From 26b3b3e368a79ce29df732ea04e72a4c002ae2ce Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Tue, 6 Mar 2018 17:38:59 +0000 Subject: rename into ioriot --- systemtap/Makefile | 20 +- systemtap/src/ioreplay.stp | 591 ------------------------------------- systemtap/src/ioriot.stp | 591 +++++++++++++++++++++++++++++++++++++ systemtap/src/javaioreplay.stp | 591 ------------------------------------- systemtap/src/javaioriot.stp | 591 +++++++++++++++++++++++++++++++++++++ systemtap/src/targetedioreplay.stp | 591 ------------------------------------- systemtap/src/targetedioriot.stp | 591 +++++++++++++++++++++++++++++++++++++ 7 files changed, 1783 insertions(+), 1783 deletions(-) delete mode 100644 systemtap/src/ioreplay.stp create mode 100644 systemtap/src/ioriot.stp delete mode 100644 systemtap/src/javaioreplay.stp create mode 100644 systemtap/src/javaioriot.stp delete mode 100644 systemtap/src/targetedioreplay.stp create mode 100644 systemtap/src/targetedioriot.stp (limited to 'systemtap') diff --git a/systemtap/Makefile b/systemtap/Makefile index f027719..49f1977 100644 --- a/systemtap/Makefile +++ b/systemtap/Makefile @@ -1,15 +1,15 @@ KERNEL ?= $(shell uname -r) PROCESSOR ?= $(shell uname -p) -DESTDIR ?= /opt/ioreplay/systemtap/$(KERNEL) +DESTDIR ?= /opt/ioriot/systemtap/$(KERNEL) UPDATEURI = http://debuginfo.centos.org/7/$(PROCESSOR) DOWNLOADIR ?= ./downloads all: prepare compile prepare: - sed 's/execname() != "stapio"/pid() == target()/' ./src/ioreplay.stp > ./src/targetedioreplay.stp - sed 's/execname() != "stapio"/execname() == "java"/' ./src/ioreplay.stp > ./src/javaioreplay.stp + sed 's/execname() != "stapio"/pid() == target()/' ./src/ioriot.stp > ./src/targetedioriot.stp + sed 's/execname() != "stapio"/execname() == "java"/' ./src/ioriot.stp > ./src/javaioriot.stp compile: @echo Crosscompiling for Kernel version $(KERNEL) - for stp in ioreplay javaioreplay targetedioreplay; do \ + for stp in ioriot javaioriot targetedioriot; do \ stap -v ./src/$$stp.stp -p 4 -r $(KERNEL) -m $$stp \ -D MAXSTRINGLEN=255 -D MAXACTION=10000 -D MAXSKIPPED=10000\ -g --suppress-time-limits --suppress-handler-errors; \ @@ -18,14 +18,14 @@ testsystemtap: stap -v -e 'probe vfs.read {printf("read performed\n"); exit()}' clean: @echo Cleaning modules - test -f ioreplay.ko && rm -v ioreplay.ko || exit 0 - test -f javaioreplay.ko && rm -v javaioreplay.ko || exit 0 - test -f targetedioreplay.ko && rm -v targetedioreplay.ko || exit 0 + test -f ioriot.ko && rm -v ioriot.ko || exit 0 + test -f javaioriot.ko && rm -v javaioriot.ko || exit 0 + test -f targetedioriot.ko && rm -v targetedioriot.ko || exit 0 install: test -d $(DESTDIR) || mkdir -p $(DESTDIR) - test -f ioreplay.ko && cp -v ioreplay.ko $(DESTDIR)/ || exit 0 - test -f javaioreplay.ko && cp -v javaioreplay.ko $(DESTDIR)/ || exit 0 - test -f targetedioreplay.ko && cp -v targetedioreplay.ko $(DESTDIR)/ || exit 0 + test -f ioriot.ko && cp -v ioriot.ko $(DESTDIR)/ || exit 0 + test -f javaioriot.ko && cp -v javaioriot.ko $(DESTDIR)/ || exit 0 + test -f targetedioriot.ko && cp -v targetedioriot.ko $(DESTDIR)/ || exit 0 uninstall: test ! -z "$(DESTDIR)" && test -d $(DESTDIR)/ && find $(DESTDIR) -name \*.ko -delete || exit 0 deinstall: uninstall diff --git a/systemtap/src/ioreplay.stp b/systemtap/src/ioreplay.stp deleted file mode 100644 index c4b4f0b..0000000 --- a/systemtap/src/ioreplay.stp +++ /dev/null @@ -1,591 +0,0 @@ -#!/usr/bin/env stap - -# Copyright 2018 Mimecast Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script is used to capture I/O on a Linux based system in order to replay -# the same I/O via the ioreplay command line utility. -# -# The tool will generate one line per captured I/O syscall to a .capture log -# file. -# -# The key/value separator is ';:,', example line: -# -# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, -# -# It may be that SystemTap will skip probes or interrupts probes in case of -# system overload. As a result we can have corrupt lines in the log. That's why -# we use a special field separator ';:,' to detect corrupt lines more robustly. -# -# The line uses the following format keys (we use many different of these, the -# only benefit over a more generic approach is to detect corrupt lines more -# easily): -# -# Format keys: -# t: Time -# i: PID:TID (process and thread ID) -# o: Operation name -# O: Offset or owner/user UID -# W: Whence -# d: File/dir descriptor -# p: File path -# P: File path 2 -# f: Flags -# m: Mode -# b: Bytes -# c: Count -# s: Return status -# t: Optional text -# F: FCNTL command -# G: FCNTL arg or user group UID -# T: Optional text (debugging purpose only) -# a: Address -# A: Address 2 -# - -# Return the full qualified version of path -function absolute_path (path) { - # Is it already a full qualified path? - if (substr(path,0,1) == "/") { - return path; - } - - # Look into the in Kernel task structure to look up the corresponding - # mount point and directory entry... - tc = task_current() - pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry - pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt - - # Construct a full qualified path from it! - return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; -} - -probe syscall.open.return, syscall.openat.return { - if (execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($flags), - @entry($mode)); - } -} - -probe syscall.lseek.