This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Oops, forgot the most important info. This is with the systemtap-20070303 snapshot, running on a 2.6.20 kernel on Gentoo. /Lasse On 11:42, Tue 13 Mar, Lasse Bigum wrote: > Hi, > > I wanted to file a bug report on this, but I think the registration mail > got caught up in the greylisting for now. > > I have a small script that detects if a process with a specific name is > running, and if so, puts it to sleep straight away after detecting a > system call from it. > > # cat stap_app.stp > %{ > #include <linux/signal.h> > %} > > global countdown, p_id > > function do_sleep:long (process_id:long) > %{ > struct task_struct *sigtask; > sigtask = find_task_by_pid(THIS->process_id); > send_sig(SIGSTOP, sigtask, 0); > > printk("SOV\n"); > %} > > probe kernel.function("sys_*") { > if (execname() == "open-close") { > printf("%s\n", probefunc()); > > do_sleep(pid()); > } > } > > Next, I run a small program that can read from a file, or write to it, or print out some info about how to use it. > > The code is as follows: > # cat open-close.c > #include <stdlib.h> > #include <stdio.h> > #include <string.h> > > int main(int argc, char *argv[]) > { > char *userinput = malloc(20); > FILE *file; > char text[100]; > > if (argc < 2) { > printf("usage: 1 for reading, 2 'text' for writing 'text' \n"); > exit(1); > } > > if (strcmp(argv[1],"1") == 0) { > file = fopen("test", "r"); > > fgets(text,100,file); > printf("LÃst = %s\n", text); > > fclose(file); > } else if (strcmp(argv[1],"2") == 0) { > file = fopen("test", "w"); > > strcpy(userinput, argv[2]); > fprintf(file, "%s", userinput); > printf("skrevet: %s\n", userinput); > > fclose(file); > } else { > printf("usage: 1 for reading, 2 'text' for writing 'text'.. \n"); > exit(1); > } > > return 0; > } > > When I run the stap script, and I subsequently run the program, I get > this: > # staprun /root/.systemtap/cache/af/stap_aff2f447749d27fd4480a10ee9a53dc8_47299.ko > sys_close > sys_close > > ----- > > Now for the actual question: any explanation of why two system calls are > being printed out? > > Shouldn't the program be halted right after the first system call is > made? > > /Lasse
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |