// ------------------------------------------------------------------------
match_node::match_node()
- : end(NULL)
+ : end(NULL), unprivileged_ok (false)
{
- unprivileged_whitelist.push_back ("process");
}
match_node *
return bind(match_key(k).with_number());
}
+match_node*
+match_node::allow_unprivileged (bool b)
+{
+ unprivileged_ok = b;
+ return this;
+}
+
+bool
+match_node::unprivileged_allowed () const
+{
+ return unprivileged_ok;
+}
void
match_node::find_and_build (systemtap_session& s,
vector<derived_probe *>& results)
{
assert (pos <= loc->components.size());
-
- // If we are in --unprivileged mode, exclude all "unsafe" probes.
- if (s.unprivileged && pos == 0)
- {
- unsigned i;
- for (i = 0; i < unprivileged_whitelist.size(); i++)
- {
- if (unprivileged_whitelist[i] == loc->components[pos]->functor)
- break;
- }
- if (i == unprivileged_whitelist.size()) {
- throw semantic_error (string("probe class ") +
- loc->components[pos]->functor +
- " is not allowed for unprivileged users");
- }
- }
-
if (pos == loc->components.size()) // matched all probe point components so far
{
derived_probe_builder *b = end; // may be 0 if only nested names are bound
param_map[loc->components[i]->functor] = loc->components[i]->arg;
// maybe 0
+ // Are we compiling for unprivileged users? */
+ if (s.unprivileged)
+ {
+ // Is this probe point ok for unprivileged users?
+ if (! unprivileged_allowed ())
+ throw semantic_error (string("probe point is not allowed for unprivileged users"));
+ }
+
b->build (s, p, loc, param_map, results);
}
else if (isglob(loc->components[pos]->functor)) // wildcard?
// Pattern registration helpers.
static void register_statement_variants(match_node * root,
- dwarf_builder * dw);
+ dwarf_builder * dw,
+ bool unprivileged_ok = false);
static void register_function_variants(match_node * root,
- dwarf_builder * dw);
+ dwarf_builder * dw,
+ bool unprivileged_ok = false);
static void register_function_and_statement_variants(match_node * root,
- dwarf_builder * dw);
+ dwarf_builder * dw,
+ bool unprivileged_ok = false);
static void register_patterns(systemtap_session& s);
};
void
dwarf_derived_probe::register_statement_variants(match_node * root,
- dwarf_builder * dw)
+ dwarf_builder * dw,
+ bool unprivileged_ok)
{
- root->bind(dw);
+ root->allow_unprivileged(unprivileged_ok)->bind(dw);
}
void
dwarf_derived_probe::register_function_variants(match_node * root,
- dwarf_builder * dw)
+ dwarf_builder * dw,
+ bool unprivileged_ok)
{
- root->bind(dw);
- root->bind(TOK_INLINE)->bind(dw);
- root->bind(TOK_CALL)->bind(dw);
- root->bind(TOK_RETURN)->bind(dw);
- root->bind(TOK_RETURN)->bind_num(TOK_MAXACTIVE)->bind(dw);
+ root->allow_unprivileged(unprivileged_ok)->bind(dw);
+ root->bind(TOK_INLINE)->allow_unprivileged(unprivileged_ok)->bind(dw);
+ root->bind(TOK_CALL)->allow_unprivileged(unprivileged_ok)->bind(dw);
+ root->bind(TOK_RETURN)->allow_unprivileged(unprivileged_ok)->bind(dw);
+ root->bind(TOK_RETURN)->allow_unprivileged(unprivileged_ok)->bind_num(TOK_MAXACTIVE)->bind(dw);
}
void
dwarf_derived_probe::register_function_and_statement_variants(match_node * root,
- dwarf_builder * dw)
+ dwarf_builder * dw,
+ bool unprivileged_ok)
{
// Here we match 4 forms:
//
// .statement("foo")
// .statement(0xdeadbeef)
- register_function_variants(root->bind_str(TOK_FUNCTION), dw);
- register_function_variants(root->bind_num(TOK_FUNCTION), dw);
- register_statement_variants(root->bind_str(TOK_STATEMENT), dw);
- register_statement_variants(root->bind_num(TOK_STATEMENT), dw);
+ register_function_variants(root->bind_str(TOK_FUNCTION), dw, unprivileged_ok);
+ register_function_variants(root->bind_num(TOK_FUNCTION), dw, unprivileged_ok);