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($whence), - $return); - } -} - -probe syscall.fcntl.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($cmd), - @entry($arg), - $return); - } -} - -probe syscall.creat.return { - if (execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($mode)); - } -} - -probe syscall.write.return, syscall.writev.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.unlink.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.unlinkat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { - if(execname() != "stapio") { - oldname = user_string(@entry($oldname)) - newname = user_string(@entry($newname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(oldname), - absolute_path(newname), - $return); - } -} - -probe syscall.read.return, syscall.readv.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readahead.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return, - @entry($offset), - @entry($count)); - } -} - -probe syscall.readdir.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readlink.return { - if(execname() != "stapio") { - pathname = user_string(@entry($path)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.readlinkat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fdatasync.return, syscall.fsync.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.sync_file_range.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($nbytes), - $return); - } -} - -probe syscall.sync.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return); - } -} - -probe syscall.syncfs.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.close.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.getdents.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($count), - $return); - } -} - -probe syscall.mkdir.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.rmdir.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.mkdirat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.stat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.statfs.return, syscall.statfs64.return { - if(execname() != "stapio") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstatfs.return, syscall.fstatfs64.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.lstat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstat.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.fstatat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.chmod.return, syscall.fchmodat.return { - if(execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.fchmod.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($mode), - $return); - } -} - -probe syscall.chown.return, syscall.chown16.return, - syscall.lchown.return, syscall.lchown16.return { - if(execname() != "stapio") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchown.return, syscall.fchown16.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchownat.return { - pathname = user_string(@entry($filename)) - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - @entry($flag), - $return); - } -} - -probe syscall.mmap2.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - @entry($prot), - @entry($flags), - @entry($fd), - @entry($pgoff), - $return); - } -} - -probe syscall.mremap.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($new_addr), - @entry($addr), - @entry($new_len), - @entry($flags), - $return); - } -} - -probe syscall.munmap.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - $return); - } -} - -probe syscall.msync.return { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($start), - @entry($len), - @entry($flags), - $return); - } -} - -probe syscall.exit_group { - if(execname() != "stapio") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name); - } -} - -# Stop probing after 1h (for safety) -probe timer.s(3600) { - exit(); -} - -# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/systemtap/src/ioriot.stp b/systemtap/src/ioriot.stp new file mode 100644 index 0000000..9ea6a68 --- /dev/null +++ b/systemtap/src/ioriot.stp @@ -0,0 +1,591 @@ +#!/usr/bin/env stap + +# Copyright 2018 Mimecast Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is used to capture I/O on a Linux based system in order to replay +# the same I/O via the ioriot command line utility. +# +# The tool will generate one line per captured I/O syscall to a .capture log +# file. +# +# The key/value separator is ';:,', example line: +# +# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, +# +# It may be that SystemTap will skip probes or interrupts probes in case of +# system overload. As a result we can have corrupt lines in the log. That's why +# we use a special field separator ';:,' to detect corrupt lines more robustly. +# +# The line uses the following format keys (we use many different of these, the +# only benefit over a more generic approach is to detect corrupt lines more +# easily): +# +# Format keys: +# t: Time +# i: PID:TID (process and thread ID) +# o: Operation name +# O: Offset or owner/user UID +# W: Whence +# d: