perf trace: Add a etcsnoop.c augmented syscalls eBPF utility
We need to put common stuff into a separate header in tools/perf/include/bpf/
for these augmented syscalls, but I couldn't resist adding a etcsnoop.c tool,
combining augmented syscalls + filtering, that in the future will be passed
from 'perf trace''s command line, to use in building the eBPF program to do
that specific filtering at the source, inside the kernel:
Running system wide: (hope there isn't any embarassing stuff here... ;-) )
# perf trace -e tools/perf/examples/bpf/etcsnoop.c
0.000 sed/21878 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1741.473 cat/21883 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1741.892 cat/21883 openat(dfd: CWD, filename: /etc/passwd)
1748.948 sed/21886 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1777.136 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1777.738 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.158 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.528 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.595 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.901 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.939 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.966 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.992 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.019 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.045 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.071 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.095 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.121 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.148 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.175 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.202 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.229 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.254 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.279 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.309 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.336 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.363 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.388 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.414 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.442 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.470 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.500 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.529 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.557 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.586 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.617 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.648 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.679 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.706 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.739 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.769 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.798 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.823 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.844 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.862 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.880 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.911 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.942 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.972 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1780.004 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1780.035 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
13059.154 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13060.739 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13061.990 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13063.177 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13064.265 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13065.483 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13067.383 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13068.902 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13069.922 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13070.915 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13072.612 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13074.816 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13077.343 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13078.731 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13559.064 DNS Res~er #22/21054 open(filename: /etc/hosts, flags: CLOEXEC)
22419.522 sed/21896 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24473.313 git/21900 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24491.988 less/21901 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24493.793 git/21901 openat(dfd: CWD, filename: /etc/sysless)
24565.772 sed/21924 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
25878.752 git/21928 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26075.666 git/21928 open(filename: /etc/localtime, flags: CLOEXEC)
26075.565 less/21929 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26076.060 less/21929 openat(dfd: CWD, filename: /etc/sysless)
26346.395 sed/21932 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26483.583 sed/21938 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26954.890 sed/21944 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27016.165 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
27016.414 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
27712.313 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
27712.616 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
27829.035 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.368 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.584 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.800 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27830.107 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27830.521 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27961.516 git/21948 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27987.568 less/21949 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27988.948 bash/21949 openat(dfd: CWD, filename: /etc/sysless)
28043.536 sed/21972 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
28736.008 sed/21978 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34882.664 git/21991 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34882.664 sort/21990 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34884.441 uniq/21992 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
35593.098 git/21997 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
35638.839 git/21997 openat(dfd: CWD, filename: /etc/gitattributes)
35702.851 sed/22000 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
