Re: DTrace panic while probing syscall::open (and possibly many others)

From: Wesley Shields <wxs_at_FreeBSD.org>
Date: Wed, 20 May 2009 21:56:13 -0400
On Wed, May 20, 2009 at 02:00:49PM +0200, Thomas Backman wrote:
> 
> On May 19, 2009, at 10:49 PM, Wesley Shields wrote:
> > I just noticed this but shouldn't you be using copyinstr() on the  
> > first
> > probe. It should look something like this:
> >
> > syscall::open:entry
> > {
> > 		self->path = copyinstr(arg0);
> > }
> >
> > syscall::open:return
> > / self->path /
> > {
> > 		printf("%s\n", self->path);
> > }
> >
> > This still doesn't solve the problem of copyinstr() causing a crash
> > though.
> 
> I don't remember why, but I do remember that it was said (in older  
> versions) in the Solaris DTrace guide to always copy in variables  
> after the function return, not quite sure why (Possibly because they  
> could be undefined in :::entry?). Brendan Gregg, who wrote the DTrace  
> Toolkit, does this, anyway (see the opensnoop.d script). Sun liked his  
> work so much that they hired him. :-)

It's still mentioned in the guide (page 346, "Avoiding Errors"). The
reason is the one I mentioned (the argument being copied in has to be in
a page that is faulted-in). It's quite possible that on entry into the
syscall that page is not yet faulted in.

-- WXS
Received on Wed May 20 2009 - 23:56:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:48 UTC