From d14648baf61205e4259da53b383931f20c41c5bb Mon Sep 17 00:00:00 2001 From: hunt Date: Mon, 21 Mar 2005 21:14:57 +0000 Subject: [PATCH] Moving probes to another directory. --- runtime/tests/shellsnoop/Makefile | 9 -- runtime/tests/shellsnoop/README | 70 ---------------- runtime/tests/shellsnoop/buildit | 1 - runtime/tests/shellsnoop/dtr.c | 130 ----------------------------- runtime/tests/test4_probe/Makefile | 9 -- runtime/tests/test4_probe/README | 23 ----- runtime/tests/test4_probe/buildit | 1 - runtime/tests/test4_probe/dtr.c | 108 ------------------------ 8 files changed, 351 deletions(-) delete mode 100644 runtime/tests/shellsnoop/Makefile delete mode 100644 runtime/tests/shellsnoop/README delete mode 100644 runtime/tests/shellsnoop/buildit delete mode 100644 runtime/tests/shellsnoop/dtr.c delete mode 100644 runtime/tests/test4_probe/Makefile delete mode 100644 runtime/tests/test4_probe/README delete mode 100644 runtime/tests/test4_probe/buildit delete mode 100644 runtime/tests/test4_probe/dtr.c diff --git a/runtime/tests/shellsnoop/Makefile b/runtime/tests/shellsnoop/Makefile deleted file mode 100644 index 86d612662..000000000 --- a/runtime/tests/shellsnoop/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# Makefile -# -# make -C path/to/kernel/src M=`pwd` modules - -obj-m := dtr.o - - - - diff --git a/runtime/tests/shellsnoop/README b/runtime/tests/shellsnoop/README deleted file mode 100644 index ce37a2db8..000000000 --- a/runtime/tests/shellsnoop/README +++ /dev/null @@ -1,70 +0,0 @@ -Sample probe. - -To build, edit the path in buildit and the addresses in struct dtr_probes -in dtr.c Then "source buildit" - -This is a translation of on an old dtr probe: - -# shellsnoop.probe - snoop shell execution as it occurs. -# clone of dtrace shellsnoop example - -global { - long @pids[long]; -} - -probe do_execve:entry { - char __user *vstr; - char str[256]; - int len; - - /* watch shells only */ - /* FIXME: detect more shells, like csh, tcsh, zsh */ - - if (!strcmp(current->comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh") - || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh")) - { - dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename); - @pids[current->pid] = 1; - - /* print out argv, ignoring argv[0] */ - if (argv) argv++; - while (argv != NULL) - { - if (get_user (vstr, argv)) - break; - if (!vstr) - break; - len = dtr_strncpy_from_user(str, vstr, 256); - str[len] = 0; - printk ("%s ", str); - argv++; - } - printk ("\n"); - } -} - -# use filp_open because copy_from_user not needed there -probe filp_open:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename); -} - -probe sys_read:entry { - if (@pids[current->pid]) - dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd); -} - -probe sys_write:entry { - size_t len; - char str[256]; - if (@pids[current->pid]) - { - if (count < 64) len = count; - else len = 64; - if (len = dtr_strncpy_from_user(str, buf, len)) { - str[len] = 0; - dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str); - } - } -} - diff --git a/runtime/tests/shellsnoop/buildit b/runtime/tests/shellsnoop/buildit deleted file mode 100644 index 8d90a0ec8..000000000 --- a/runtime/tests/shellsnoop/buildit +++ /dev/null @@ -1 +0,0 @@ -make -C /lib/modules/2.6.10-1.770_FC3smp/build M=`pwd` diff --git a/runtime/tests/shellsnoop/dtr.c b/runtime/tests/shellsnoop/dtr.c deleted file mode 100644 index 