36076.039 sed/22006 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37569.049 git/22014 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37673.712 git/22014 open(filename: /etc/localtime, flags: CLOEXEC)
37781.710 vim/22040 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37783.667 git/22040 openat(dfd: CWD, filename: /etc/vimrc)
37792.394 git/22040 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
37792.436 git/22040 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37792.580 git/22040 open(filename: /etc/passwd, flags: CLOEXEC)
43893.625 DNS Res~er #23/21365 open(filename: /etc/hosts, flags: CLOEXEC)
48060.409 nm-dhcp-helper/22044 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48071.745 systemd/1 openat(dfd: CWD, filename: /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service, flags: CLOEXEC|NOFOLLOW|NOCTTY)
48082.780 nm-dispatcher/22049 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48111.418 systemd/22049 open(filename: /etc/NetworkManager/dispatcher.d, flags: CLOEXEC|DIRECTORY|NONBLOCK)
48111.904 systemd/22049 open(filename: /etc/localtime, flags: CLOEXEC)
48118.357 00-netreport/22052 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48119.668 systemd/22052 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48119.762 systemd/22052 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48119.887 systemd/22052 open(filename: /etc/passwd, flags: CLOEXEC)
48120.025 systemd/22052 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/00-netreport)
48124.144 hostname/22054 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48125.492 systemd/22052 openat(dfd: CWD, filename: /etc/init.d/functions)
48127.253 systemd/22052 openat(dfd: CWD, filename: /etc/profile.d/lang.sh)
48127.388 systemd/22052 openat(dfd: CWD, filename: /etc/locale.conf)
48137.749 cat/22056 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48143.519 04-iscsi/22058 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48144.438 04-iscsi/22058 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48144.478 04-iscsi/22058 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48144.577 04-iscsi/22058 open(filename: /etc/passwd, flags: CLOEXEC)
48144.819 04-iscsi/22058 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/04-iscsi)
48145.620 10-ifcfg-rh-ro/22059 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48146.169 systemd/22059 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48146.207 systemd/22059 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48146.287 systemd/22059 open(filename: /etc/passwd, flags: CLOEXEC)
48146.387 systemd/22059 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/10-ifcfg-rh-routes.sh)
48147.215 11-dhclient/22060 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48147.787 11-dhclient/22060 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48147.813 11-dhclient/22060 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48147.929 11-dhclient/22060 open(filename: /etc/passwd, flags: CLOEXEC)
48148.016 11-dhclient/22060 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/11-dhclient)
48148.906 grep/22063 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48151.165 11-dhclient/22060 openat(dfd: CWD, filename: /etc/sysconfig/network)
48151.560 11-dhclient/22060 open(filename: /etc/dhcp/dhclient.d/, flags: CLOEXEC|DIRECTORY|NONBLOCK)
48151.704 11-dhclient/22060 openat(dfd: CWD, filename: /etc/dhcp/dhclient.d/chrony.sh)
48153.593 20-chrony/22065 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48154.695 20-chrony/22065 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48154.756 20-chrony/22065 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48154.914 20-chrony/22065 open(filename: /etc/passwd, flags: CLOEXEC)
48155.067 20-chrony/22065 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/20-chrony)
48156.962 25-polipo/22066 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48157.824 systemd/22066 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48157.866 systemd/22066 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48157.981 systemd/22066 open(filename: /etc/passwd, flags: CLOEXEC)
48158.090 systemd/22066 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/25-polipo)
48533.616 gsd-housekeepi/2412 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
87122.021 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
87122.146 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
87825.582 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
87825.844 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
87829.524 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87830.531 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87831.288 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87832.011 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87832.672 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87833.276 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
^C#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-0o770jvdcy04ee6vhv6v471m@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-08-22 02:02:09 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/*
|
|
|
|
* Augment the filename syscalls with the contents of the filename pointer argument
|
|
|
|
* filtering only those that do not start with /etc/.
|
|
|
|
*
|
|
|
|
* Test it with:
|
|
|
|
*
|
|
|
|
* perf trace -e tools/perf/examples/bpf/augmented_syscalls.c cat /etc/passwd > /dev/null
|
|
|
|
*
|
|
|
|
* It'll catch some openat syscalls related to the dynamic linked and
|
|
|
|
* the last one should be the one for '/etc/passwd'.
|
|
|
|
*
|
|
|
|
* This matches what is marshalled into the raw_syscall:sys_enter payload
|
|
|
|
* expected by the 'perf trace' beautifiers, and can be used by them unmodified,
|
|
|
|
* which will be done as that feature is implemented in the next csets, for now
|
|
|
|
* it will appear in a dump done by the default tracepoint handler in 'perf trace',
|
|
|
|
* that uses bpf_output__fprintf() to just dump those contents, as done with
|
|
|
|
* the bpf-output event associated with the __bpf_output__ map declared in
|
|
|
|
* tools/perf/include/bpf/stdio.h.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
struct bpf_map SEC("maps") __augmented_syscalls__ = {
|
|
|
|
.type = BPF_MAP_TYPE_PERF_EVENT_ARRAY,
|
|
|
|
.key_size = sizeof(int),
|
|
|
|
.value_size = sizeof(u32),
|
|
|
|
.max_entries = __NR_CPUS__,
|
|
|
|
};
|
|
|
|
|
|
|
|
struct augmented_filename {
|
|
|
|
int size;
|
|
|
|
int reserved;
|
|
|
|
char value[64];
|
|
|
|
};
|
|
|
|
|
|
|
|
#define augmented_filename_syscall_enter(syscall) \
|
|
|
|
struct augmented_enter_##syscall##_args { \
|
|
|
|
struct syscall_enter_##syscall##_args args; \
|
|
|
|
