1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#! /usr/bin/env stap
# errsnoop.stp
# Copyright (C) 2009-2018 Red Hat, Inc., Eugene Teo <eteo@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# attack "stupid userspace" apps
#
global error%[6000], trace // about 18.5MB kernel RAM
probe syscall.* {
# assume syscall don't nest
trace[tid()] = argstr
}
probe syscall.*.return {
errno = errno_p(retval)
if (errno != 0) {
argstr = trace[tid()]
delete trace[tid()]
errstr = sprintf("%3d/%s", errno, errno_str(errno))
error[sprintf("%-13s %17s %15s %5d %s", errstr, name, execname(), pid(), argstr)] <<< 1
}
}
probe timer.s(%( $# > 0 %? $1 %: 5 %)) {
ansi_clear_screen()
printf("%4s %-13s %17s %15s %5s %s\n",
"HITS", "ERRSTR", "SYSCALL", "PROCESS", "PID", "ARGSTR")
foreach([bigstr] in error- limit %( $# > 1 %? $2 %: 20 %))
printf("%4d %s\n", @count(error[bigstr]), bigstr)
delete error
}
|