790a907a0..000000000 --- a/runtime/tests/shellsnoop/dtr.c +++ /dev/null @@ -1,130 +0,0 @@ -#define HASH_TABLE_BITS 8 -#define HASH_TABLE_SIZE (1<comm,"bash") || !strcmp(current->comm,"sh") || !strcmp(current->comm, "zsh") - || !strcmp(current->comm, "tcsh") || !strcmp(current->comm, "pdksh")) - { - dlog ("%d\t%d\t%d\t%s ", current->uid, current->pid, current->parent->pid, filename); - - _stp_map_key_long (pids, current->pid); - _stp_map_set_int64 (pids, 1); - - _stp_copy_argv_from_user (arglist, argv); - foreach (arglist, ptr) - printk ("%s ", ptr->str); - printk ("\n"); - } - jprobe_return(); - return 0; -} - -struct file * inst_filp_open (const char * filename, int flags, int mode) -{ - _stp_map_key_long (pids, current->pid); - if (_stp_map_get_int64 (pids)) - dlog ("%d\t%d\t%s\tO %s\n", current->pid, current->parent->pid, current->comm, filename); - - jprobe_return(); - return 0; -} - -asmlinkage ssize_t inst_sys_read (unsigned int fd, char __user * buf, size_t count) -{ - _stp_map_key_long (pids, current->pid); - if (_stp_map_get_int64 (pids)) - dlog ("%d\t%d\t%s\tR %d\n", current->pid, current->parent->pid, current->comm, fd); - - jprobe_return(); - return 0; -} - -asmlinkage ssize_t inst_sys_write (unsigned int fd, const char __user * buf, size_t count) -{ - size_t len; - char str[256]; - _stp_map_key_long (pids, current->pid); - if (_stp_map_get_int64 (pids)) - { - if (count < 64) - len = count; - else - len = 64; - len = _stp_strncpy_from_user(str, buf, len); - if (len < 0) len = 0; - str[len] = 0; - dlog ("%d\t%d\t%s\tW %s\n", current->pid, current->parent->pid, current->comm, str); - } - - jprobe_return(); - return 0; -} - -static struct jprobe dtr_probes[] = { - { - .kp.addr = (kprobe_opcode_t *)0xffffffff8017b034, - .entry = (kprobe_opcode_t *) inst_do_execve - }, - { - .kp.addr = (kprobe_opcode_t *)0xffffffff80170706, - .entry = (kprobe_opcode_t *) inst_filp_open - }, - { - .kp.addr = (kprobe_opcode_t *)0xffffffff801711dd, - .entry = (kprobe_opcode_t *) inst_sys_read - }, - { - .kp.addr = (kprobe_opcode_t *)0xffffffff8017124b, - .entry = (kprobe_opcode_t *) inst_sys_write - }, -}; - -#define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe)) - -static int init_dtr(void) -{ - int i; - - pids = _stp_map_new (10000, INT64); - arglist = _stp_list_new (10, STRING); - - for (i = 0; i < MAX_DTR_ROUTINE; i++) { - printk("DTR: plant jprobe at %p, handler addr %p\n", - dtr_probes[i].kp.addr, dtr_probes[i].entry); - register_jprobe(&dtr_probes[i]); - } - printk("DTR: instrumentation is enabled...\n"); - return 0; -} - -static void cleanup_dtr(void) -{ - int i; - - for (i = 0; i < MAX_DTR_ROUTINE; i++) - unregister_jprobe(&dtr_probes[i]); - - _stp_map_del (pids); - printk("DTR: EXIT\n"); -} - -module_init(init_dtr); -module_exit(cleanup_dtr); -MODULE_LICENSE("GPL"); - diff --git a/runtime/tests/test4_probe/Makefile b/runtime/tests/test4_probe/Makefile deleted file mode 100644 index 86d612662..000000000 --- a/runtime/tests/test4_probe/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# Makefile -# -# make -C path/to/kernel/src M=`pwd` modules - -obj-m := dtr.o - - - - diff --git a/runtime/tests/test4_probe/README b/runtime/tests/test4_probe/README deleted file mode 100644 index a503c28e2..000000000 --- a/runtime/tests/test4_probe/README +++ /dev/null @@ -1,23 +0,0 @@ -Sample probe. - -To build, edit the path in buildit and the addresses in struct dtr_probes -in dtr.c Then "source buildit" - -This is a translation of on an old dtr probe: - -global { - long @opens[string]; - sum @reads[string], @writes[string]; -} - -probe sys_open:entry { - @opens[current->comm]++; -} - -probe sys_read:entry { - @reads[current->comm] << count; -} - -probe sys_write:entry { - @writes[current->comm] << count; -} diff --git a/runtime/tests/test4_probe/buildit b/runtime/tests/test4_probe/buildit deleted file mode 100644 index 8d90a0ec8..000000000 --- a/runtime/tests/test4_probe/buildit +++ /dev/null @@ -1 +0,0 @@ -make -C /lib/modules/2.6.10-1.770_FC3smp/build M=`pwd` diff --git a/runtime/tests/test4_probe/dtr.c b/runtime/tests/test4_probe/dtr.c deleted file mode 100644 index 0396da896..000000000 --- a/runtime/tests/test4_probe/dtr.c +++ /dev/null @@ -1,108 +0,0 @@ -#define HASH_TABLE_BITS 8 -#define HASH_TABLE_SIZE (1<comm); - _stp_map_set_int64 (opens, _stp_map_get_int64(opens) + 1); - jprobe_return(); - return 0; -} - -asmlinkage ssize_t inst_sys_read (unsigned int fd, char __user * buf, size_t count) -{ - _stp_map_key_str (reads, current->comm); - _stp_map_stat_add (reads, count); - jprobe_return(); - return 0; -} - -asmlinkage ssize_t inst_sys_write (unsigned int fd, const char __user * buf, size_t count) -{ - _stp_map_key_str (writes, current->comm); - _stp_map_stat_add (writes, count); - jprobe_return(); - return 0; -} - -static struct jprobe dtr_probes[] = { - { - .kp.addr = (kprobe_opcode_t *)0xc0166f32, - .entry = (kprobe_opcode_t *) inst_sys_open - }, - { - .kp.addr = (kprobe_opcode_t *)0xc0167b93, - .entry = (kprobe_opcode_t *) inst_sys_read - }, - { - .kp.addr = (kprobe_opcode_t *)0xc0167bf5, - .entry = (kprobe_opcode_t *) inst_sys_write - }, -}; - -#define MAX_DTR_ROUTINE (sizeof(dtr_probes)/sizeof(struct jprobe)) - -static int init_dtr(void) -{ - int i; - - opens = _stp_map_new (1000, INT64); - reads = _stp_map_new (1000, STAT); - writes = _stp_map_new (1000, STAT); - - for (i = 0; i < MAX_DTR_ROUTINE; i++) { - printk("DTR: plant jprobe at %p, handler addr %p\n", - dtr_probes[i].kp.addr, dtr_probes[i].entry); - register_jprobe(&dtr_probes[i]); - } - printk("DTR: instrumentation is enabled...\n"); - return 0; -} - -static void cleanup_dtr(void) -{ - int i; - struct map_node_stat *st; - struct map_node_int64 *ptr; - - for (i = 0; i < MAX_DTR_ROUTINE; i++) - unregister_jprobe(&dtr_probes[i]); - - for (ptr = (struct map_node_int64 *)_stp_map_start(opens); ptr; - ptr = (struct map_node_int64 *)_stp_map_iter (opens,(struct map_node *)ptr)) - dlog ("opens[%s] = %lld\n", key1str(ptr), ptr->val); - dlog ("\n"); - - for (st = (struct map_node_stat *)_stp_map_start(reads); st; - st = (struct map_node_stat *)_stp_map_iter (reads,(struct map_node *)st)) - dlog ("reads[%s] = [count=%lld sum=%lld min=%lld max=%lld]\n", key1str(st), st->stats.count, st->stats.sum, - st->stats.min, st->stats.max); - dlog ("\n"); - - for (st = (struct map_node_stat *)_stp_map_start(writes); st; - st = (struct map_node_stat *)_stp_map_iter (writes,(struct map_node *)st)) - dlog ("writes[%s] = [count=%lld sum=%lld min=%lld max=%lld]\n", key1str(st), st->stats.count, st->stats.sum, - st->stats.min, st->stats.max); - dlog ("\n"); - - _stp_map_del (opens); - _stp_map_del (reads); - _stp_map_del (writes); - - printk("DTR: EXIT\n"); -} - -module_init(init_dtr); -module_exit(cleanup_dtr); -MODULE_LICENSE("GPL"); - -- 2.43.5