File/dir descriptor +# p: File path +# P: File path 2 +# f: Flags +# m: Mode +# b: Bytes +# c: Count +# s: Return status +# t: Optional text +# F: FCNTL command +# G: FCNTL arg or user group UID +# T: Optional text (debugging purpose only) +# a: Address +# A: Address 2 +# + +# Return the full qualified version of path +function absolute_path (path) { + # Is it already a full qualified path? + if (substr(path,0,1) == "/") { + return path; + } + + # Look into the in Kernel task structure to look up the corresponding + # mount point and directory entry... + tc = task_current() + pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry + pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt + + # Construct a full qualified path from it! + return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; +} + +probe syscall.open.return, syscall.openat.return { + if (execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($flags), + @entry($mode)); + } +} + +probe syscall.lseek.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($whence), + $return); + } +} + +probe syscall.fcntl.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($cmd), + @entry($arg), + $return); + } +} + +probe syscall.creat.return { + if (execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($mode)); + } +} + +probe syscall.write.return, syscall.writev.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.unlink.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.unlinkat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { + if(execname() != "stapio") { + oldname = user_string(@entry($oldname)) + newname = user_string(@entry($newname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(oldname), + absolute_path(newname), + $return); + } +} + +probe syscall.read.return, syscall.readv.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readahead.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return, + @entry($offset), + @entry($count)); + } +} + +probe syscall.readdir.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readlink.return { + if(execname() != "stapio") { + pathname = user_string(@entry($path)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.readlinkat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fdatasync.return, syscall.fsync.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.sync_file_range.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($nbytes), + $return); + } +} + +probe syscall.sync.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return); + } +} + +probe syscall.syncfs.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.close.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.getdents.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($count), + $return); + } +} + +probe syscall.mkdir.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.rmdir.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.mkdirat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.stat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.statfs.return, syscall.statfs64.return { + if(execname() != "stapio") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstatfs.return, syscall.fstatfs64.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.lstat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstat.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.fstatat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.chmod.return, syscall.fchmodat.return { + if(execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.fchmod.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($mode), + $return); + } +} + +probe syscall.chown.return, syscall.chown16.return, + syscall.lchown.return, syscall.lchown16.return { + if(execname() != "stapio") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchown.return, syscall.fchown16.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchownat.return { + pathname = user_string(@entry($filename)) + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + @entry($flag), + $return); + } +} + +probe syscall.mmap2.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + @entry($prot), + @entry($flags), + @entry($fd), + @entry($pgoff), + $return); + } +} + +probe syscall.mremap.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($new_addr), + @entry($addr), + @entry($new_len), + @entry($flags), + $return); + } +} + +probe syscall.munmap.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + $return); + } +} + +probe syscall.msync.return { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($start), + @entry($len), + @entry($flags), + $return); + } +} + +probe syscall.exit_group { + if(execname() != "stapio") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name); + } +} + +# Stop probing after 1h (for safety) +probe timer.s(3600) { + exit(); +} + +# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/systemtap/src/javaioreplay.stp b/systemtap/src/javaioreplay.stp deleted file mode 100644 index 4fca0ef..0000000 --- a/systemtap/src/javaioreplay.stp +++ /dev/null @@ -1,591 +0,0 @@ -#!