage()

15:33 <fche> and at the site where you -read- direnttofix["pointer"], you may need to check that a value has been set

15:34 <fche> since reading a variable such as an array slot that wasn't set results in a zero in systemtap

15:34 <fche> btw why direnttofix["pointer"] vs. a plain scalar direnttofix?

15:34 <fche> or indexed by tid(), in case of multiple threads doing this concurrently?

15:35 <MaartenK> that makes more sense, fixing that

15:38 <MaartenK> i see that the value returned by pointer_arg(2) is actually identical to dirp_uaddr, avariable made available by syscall.getdents

15:38 <fche> yup

15:38 <fche> that's on purpose - we try to make the parameters accessible with a more human name

15:39 <MaartenK> that is indeed much easier to read

15:39 <MaartenK> I guess I can skip the asmlinkage part in that case, as I am no longer using pointer_arg

15:41 <fche> yup

15:43 <MaartenK> hmm, this is weird

15:44 <MaartenK> my ls -i is showing / to have an inode value of 2, however, this line: printf("%i\n", @cast(direnttofix[tid()], "linux_dirent")->d_ino); gives me a value of 393217

15:44 <MaartenK> I would have expected those to be the same

15:45 <fche> could try printf($cast(direnttofix[tid()],"linux_dirent")$) to pretty-print the lot just to see

15:47 <MaartenK> parse error: expected literal string

15:47 <MaartenK> saw: identifier '$cast' at fixlicenses.stp:13:10

15:47 <MaartenK> source: printf($cast(direnttofix[tid()],"linux_dirent")$)

15:47 <fche> sorry $ @cast(...)

15:48 <fche> and a $ at the end

15:48 <fche> or ... geez I should try things before I say ... try @cast(foo) $

15:49 <MaartenK> don't worry, I appreciate your help and time

15:50 <MaartenK> hmm, that is not working either

15:50 <MaartenK> parse error: expected literal string

15:50 <MaartenK> saw: operator '@cast' at fixlicenses.stp:13:10

15:50 <MaartenK> source: printf(@cast(direnttofix[tid()],"linux_dirent")$)

15:50 <MaartenK> not sure if it matters, but I am running version systemtap-3.1-4.el7_4.x86_64

15:50 <fche> printf("%s", @cast(....)$ )

15:51 <fche> heh, operating on holiday vapours

15:51 <fche> it's as though there's a lot less oxygen around here

15:52 <MaartenK> I am getting {.d_ino=393217, .d_off=480086981411533459, .d_reclen=24, .d_name=[...]} as output now

15:53 <fche> that doesn't look entirely wrong, but not entirely right either :)

15:53 <fche> if you add another $ after the first $, you'll probably get d_name printed too

15:54 <MaartenK> {.d_ino=393217, .d_off=480086981411533459, .d_reclen=24, .d_name="home"}

15:54 <MaartenK> *blink*

15:55 <fche> progress of a sort!

15:55 <MaartenK> \o/

15:56 <MaartenK> even thoug I am more confused now, as the output for d_name should not be "home" and the inode on which home resides is also 2

15:58 <fche> try /bin/stat / /home

15:58 <fche> compare

15:59 <MaartenK> they are both indicating inode 2 as location (which makes sense as / and /home are both lvm partitions)

15:59 <MaartenK> File: ‘/’

15:59 <MaartenK> Size: 4096 Blocks: 8 IO Block: 4096 directory

15:59 <MaartenK> Device: fd00h/64768d Inode: 2 Links: 21

16:00 <MaartenK> and

16:00 <MaartenK> File: ‘/home’

16:00 <MaartenK> Size: 4096 Blocks: 8 IO Block: 4096 directory

16:00 <MaartenK> Device: fd04h/64772d Inode: 2 Links: 14

16:21 <MaartenK> I am going home, it is 17:20 and even though I am not that much away from sea level the amount of oxygen in my brain seems to be way to low

16:21 <fche> haha ditto

16:21 <MaartenK> fche: thank you once more for your time and input

16:21 <fche> good evening!

16:21 <fche> my pleasure

16:55 orivej has joined #systemtap

18:18 orivej has quit [Ping timeout: 255 seconds]

20:53 orivej has joined #systemtap

22:44 tonyj has quit [Remote host closed the connection]

23:06 fche has quit [Quit: Leaving]