d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

filemon: Trace fork via process_fork event.

Browse Source 
This avoids needing ugly hooks and needing both a vfork and fork
handler.

MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
Bryan Drewery 2016-01-28 01:17:55 +00:00
parent 79d699139b
commit 2f6009620f
1 changed files with 14 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
sys/dev/filemon/filemon_wrapper.c
View File

@ -45,20 +45,19 @@ __FBSDID("$FreeBSD$");
9-CURRENT September 10th-16th. */
#define sys_chdir chdir
#define sys_execve execve
#define sys_fork fork
#define sys_link link
#define sys_open open
#define sys_rename rename
#define sys_stat stat
#define sys_symlink symlink
#define sys_unlink unlink
#define sys_vfork vfork
#ifdef FILEMON_HAS_LINKAT
#define sys_linkat linkat
#endif
#endif /* __FreeBSD_version */
static eventhandler_tag filemon_exit_tag;
static eventhandler_tag filemon_fork_tag;
static void
filemon_output(struct filemon *filemon, char *msg, size_t len)
@ -195,29 +194,6 @@ filemon_wrapper_freebsd32_execve(struct thread *td,
}
#endif
static int
filemon_wrapper_fork(struct thread *td, struct fork_args *uap)
{
int ret;
size_t len;
struct filemon *filemon;
if ((ret = sys_fork(td, uap)) == 0) {
if ((filemon = filemon_pid_check(curproc)) != NULL) {
len = snprintf(filemon->msgbufr,
sizeof(filemon->msgbufr), "F %d %ld\n",
curproc->p_pid, (long)curthread->td_retval[0]);
filemon_output(filemon, filemon->msgbufr, len);
/* Unlock the found filemon structure. */
filemon_filemon_unlock(filemon);
}
}
return (ret);
}
static int
filemon_wrapper_open(struct thread *td, struct open_args *uap)
{
@ -545,27 +521,23 @@ filemon_wrapper_unlink(struct thread *td, struct unlink_args *uap)
return (ret);
}
static int
filemon_wrapper_vfork(struct thread *td, struct vfork_args *uap)
static void
filemon_event_process_fork(void *arg __unused, struct proc *p1,
struct proc *p2, int flags)
{
int ret;
size_t len;
struct filemon *filemon;
if ((ret = sys_vfork(td, uap)) == 0) {
if ((filemon = filemon_pid_check(curproc)) != NULL) {
len = snprintf(filemon->msgbufr,
sizeof(filemon->msgbufr), "F %d %ld\n",
curproc->p_pid, (long)curthread->td_retval[0]);
if ((filemon = filemon_pid_check(p1)) != NULL) {
len = snprintf(filemon->msgbufr,
sizeof(filemon->msgbufr), "F %d %d\n",
p1->p_pid, p2->p_pid);
filemon_output(filemon, filemon->msgbufr, len);
filemon_output(filemon, filemon->msgbufr, len);
/* Unlock the found filemon structure. */
filemon_filemon_unlock(filemon);
}
/* Unlock the found filemon structure. */
filemon_filemon_unlock(filemon);
}
return (ret);
}
static void
@ -579,13 +551,11 @@ filemon_wrapper_install(void)
sv_table[SYS_chdir].sy_call = (sy_call_t *) filemon_wrapper_chdir;
sv_table[SYS_execve].sy_call = (sy_call_t *) filemon_wrapper_execve;
sv_table[SYS_fork].sy_call = (sy_call_t *) filemon_wrapper_fork;
sv_table[SYS_open].sy_call = (sy_call_t *) filemon_wrapper_open;
sv_table[SYS_openat].sy_call = (sy_call_t *) filemon_wrapper_openat;
sv_table[SYS_rename].sy_call = (sy_call_t *) filemon_wrapper_rename;
sv_table[SYS_stat].sy_call = (sy_call_t *) filemon_wrapper_stat;
sv_table[SYS_unlink].sy_call = (sy_call_t *) filemon_wrapper_unlink;