/usr/bin/env stap - -# Copyright 2018 Mimecast Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script is used to capture I/O on a Linux based system in order to replay -# the same I/O via the ioreplay command line utility. -# -# The tool will generate one line per captured I/O syscall to a .capture log -# file. -# -# The key/value separator is ';:,', example line: -# -# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, -# -# It may be that SystemTap will skip probes or interrupts probes in case of -# system overload. As a result we can have corrupt lines in the log. That's why -# we use a special field separator ';:,' to detect corrupt lines more robustly. -# -# The line uses the following format keys (we use many different of these, the -# only benefit over a more generic approach is to detect corrupt lines more -# easily): -# -# Format keys: -# t: Time -# i: PID:TID (process and thread ID) -# o: Operation name -# O: Offset or owner/user UID -# W: Whence -# d: File/dir descriptor -# p: File path -# P: File path 2 -# f: Flags -# m: Mode -# b: Bytes -# c: Count -# s: Return status -# t: Optional text -# F: FCNTL command -# G: FCNTL arg or user group UID -# T: Optional text (debugging purpose only) -# a: Address -# A: Address 2 -# - -# Return the full qualified version of path -function absolute_path (path) { - # Is it already a full qualified path? - if (substr(path,0,1) == "/") { - return path; - } - - # Look into the in Kernel task structure to look up the corresponding - # mount point and directory entry... - tc = task_current() - pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry - pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt - - # Construct a full qualified path from it! - return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; -} - -probe syscall.open.return, syscall.openat.return { - if (execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($flags), - @entry($mode)); - } -} - -probe syscall.lseek.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($whence), - $return); - } -} - -probe syscall.fcntl.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($cmd), - @entry($arg), - $return); - } -} - -probe syscall.creat.return { - if (execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($mode)); - } -} - -probe syscall.write.return, syscall.writev.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.unlink.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.unlinkat.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { - if(execname() == "java") { - oldname = user_string(@entry($oldname)) - newname = user_string(@entry($newname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(oldname), - absolute_path(newname), - $return); - } -} - -probe syscall.read.return, syscall.readv.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readahead.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return, - @entry($offset), - @entry($count)); - } -} - -probe syscall.readdir.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readlink.return { - if(execname() == "java") { - pathname = user_string(@entry($path)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.readlinkat.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fdatasync.return, syscall.fsync.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.sync_file_range.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($nbytes), - $return); - } -} - -probe syscall.sync.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return); - } -} - -probe syscall.syncfs.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.close.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.getdents.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($count), - $return); - } -} - -probe syscall.mkdir.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.rmdir.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.mkdirat.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.stat.return { - if(execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.statfs.return, syscall.statfs64.return { - if(execname() == "java") { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstatfs.return, syscall.fstatfs64.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.lstat.return { - if(execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstat.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.fstatat.return { - if(execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.chmod.return, syscall.fchmodat.return { - if(execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.fchmod.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($mode), - $return); - } -} - -probe syscall.chown.return, syscall.chown16.return, - syscall.lchown.return, syscall.lchown16.return { - if(execname() == "java") { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchown.return, syscall.fchown16.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchownat.return { - pathname = user_string(@entry($filename)) - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - @entry($flag), - $return); - } -} - -probe syscall.mmap2.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - @entry($prot), - @entry($flags), - @entry($fd), - @entry($pgoff), - $return); - } -} - -probe syscall.mremap.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($new_addr), - @entry($addr), - @entry($new_len), - @entry($flags), - $return); - } -} - -probe syscall.munmap.