Hi,
Have a question about one of the example I came across:
syscall::open*:entry
{
self->path = arg0;
}
syscall::open*:return
/self->path != NULL && (int)arg0 == -1 && errno == EACCES/
{
printf("UID %d perm denied to open %s\n", uid,
copyinstr(self->path));
self->path =0;
}
the reasoning for using copyinstr is to copy userland data to kernel space, but
the data is referenced in the predicate without using copyinstr (or is that
check for some pointer to the data)?
How to generally know if some piece of data lies in userland or not? Is the
understanding that data for pointers to all system calls lies in userland space?
Thanks
Ashok
This message posted from opensolaris.org
Ashok Nair wrote:> Hi, > > Have a question about one of the example I came across: > > syscall::open*:entry > { > self->path = arg0; > } > > syscall::open*:return > /self->path != NULL && (int)arg0 == -1 && errno == EACCES/ > { > printf("UID %d perm denied to open %s\n", uid, copyinstr(self->path)); > self->path =0; > } > > the reasoning for using copyinstr is to copy userland data to kernel space, but the data is referenced in the predicate without using copyinstr (or is that check for some pointer to the data)? >arg0 is a poiter to a char (string): const char *path. What you''re doing in predicate is asking if that pointer is NULL which is ok but if you want to acces data poited to by that arg you need to copy it to kerneland since dtrace runs in kernel.> How to generally know if some piece of data lies in userland or not? Is the understanding that data for pointers to all system calls lies in userland space? >Yes. You can access arguments but if the function you''re tracing is from a process (even syscalls) and you want to use the contents an argument which is a pointer you must copy it to kernel with copyin/copyinstr. Cheers, Gonzalo.> Thanks > Ashok > > > This message posted from opensolaris.org > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org
Ashok Nair wrote:> How to generally know if some piece of data lies in userland or not? Is the understanding that data for pointers to all system calls lies in userland space? > >You just need to think about the source of the data for the given probe. The arguments to a system call are coming from the user process, so yes, they will always be from a user process address space. On the other hand, arguments passed to "proc" probes are pointers to kernel data structures, so these pointers and data are already part of the kernel''s address space, and shouldn''t be run through copyin. Using DTrace is half understanding DTrace, and half understanding how Solaris works. Or if you start digging into fbt (function boundary trace) probes, that ratio might become more like 20:80. Bon appetit, Chip