struct augmented_filename filename; \
|
|
|
|
}; \
|
|
|
|
int syscall_enter(syscall)(struct syscall_enter_##syscall##_args *args) \
|
|
|
|
{ \
|
|
|
|
char etc[6] = "/etc/"; \
|
|
|
|
struct augmented_enter_##syscall##_args augmented_args = { .filename.reserved = 0, }; \
|
|
|
|
probe_read(&augmented_args.args, sizeof(augmented_args.args), args); \
|
|
|
|
augmented_args.filename.size = probe_read_str(&augmented_args.filename.value, \
|
|
|
|
sizeof(augmented_args.filename.value), \
|
|
|
|
args->filename_ptr); \
|
|
|
|
if (__builtin_memcmp(augmented_args.filename.value, etc, 4) != 0) \
|
|
|
|
return 0; \
|
2019-01-12 00:20:20 +08:00
|
|
|
/* If perf_event_output fails, return non-zero so that it gets recorded unaugmented */ \
|
|
|
|
return perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, \
|
|
|
|
&augmented_args, \
|
|
|
|
(sizeof(augmented_args) - sizeof(augmented_args.filename.value) + \
|
|
|
|
augmented_args.filename.size)); \
|
perf trace: Add a etcsnoop.c augmented syscalls eBPF utility
We need to put common stuff into a separate header in tools/perf/include/bpf/
for these augmented syscalls, but I couldn't resist adding a etcsnoop.c tool,
combining augmented syscalls + filtering, that in the future will be passed
from 'perf trace''s command line, to use in building the eBPF program to do
that specific filtering at the source, inside the kernel:
Running system wide: (hope there isn't any embarassing stuff here... ;-) )
# perf trace -e tools/perf/examples/bpf/etcsnoop.c
0.000 sed/21878 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1741.473 cat/21883 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1741.892 cat/21883 openat(dfd: CWD, filename: /etc/passwd)
1748.948 sed/21886 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
1777.136 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1777.738 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.158 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.528 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.595 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.901 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.939 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.966 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1778.992 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.019 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.045 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.071 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.095 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.121 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.148 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.175 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.202 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.229 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.254 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.279 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.309 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.336 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.363 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.388 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.414 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.442 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.470 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.500 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.529 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.557 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.586 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.617 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.648 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.679 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.706 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.739 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.769 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.798 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.823 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.844 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.862 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.880 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.911 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.942 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1779.972 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1780.004 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
1780.035 gvfs-udisks2-v/2302 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
13059.154 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13060.739 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13061.990 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13063.177 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13064.265 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13065.483 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13067.383 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13068.902 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13069.922 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13070.915 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13072.612 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13074.816 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13077.343 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13078.731 NetworkManager/1237 open(filename: /etc/passwd, flags: CLOEXEC)
13559.064 DNS Res~er #22/21054 open(filename: /etc/hosts, flags: CLOEXEC)
22419.522 sed/21896 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24473.313 git/21900 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24491.988 less/21901 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
24493.793 git/21901 openat(dfd: CWD, filename: /etc/sysless)
24565.772 sed/21924 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
25878.752 git/21928 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26075.666 git/21928 open(filename: /etc/localtime, flags: CLOEXEC)
26075.565 less/21929 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26076.060 less/21929 openat(dfd: CWD, filename: /etc/sysless)
26346.395 sed/21932 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26483.583 sed/21938 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
26954.890 sed/21944 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27016.165 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
27016.414 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
27712.313 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
27712.616 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
