Stéphane Payrard
2008-Aug-04 21:27 UTC
[dtrace-discuss] proc::postsig:signal-handle in leopard
disclaimer: I am a dtrace beginner. A common convention in Umix is that a process rereads its configuration files when sent a SIGHUP signal. So I thought smart to write a dtrace script (shown below) that prints the files opened by a process that receive any signal. I starts the said script, next I do a "sudo killall -1 httpd" and I get nothing except lines like : trace: error on enabled probe ID 2 (ID 17602: syscall::open:entry): invalid user access in predicate at DIF offset 4 dtrace: error on enabled probe ID 3 (ID 17603: syscall::open:return): invalid user access in predicate at DIF offset 4 I am using leopard. What am I doing wrong? #! /usr/sbin/dtrace -s proc::postsig:signal-handle { this->pid = pid; printf("%s with pid %d got a signal %d\n", execname, pid, arg0); } syscall::open:entry /this->pid == pid/ { this->file = copyinstr(arg0); } syscall::open:return /this->pid == pid/ { printf( "%s %s %d\n", execname, this->file, arg0); } -- cognominal stef
Jonathan Adams
2008-Aug-04 21:42 UTC
[dtrace-discuss] proc::postsig:signal-handle in leopard
On Mon, Aug 04, 2008 at 11:27:37PM +0200, St?phane Payrard wrote:> disclaimer: I am a dtrace beginner. > A common convention in Umix is that a process rereads its > configuration files when sent > a SIGHUP signal. So I thought smart to write a dtrace script (shown > below) that prints the files opened > by a process that receive any signal. I starts the said script, next > I do a "sudo killall -1 httpd" and I get nothing except lines like : > > trace: error on enabled probe ID 2 (ID 17602: syscall::open:entry): > invalid user access in predicate at DIF offset 4 > dtrace: error on enabled probe ID 3 (ID 17603: syscall::open:return): > invalid user access in predicate at DIF offset 4 > > I am using leopard. > What am I doing wrong?There are a couple basic issues with your code: 1. "this->" variables are only guaranteed to keep their values during a single firing (i.e. for any number of blocks with the *same* probe definition). For your purposes, either "self->" (thread-local" or global associative arrays make more sense. 2. The "postsig" part of proc::postsig:signal-handle is a private implementation detail, and should be removed; that way, your script will also work under Solaris. 3. copyin actions are only likely to succeed if they happen after a known user or kernel reading of the data; i.e. it''s better to do the copyinstr() in the *return* probe. Your original program:> #! /usr/sbin/dtrace -s > > proc::postsig:signal-handle { > this->pid = pid; > printf("%s with pid %d got a signal %d\n", execname, pid, arg0); > } > syscall::open:entry /this->pid == pid/ { this->file = copyinstr(arg0); } > syscall::open:return /this->pid == pid/ { printf( "%s %s %d\n", > execname, this->file, arg0); }How I''d do it: --- cut here --- #!/usr/sbin/dtrace -qs proc:::signal-handle { gotsignal[pid] = 1; printf("%s with pid %d got a signal %d\n", execname, pid, arg0); } syscall::open:entry /gotsignal[pid]/ { self->file = arg0; } syscall::open:return /self->file/ { printf("%s %s %d\n", execname, copyinstr(self->file), arg0); self->file = 0; } proc:::exit /gotsignal[pid]/ { gotsignal[pid] = 0; } --- cut here --- (the last part cleans up old state as processes exit) Cheers, - jonathan