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - $return); - } -} - -probe syscall.msync.return { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($start), - @entry($len), - @entry($flags), - $return); - } -} - -probe syscall.exit_group { - if(execname() == "java") { - printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name); - } -} - -# Stop probing after 1h (for safety) -probe timer.s(3600) { - exit(); -} - -# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/systemtap/src/javaioriot.stp b/systemtap/src/javaioriot.stp new file mode 100644 index 0000000..3943971 --- /dev/null +++ b/systemtap/src/javaioriot.stp @@ -0,0 +1,591 @@ +#!/usr/bin/env stap + +# Copyright 2018 Mimecast Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is used to capture I/O on a Linux based system in order to replay +# the same I/O via the ioriot command line utility. +# +# The tool will generate one line per captured I/O syscall to a .capture log +# file. +# +# The key/value separator is ';:,', example line: +# +# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, +# +# It may be that SystemTap will skip probes or interrupts probes in case of +# system overload. As a result we can have corrupt lines in the log. That's why +# we use a special field separator ';:,' to detect corrupt lines more robustly. +# +# The line uses the following format keys (we use many different of these, the +# only benefit over a more generic approach is to detect corrupt lines more +# easily): +# +# Format keys: +# t: Time +# i: PID:TID (process and thread ID) +# o: Operation name +# O: Offset or owner/user UID +# W: Whence +# d: File/dir descriptor +# p: File path +# P: File path 2 +# f: Flags +# m: Mode +# b: Bytes +# c: Count +# s: Return status +# t: Optional text +# F: FCNTL command +# G: FCNTL arg or user group UID +# T: Optional text (debugging purpose only) +# a: Address +# A: Address 2 +# + +# Return the full qualified version of path +function absolute_path (path) { + # Is it already a full qualified path? + if (substr(path,0,1) == "/") { + return path; + } + + # Look into the in Kernel task structure to look up the corresponding + # mount point and directory entry... + tc = task_current() + pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry + pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt + + # Construct a full qualified path from it! + return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; +} + +probe syscall.open.return, syscall.openat.return { + if (execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($flags), + @entry($mode)); + } +} + +probe syscall.lseek.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($whence), + $return); + } +} + +probe syscall.fcntl.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($cmd), + @entry($arg), + $return); + } +} + +probe syscall.creat.return { + if (execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($mode)); + } +} + +probe syscall.write.return, syscall.writev.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.unlink.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.unlinkat.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { + if(execname() == "java") { + oldname = user_string(@entry($oldname)) + newname = user_string(@entry($newname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(oldname), + absolute_path(newname), + $return); + } +} + +probe syscall.read.return, syscall.readv.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readahead.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return, + @entry($offset), + @entry($count)); + } +} + +probe syscall.readdir.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readlink.return { + if(execname() == "java") { + pathname = user_string(@entry($path)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.readlinkat.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fdatasync.return, syscall.fsync.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.sync_file_range.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($nbytes), + $return); + } +} + +probe syscall.sync.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return); + } +} + +probe syscall.syncfs.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.close.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.getdents.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($count), + $return); + } +} + +probe syscall.mkdir.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.rmdir.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.mkdirat.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.stat.return { + if(execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.statfs.return, syscall.statfs64.return { + if(execname() == "java") { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstatfs.return, syscall.fstatfs64.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.lstat.return { + if(execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstat.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.fstatat.return { + if(execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.chmod.return, syscall.fchmodat.return { + if(execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.fchmod.