27829.035 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.368 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.584 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27829.800 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27830.107 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27830.521 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
27961.516 git/21948 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27987.568 less/21949 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
27988.948 bash/21949 openat(dfd: CWD, filename: /etc/sysless)
28043.536 sed/21972 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
28736.008 sed/21978 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34882.664 git/21991 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34882.664 sort/21990 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
34884.441 uniq/21992 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
35593.098 git/21997 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
35638.839 git/21997 openat(dfd: CWD, filename: /etc/gitattributes)
35702.851 sed/22000 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
36076.039 sed/22006 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37569.049 git/22014 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37673.712 git/22014 open(filename: /etc/localtime, flags: CLOEXEC)
37781.710 vim/22040 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37783.667 git/22040 openat(dfd: CWD, filename: /etc/vimrc)
37792.394 git/22040 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
37792.436 git/22040 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
37792.580 git/22040 open(filename: /etc/passwd, flags: CLOEXEC)
43893.625 DNS Res~er #23/21365 open(filename: /etc/hosts, flags: CLOEXEC)
48060.409 nm-dhcp-helper/22044 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48071.745 systemd/1 openat(dfd: CWD, filename: /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service, flags: CLOEXEC|NOFOLLOW|NOCTTY)
48082.780 nm-dispatcher/22049 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48111.418 systemd/22049 open(filename: /etc/NetworkManager/dispatcher.d, flags: CLOEXEC|DIRECTORY|NONBLOCK)
48111.904 systemd/22049 open(filename: /etc/localtime, flags: CLOEXEC)
48118.357 00-netreport/22052 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48119.668 systemd/22052 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48119.762 systemd/22052 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48119.887 systemd/22052 open(filename: /etc/passwd, flags: CLOEXEC)
48120.025 systemd/22052 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/00-netreport)
48124.144 hostname/22054 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48125.492 systemd/22052 openat(dfd: CWD, filename: /etc/init.d/functions)
48127.253 systemd/22052 openat(dfd: CWD, filename: /etc/profile.d/lang.sh)
48127.388 systemd/22052 openat(dfd: CWD, filename: /etc/locale.conf)
48137.749 cat/22056 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48143.519 04-iscsi/22058 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48144.438 04-iscsi/22058 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48144.478 04-iscsi/22058 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48144.577 04-iscsi/22058 open(filename: /etc/passwd, flags: CLOEXEC)
48144.819 04-iscsi/22058 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/04-iscsi)
48145.620 10-ifcfg-rh-ro/22059 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48146.169 systemd/22059 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48146.207 systemd/22059 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48146.287 systemd/22059 open(filename: /etc/passwd, flags: CLOEXEC)
48146.387 systemd/22059 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/10-ifcfg-rh-routes.sh)
48147.215 11-dhclient/22060 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48147.787 11-dhclient/22060 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48147.813 11-dhclient/22060 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48147.929 11-dhclient/22060 open(filename: /etc/passwd, flags: CLOEXEC)
48148.016 11-dhclient/22060 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/11-dhclient)
48148.906 grep/22063 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48151.165 11-dhclient/22060 openat(dfd: CWD, filename: /etc/sysconfig/network)
48151.560 11-dhclient/22060 open(filename: /etc/dhcp/dhclient.d/, flags: CLOEXEC|DIRECTORY|NONBLOCK)
48151.704 11-dhclient/22060 openat(dfd: CWD, filename: /etc/dhcp/dhclient.d/chrony.sh)
48153.593 20-chrony/22065 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48154.695 20-chrony/22065 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48154.756 20-chrony/22065 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48154.914 20-chrony/22065 open(filename: /etc/passwd, flags: CLOEXEC)
48155.067 20-chrony/22065 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/20-chrony)
48156.962 25-polipo/22066 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48157.824 systemd/22066 open(filename: /etc/nsswitch.conf, flags: CLOEXEC)
48157.866 systemd/22066 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC)
48157.981 systemd/22066 open(filename: /etc/passwd, flags: CLOEXEC)
48158.090 systemd/22066 openat(dfd: CWD, filename: /etc/NetworkManager/dispatcher.d/25-polipo)
48533.616 gsd-housekeepi/2412 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC)
87122.021 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
87122.146 gsd-color/1762 openat(dfd: CWD, filename: /etc/localtime)
87825.582 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
87825.844 gsd-color/2408 openat(dfd: CWD, filename: /etc/localtime)
87829.524 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87830.531 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87831.288 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87832.011 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87832.672 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
87833.276 gnome-shell/2125 openat(dfd: CWD, filename: /etc/localtime)
^C#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-0o770jvdcy04ee6vhv6v471m@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-08-22 02:02:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
struct syscall_enter_openat_args {
|
|
|
|
unsigned long long common_tp_fields;
|
|
|
|
long syscall_nr;
|
|
|
|
long dfd;
|
|
|
|
char *filename_ptr;
|
|
|
|
long flags;
|
|
|
|
long mode;
|
|
|
|
};
|
|
|
|
|
|
|
|
augmented_filename_syscall_enter(openat);
|
|
|
|
|
|
|
|
struct syscall_enter_open_args {
|
|
|
|
unsigned long long common_tp_fields;
|
|
|
|
long syscall_nr;
|
|
|
|
char *filename_ptr;
|
|
|
|
long flags;
|
|
|
|
long mode;
|
|
|
|
};
|
|
|
|
|
|
|
|
augmented_filename_syscall_enter(open);
|
|
|
|
|
|
|
|
license(GPL);
|