On Tue, Jan 26, 2016 at 11:43:12AM +0800, STEVE wrote:
> Hello James,
>
> so the ported version of dtrace in OS X 10.11.2 does support probing entry
> and return of unmount() system call.
>
> bash-3.2# dtrace -l -f syscall::\*mount\*
>
> ID PROVIDER MODULE FUNCTION NAME
> 459 syscall unmount entry
> 460 syscall unmount return
> 475 syscall mount entry
> 476 syscall mount return
> 989 syscall __mac_mount entry
> 990 syscall __mac_mount return
> 991 syscall __mac_get_mount entry
> 992 syscall __mac_get_mount return
> bash-3.2#
>
> It is the same for stack() either. The executable is /sbin/umount. I ran that
> dtrace one-liner, then go to terminal and run the umount command and that
> error message immediately occurred.
>
> I'm not a developer so I will try to understand your comments regarding using
> stop() to halt umount and check it through a debugger. Thank your the help
> anyway. In you have anything else to add, please feel free to do so.
The basic problem is that ustack() only works if the dtrace process can find
the user process and do symbol resolution, but it won't do that until it
pulls the recorded data out of the kernel and processes it (which might be up
to a second after the unmount event) A typical workaround is to either
run the command under dtrace (dtrace -n '...' -c 'program to run'), where
dtrace will catch the exit of the process and make sure it's finished,
or stop()ing the process in the probe (causing a debugging stop), and using
system() to get it running again (on Solaris, system("prun %d", pid);). I'm
not sure how stop() is implemented on MacOS X, so I don't know the proper
way to restart things.
Cheers,
- jonathan
> - Steve
>
> ------------------ Original ------------------
> From: "James Carlson";<[email protected]>;
> Date: Mon, Jan 25, 2016 09:22 PM
> To: "STEVE"<[email protected]>; "Nan Xiao"<[email protected]>;
> "dtrace-discuss"<[email protected]>;
>
> Subject: Re: [dtrace-discuss] ??? [dtrace-discuss] syscall::unmount: doesn't
> work in OS X 10.11.2
>
>
>
> On 01/25/16 00:18, STEVE wrote:
> > Hi Nan Xiao,
> >
> > Yes, it is unmount. Please see the man page below. I tried to run
> > unmount and dtrace both under root, same issue.
>
> Just a nit, but the section 2 man page doesn't document the syscall
> interface. It documents the libc ABI. The two are different, and you
> can't always trust that one matches the other. A better place to look
> for supported syscall provider interfaces is here:
>
> dtrace -l -f syscall::\*mount\*
>
> or, if you prefer:
>
> dtrace -l -P syscall | grep mount
>
> At a guess, the problem is that the executable invoking unmount() itself
> was gone by the time the user-level dtrace got the information from the
> kernel.*
>
> Since it seems you're looking for the user-level stack, I suggest
> enabling destructive actions and using stop() to halt the user process.
> It can then be examined with a debugger.
>
> --
> James Carlson 42.703N 71.076W <[email protected]>
>
-------------------------------------------
dtrace-discuss
Archives: https://www.listbox.com/member/archive/184261/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184261/25769126-e243886f
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769126&id_secret=25769126-8d47a7b2
Powered by Listbox: http://www.listbox.com