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($mode), + $return); + } +} + +probe syscall.chown.return, syscall.chown16.return, + syscall.lchown.return, syscall.lchown16.return { + if(execname() == "java") { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchown.return, syscall.fchown16.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchownat.return { + pathname = user_string(@entry($filename)) + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + @entry($flag), + $return); + } +} + +probe syscall.mmap2.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + @entry($prot), + @entry($flags), + @entry($fd), + @entry($pgoff), + $return); + } +} + +probe syscall.mremap.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($new_addr), + @entry($addr), + @entry($new_len), + @entry($flags), + $return); + } +} + +probe syscall.munmap.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + $return); + } +} + +probe syscall.msync.return { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($start), + @entry($len), + @entry($flags), + $return); + } +} + +probe syscall.exit_group { + if(execname() == "java") { + printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name); + } +} + +# Stop probing after 1h (for safety) +probe timer.s(3600) { + exit(); +} + +# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/systemtap/src/targetedioreplay.stp b/systemtap/src/targetedioreplay.stp deleted file mode 100644 index 139a89b..0000000 --- a/systemtap/src/targetedioreplay.stp +++ /dev/null @@ -1,591 +0,0 @@ -#!/usr/bin/env stap - -# Copyright 2018 Mimecast Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script is used to capture I/O on a Linux based system in order to replay -# the same I/O via the ioreplay command line utility. -# -# The tool will generate one line per captured I/O syscall to a .capture log -# file. -# -# The key/value separator is ';:,', example line: -# -# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, -# -# It may be that SystemTap will skip probes or interrupts probes in case of -# system overload. As a result we can have corrupt lines in the log. That's why -# we use a special field separator ';:,' to detect corrupt lines more robustly. -# -# The line uses the following format keys (we use many different of these, the -# only benefit over a more generic approach is to detect corrupt lines more -# easily): -# -# Format keys: -# t: Time -# i: PID:TID (process and thread ID) -# o: Operation name -# O: Offset or owner/user UID -# W: Whence -# d: File/dir descriptor -# p: File path -# P: File path 2 -# f: Flags -# m: Mode -# b: Bytes -# c: Count -# s: Return status -# t: Optional text -# F: FCNTL command -# G: FCNTL arg or user group UID -# T: Optional text (debugging purpose only) -# a: Address -# A: Address 2 -# - -# Return the full qualified version of path -function absolute_path (path) { - # Is it already a full qualified path? - if (substr(path,0,1) == "/") { - return path; - } - - # Look into the in Kernel task structure to look up the corresponding - # mount point and directory entry... - tc = task_current() - pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry - pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt - - # Construct a full qualified path from it! - return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; -} - -probe syscall.open.return, syscall.openat.return { - if (pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($flags), - @entry($mode)); - } -} - -probe syscall.lseek.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($whence), - $return); - } -} - -probe syscall.fcntl.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($cmd), - @entry($arg), - $return); - } -} - -probe syscall.creat.return { - if (pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return, - absolute_path(pathname), - @entry($mode)); - } -} - -probe syscall.write.return, syscall.writev.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.unlink.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.unlinkat.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { - if(pid() == target()) { - oldname = user_string(@entry($oldname)) - newname = user_string(@entry($newname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(oldname), - absolute_path(newname), - $return); - } -} - -probe syscall.read.return, syscall.readv.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readahead.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return, - @entry($offset), - @entry($count)); - } -} - -probe syscall.readdir.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.readlink.return { - if(pid() == target()) { - pathname = user_string(@entry($path)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.readlinkat.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fdatasync.return, syscall.fsync.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.sync_file_range.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($offset), - @entry($nbytes), - $return); - } -} - -probe syscall.sync.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - $return); - } -} - -probe syscall.syncfs.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.close.