sv_table[SYS_vfork].sy_call = (sy_call_t *) filemon_wrapper_vfork;
sv_table[SYS_link].sy_call = (sy_call_t *) filemon_wrapper_link;
sv_table[SYS_symlink].sy_call = (sy_call_t *) filemon_wrapper_symlink;
#ifdef FILEMON_HAS_LINKAT
@ -597,13 +567,11 @@ filemon_wrapper_install(void)
sv_table[FREEBSD32_SYS_chdir].sy_call = (sy_call_t *) filemon_wrapper_chdir;
sv_table[FREEBSD32_SYS_freebsd32_execve].sy_call = (sy_call_t *) filemon_wrapper_freebsd32_execve;
sv_table[FREEBSD32_SYS_fork].sy_call = (sy_call_t *) filemon_wrapper_fork;
sv_table[FREEBSD32_SYS_open].sy_call = (sy_call_t *) filemon_wrapper_open;
sv_table[FREEBSD32_SYS_openat].sy_call = (sy_call_t *) filemon_wrapper_openat;
sv_table[FREEBSD32_SYS_rename].sy_call = (sy_call_t *) filemon_wrapper_rename;
sv_table[FREEBSD32_SYS_freebsd32_stat].sy_call = (sy_call_t *) filemon_wrapper_freebsd32_stat;
sv_table[FREEBSD32_SYS_unlink].sy_call = (sy_call_t *) filemon_wrapper_unlink;
sv_table[FREEBSD32_SYS_vfork].sy_call = (sy_call_t *) filemon_wrapper_vfork;
sv_table[FREEBSD32_SYS_link].sy_call = (sy_call_t *) filemon_wrapper_link;
sv_table[FREEBSD32_SYS_symlink].sy_call = (sy_call_t *) filemon_wrapper_symlink;
#ifdef FILEMON_HAS_LINKAT
@ -613,6 +581,8 @@ filemon_wrapper_install(void)
filemon_exit_tag = EVENTHANDLER_REGISTER(process_exit,
filemon_event_process_exit, NULL, EVENTHANDLER_PRI_LAST);
filemon_fork_tag = EVENTHANDLER_REGISTER(process_fork,
filemon_event_process_fork, NULL, EVENTHANDLER_PRI_LAST);
}
static void
@ -626,13 +596,11 @@ filemon_wrapper_deinstall(void)
sv_table[SYS_chdir].sy_call = (sy_call_t *)sys_chdir;
sv_table[SYS_execve].sy_call = (sy_call_t *)sys_execve;
sv_table[SYS_fork].sy_call = (sy_call_t *)sys_fork;
sv_table[SYS_open].sy_call = (sy_call_t *)sys_open;
sv_table[SYS_openat].sy_call = (sy_call_t *)sys_openat;
sv_table[SYS_rename].sy_call = (sy_call_t *)sys_rename;
sv_table[SYS_stat].sy_call = (sy_call_t *)sys_stat;
sv_table[SYS_unlink].sy_call = (sy_call_t *)sys_unlink;
sv_table[SYS_vfork].sy_call = (sy_call_t *)sys_vfork;
sv_table[SYS_link].sy_call = (sy_call_t *)sys_link;
sv_table[SYS_symlink].sy_call = (sy_call_t *)sys_symlink;
#ifdef FILEMON_HAS_LINKAT
@ -644,13 +612,11 @@ filemon_wrapper_deinstall(void)
sv_table[FREEBSD32_SYS_chdir].sy_call = (sy_call_t *)sys_chdir;
sv_table[FREEBSD32_SYS_freebsd32_execve].sy_call = (sy_call_t *)freebsd32_execve;
sv_table[FREEBSD32_SYS_fork].sy_call = (sy_call_t *)sys_fork;
sv_table[FREEBSD32_SYS_open].sy_call = (sy_call_t *)sys_open;
sv_table[FREEBSD32_SYS_openat].sy_call = (sy_call_t *)sys_openat;
sv_table[FREEBSD32_SYS_rename].sy_call = (sy_call_t *)sys_rename;
sv_table[FREEBSD32_SYS_freebsd32_stat].sy_call = (sy_call_t *)freebsd32_stat;
sv_table[FREEBSD32_SYS_unlink].sy_call = (sy_call_t *)sys_unlink;
sv_table[FREEBSD32_SYS_vfork].sy_call = (sy_call_t *)sys_vfork;
sv_table[FREEBSD32_SYS_link].sy_call = (sy_call_t *)sys_link;
sv_table[FREEBSD32_SYS_symlink].sy_call = (sy_call_t *)sys_symlink;
#ifdef FILEMON_HAS_LINKAT
@ -659,4 +625,5 @@ filemon_wrapper_deinstall(void)
#endif /* COMPAT_ARCH32 */
EVENTHANDLER_DEREGISTER(process_exit, filemon_exit_tag);
EVENTHANDLER_DEREGISTER(process_fork, filemon_fork_tag);
}