Re: [dtrace-discuss] syscall::open:entry predicate problem

Jonathan Adams Tue, 08 Dec 2009 10:08:43 -0800

On Tue, Dec 08, 2009 at 05:27:58PM +0100, Juhasz Balint wrote:
> Hy!
> 
> 
> I have a problem with my script:
> # cat process_ps.d
> #!/usr/sbin/dtrace -qs
> #pragma D option quiet
> 
> syscall::open:entry
> / (arg0 != NULL) && ( execname == "ps" ) && ( copyinstr(arg0) ==
> "/proc/1305/psinfo" ) /
> {
>         printf("%s:%s:%s:%s\t->\t%s (%d)\n", probeprov, probemod,
> probefunc, probename, copyinstr(arg0), strlen(copyinstr(arg0)));
> }
> 
> The output of this script:
> 
> # ./process_ps.d
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 1 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> syscall::open:entry     ->      /proc/1305/psinfo (17)
> ...


This is a classic userland data access issue;  if the memory holding the
string has not been touched by either the program or the kernel, it's not
possible to map it in from a dtrace probe.  The usual workaround is to delay
doing the copyin until after the kernel has read the string, typically by
using the return probe.  Your script would look like:

--- cut here ---
#!/usr/sbin/dtrace -s

dtrace:::BEGIN
{
        printf("Parameter(s):\t%s\n", $$1);
}

syscall::open:entry
/ arg0 != NULL &&  execname == "ps" /
{
        self->file = arg0;
}

syscall::open:return
/ self->file && copyinstr(self->file) == ("/proc/" + $$1 + "/psinfo") /
{
        printf("%s:%s:%s:%s\t->\t%s (%d)\n", probeprov, probemod,
            probefunc, probename, copyinstr(self->file),
            strlen(copyinstr(self->file)));
}

/* free the thread-local variable after we're done, or if the thread exits */
syscall::open:return, proc:::lwp-exit
/self->file/
{
        self->file = 0;
}
--- cut here ---

Make sense?

Cheers,
- jonathan

> 1. question:
> I doesn't understand why are there these "invalid address (0xff358000)
> in predicate at DIF offset 120" errors.
> 
> If i modify my script:
> # cat process_ps.d
> #!/usr/sbin/dtrace -qs
> #pragma D option quiet
> 
> BEGIN {
>         printf("Your parameter(s):\t%s\n", $$1);
>         self->pida = strjoin(strjoin("/proc/",$$1),"/psinfo");
>         printf("New variable(s):\t%s (%d)\n", self->pida, strlen(self->pida));
> }
> 
> syscall::open:entry
> / (arg0 != NULL) && ( execname == "ps" ) && ( copyinstr(arg0) == self->pida ) 
> /
> {
>         printf("%s:%s:%s:%s\t->\t%s (%d)\n", probeprov, probemod,
> probefunc, probename, copyinstr(arg0), strlen(copyinstr(arg0)));
> }
> 
> # ./process_ps.d 1305
> Your parameter(s):      1305
> New variable(s):        /proc/1305/psinfo (17)
> dtrace: error on enabled probe ID 2 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> dtrace: error on enabled probe ID 2 (ID 4538: syscall::open:entry):
> invalid address (0xff358000) in predicate at DIF offset 120
> ... and write nothing ...
> 
> 2. question
> I don't understand why it is happen, i think the error is in "(
> copyinstr(arg0) == self->pida )" but i think the syntax is ok.
> 
> Thanks a lot.
> 
> Br.:
> Cni
> _______________________________________________
> dtrace-discuss mailing list
> [email protected]
_______________________________________________
dtrace-discuss mailing list
[email protected]

Re: [dtrace-discuss] syscall::open:entry predicate problem

Reply via email to