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.getdents.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($count), - $return); - } -} - -probe syscall.mkdir.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.rmdir.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.mkdirat.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.stat.return { - if(pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.statfs.return, syscall.statfs64.return { - if(pid() == target()) { - pathname = user_string(@entry($pathname)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstatfs.return, syscall.fstatfs64.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.lstat.return { - if(pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - $return); - } -} - -probe syscall.fstat.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - $return); - } -} - -probe syscall.fstatat.return { - if(pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($dfd), - absolute_path(pathname), - @entry($flag), - $return); - } -} - -probe syscall.chmod.return, syscall.fchmodat.return { - if(pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($mode), - $return); - } -} - -probe syscall.fchmod.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($mode), - $return); - } -} - -probe syscall.chown.return, syscall.chown16.return, - syscall.lchown.return, syscall.lchown16.return { - if(pid() == target()) { - pathname = user_string(@entry($filename)) - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchown.return, syscall.fchown16.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($fd), - @entry($user), - @entry($group), - $return); - } -} - -probe syscall.fchownat.return { - pathname = user_string(@entry($filename)) - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - absolute_path(pathname), - @entry($user), - @entry($group), - @entry($flag), - $return); - } -} - -probe syscall.mmap2.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - @entry($prot), - @entry($flags), - @entry($fd), - @entry($pgoff), - $return); - } -} - -probe syscall.mremap.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($new_addr), - @entry($addr), - @entry($new_len), - @entry($flags), - $return); - } -} - -probe syscall.munmap.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($addr), - @entry($len), - $return); - } -} - -probe syscall.msync.return { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name, - @entry($start), - @entry($len), - @entry($flags), - $return); - } -} - -probe syscall.exit_group { - if(pid() == target()) { - printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", - gettimeofday_ms(), - pid(), - tid(), - name); - } -} - -# Stop probing after 1h (for safety) -probe timer.s(3600) { - exit(); -} - -# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 diff --git a/systemtap/src/targetedioriot.stp b/systemtap/src/targetedioriot.stp new file mode 100644 index 0000000..f72dc66 --- /dev/null +++ b/systemtap/src/targetedioriot.stp @@ -0,0 +1,591 @@ +#!/usr/bin/env stap + +# Copyright 2018 Mimecast Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script is used to capture I/O on a Linux based system in order to replay +# the same I/O via the ioriot command line utility. +# +# The tool will generate one line per captured I/O syscall to a .capture log +# file. +# +# The key/value separator is ';:,', example line: +# +# t=1509989598023;:,i=17159:17358;:,o=open;:,d=167;:,p=/tmp/test;:,f=0;:,m=438;:, +# +# It may be that SystemTap will skip probes or interrupts probes in case of +# system overload. As a result we can have corrupt lines in the log. That's why +# we use a special field separator ';:,' to detect corrupt lines more robustly. +# +# The line uses the following format keys (we use many different of these, the +# only benefit over a more generic approach is to detect corrupt lines more +# easily): +# +# Format keys: +# t: Time +# i: PID:TID (process and thread ID) +# o: Operation name +# O: Offset or owner/user UID +# W: Whence +# d: File/dir descriptor +# p: File path +# P: File path 2 +# f: Flags +# m: Mode +# b: Bytes +# c: Count +# s: Return status +# t: Optional text +# F: FCNTL command +# G: FCNTL arg or user group UID +# T: Optional text (debugging purpose only) +# a: Address +# A: Address 2 +# + +# Return the full qualified version of path +function absolute_path (path) { + # Is it already a full qualified path? + if (substr(path,0,1) == "/") { + return path; + } + + # Look into the in Kernel task structure to look up the corresponding + # mount point and directory entry... + tc = task_current() + pwd_dentry = @cast(tc, "task_struct")->fs->pwd->dentry + pwd_mnt = @cast(tc, "task_struct")->fs->pwd->mnt + + # Construct a full qualified path from it! + return task_dentry_path(tc, pwd_dentry, pwd_mnt) . "/" . path; +} + +probe syscall.open.return, syscall.openat.return { + if (pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($flags), + @entry($mode)); + } +} + +probe syscall.lseek.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%d;:,W=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($whence), + $return); + } +} + +probe syscall.fcntl.