+ register_statement_variants(root->bind_str(TOK_STATEMENT), dw, unprivileged_ok);
+ register_statement_variants(root->bind_num(TOK_STATEMENT), dw, unprivileged_ok);
}
void
register_function_and_statement_variants(root->bind_str(TOK_MODULE), dw);
root->bind(TOK_KERNEL)->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE)->bind(dw);
root->bind(TOK_KERNEL)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->bind(dw);
- root->bind_str(TOK_PROCESS)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->bind(dw);
-
- register_function_and_statement_variants(root->bind_str(TOK_PROCESS), dw);
- root->bind_str(TOK_PROCESS)->bind_str(TOK_MARK)->bind(dw);
- root->bind_str(TOK_PROCESS)->bind_num(TOK_MARK)->bind(dw);
+ root->bind_str(TOK_PROCESS)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->allow_unprivileged()->bind(dw);
+ register_function_and_statement_variants(root->bind_str(TOK_PROCESS), dw, true/*unprivileged_ok*/);
+ root->bind_str(TOK_PROCESS)->bind_str(TOK_MARK)->allow_unprivileged()->bind(dw);
+ root->bind_str(TOK_PROCESS)->bind_num(TOK_MARK)->allow_unprivileged()->bind(dw);
}
void
void
register_standard_tapsets(systemtap_session & s)
{
- s.pattern_root->bind(TOK_BEGIN)->bind(new be_builder(BEGIN));
- s.pattern_root->bind_num(TOK_BEGIN)->bind(new be_builder(BEGIN));
- s.pattern_root->bind(TOK_END)->bind(new be_builder(END));
- s.pattern_root->bind_num(TOK_END)->bind(new be_builder(END));
- s.pattern_root->bind(TOK_ERROR)->bind(new be_builder(ERROR));
- s.pattern_root->bind_num(TOK_ERROR)->bind(new be_builder(ERROR));
+ s.pattern_root->bind(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN));
+ s.pattern_root->bind_num(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN));
+ s.pattern_root->bind(TOK_END)->allow_unprivileged()->bind(new be_builder(END));
+ s.pattern_root->bind_num(TOK_END)->allow_unprivileged()->bind(new be_builder(END));
+ s.pattern_root->bind(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR));
+ s.pattern_root->bind_num(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR));
- s.pattern_root->bind(TOK_NEVER)->bind(new never_builder());
+ s.pattern_root->bind(TOK_NEVER)->allow_unprivileged()->bind(new never_builder());
timer_builder::register_patterns(s);
s.pattern_root->bind(TOK_TIMER)->bind("profile")->bind(new profile_builder());
// XXX: user-space starter set
s.pattern_root->bind_num(TOK_PROCESS)
->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE)
+ ->allow_unprivileged()
->bind(new uprobe_builder ());
s.pattern_root->bind_num(TOK_PROCESS)
->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE)->bind(TOK_RETURN)
+ ->allow_unprivileged()
->bind(new uprobe_builder ());
// utrace user-space probes
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_SYSCALL)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_SYSCALL)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_SYSCALL)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
s.pattern_root->bind(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN)
+ ->allow_unprivileged()
->bind(new utrace_builder ());
// itrace user-space probes
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_INSN)
+ ->allow_unprivileged()
->bind(new itrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_INSN)
+ ->allow_unprivileged()
->bind(new itrace_builder ());
s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_INSN)->bind(TOK_BLOCK)
+ ->allow_unprivileged()
->bind(new itrace_builder ());
s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_INSN)->bind(TOK_BLOCK)
+ ->allow_unprivileged()
->bind(new itrace_builder ());
// marker-based parts
git://sourceware.org / systemtap.git / commitdiff