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,F=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($cmd), + @entry($arg), + $return); + } +} + +probe syscall.creat.return { + if (pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return, + absolute_path(pathname), + @entry($mode)); + } +} + +probe syscall.write.return, syscall.writev.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.unlink.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.unlinkat.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.rename.return, syscall.renameat.return, syscall.renameat2.return { + if(pid() == target()) { + oldname = user_string(@entry($oldname)) + newname = user_string(@entry($newname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,P=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(oldname), + absolute_path(newname), + $return); + } +} + +probe syscall.read.return, syscall.readv.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readahead.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,b=%ld;:,O=%ld;:,c=%ld\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return, + @entry($offset), + @entry($count)); + } +} + +probe syscall.readdir.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.readlink.return { + if(pid() == target()) { + pathname = user_string(@entry($path)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.readlinkat.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fdatasync.return, syscall.fsync.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.sync_file_range.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,O=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($offset), + @entry($nbytes), + $return); + } +} + +probe syscall.sync.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + $return); + } +} + +probe syscall.syncfs.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.close.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.getdents.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,c=%d;:,b=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($count), + $return); + } +} + +probe syscall.mkdir.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.rmdir.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.mkdirat.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.stat.return { + if(pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.statfs.return, syscall.statfs64.return { + if(pid() == target()) { + pathname = user_string(@entry($pathname)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstatfs.return, syscall.fstatfs64.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.lstat.return { + if(pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + $return); + } +} + +probe syscall.fstat.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + $return); + } +} + +probe syscall.fstatat.return { + if(pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,p=%s;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($dfd), + absolute_path(pathname), + @entry($flag), + $return); + } +} + +probe syscall.chmod.return, syscall.fchmodat.return { + if(pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($mode), + $return); + } +} + +probe syscall.fchmod.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%d;:,m=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($mode), + $return); + } +} + +probe syscall.chown.return, syscall.chown16.return, + syscall.lchown.return, syscall.lchown16.return { + if(pid() == target()) { + pathname = user_string(@entry($filename)) + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchown.return, syscall.fchown16.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,d=%ld;:,O=%d;:,G=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($fd), + @entry($user), + @entry($group), + $return); + } +} + +probe syscall.fchownat.return { + pathname = user_string(@entry($filename)) + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,p=%s;:,O=%d;:,G=%d;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + absolute_path(pathname), + @entry($user), + @entry($group), + @entry($flag), + $return); + } +} + +probe syscall.mmap2.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,m=%d;:,f=%d;:,d=%d;:,O=%ld;:,A=%ld;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + @entry($prot), + @entry($flags), + @entry($fd), + @entry($pgoff), + $return); + } +} + +probe syscall.mremap.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,A=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($new_addr), + @entry($addr), + @entry($new_len), + @entry($flags), + $return); + } +} + +probe syscall.munmap.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($addr), + @entry($len), + $return); + } +} + +probe syscall.msync.return { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,a=%ld;:,b=%ld;:,f=%d;:,s=%d;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name, + @entry($start), + @entry($len), + @entry($flags), + $return); + } +} + +probe syscall.exit_group { + if(pid() == target()) { + printf("t=%d;:,i=%d:%d;:,o=%s;:,\n", + gettimeofday_ms(), + pid(), + tid(), + name); + } +} + +# Stop probing after 1h (for safety) +probe timer.s(3600) { + exit(); +} + +# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 -- cgit v1.2.3