Skip to content

Commit e87bac3

Browse files
brendangreggbrendangregg
authored
Merge pull request brendangregg#87 from bastianbeischer/openat
opensnoop: Monitor both sys_exit_open and sys_exit_openat.
2 parents 98d42a2 + e54f006 commit e87bac3

File tree

1 file changed

+11
-4
lines changed

1 file changed

+11
-4
lines changed

opensnoop

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -88,9 +88,11 @@ function end {
8888
cd $tracing
8989
warn "echo 0 > events/kprobes/getnameprobe/enable"
9090
warn "echo 0 > events/syscalls/sys_exit_open/enable"
91+
warn "echo 0 > events/syscalls/sys_exit_openat/enable"
9192
if (( opt_pid || opt_tid )); then
9293
warn "echo 0 > events/kprobes/getnameprobe/filter"
9394
warn "echo 0 > events/syscalls/sys_exit_open/filter"
95+
warn "echo 0 > events/syscalls/sys_exit_openat/filter"
9496
fi
9597
warn "echo -:getnameprobe >> kprobe_events"
9698
warn "echo > trace"
@@ -177,14 +179,16 @@ if (( opt_pid )); then
177179
done
178180
filter=${filter:3} # trim leading ' || ' (four characters)
179181
if ! echo $filter > events/kprobes/getnameprobe/filter || \
180-
! echo $filter > events/syscalls/sys_exit_open/filter
182+
! echo $filter > events/syscalls/sys_exit_open/filter || \
183+
! echo $filter > events/syscalls/sys_exit_openat/filter
181184
then
182185
edie "ERROR: setting -p $pid. Exiting."
183186
fi
184187
fi
185188
if (( opt_tid )); then
186189
if ! echo "common_pid == $tid" > events/kprobes/getnameprobe/filter || \
187-
! echo "common_pid == $tid" > events/syscalls/sys_exit_open/filter
190+
! echo "common_pid == $tid" > events/syscalls/sys_exit_open/filter || \
191+
! echo "common_pid == $tid" > events/syscalls/sys_exit_openat/filter
188192
then
189193
edie "ERROR: setting -L $tid. Exiting."
190194
fi
@@ -195,6 +199,9 @@ fi
195199
if ! echo 1 > events/syscalls/sys_exit_open/enable; then
196200
edie "ERROR: enabling open() exit tracepoint. Exiting."
197201
fi
202+
if ! echo 1 > events/syscalls/sys_exit_openat/enable; then
203+
edie "ERROR: enabling openat() exit tracepoint. Exiting."
204+
fi
198205
(( opt_time )) && printf "%-16s " "TIMEs"
199206
printf "%-16.16s %-6s %4s %s\n" "COMM" "PID" "FD" "FILE"
200207

@@ -242,8 +249,8 @@ fi ) | $awk -v o=$offset -v opt_name=$opt_name -v name=$name \
242249
lastfile[pid] = m[1]
243250
}
244251
245-
# sys_open()
246-
$1 != "#" && $(4+o) == "sys_open" {
252+
# sys_open() / sys_openat()
253+
$1 != "#" && ($(4+o) == "sys_open" || $(4+o) == "sys_openat") {
247254
filename = lastfile[pid]
248255
delete lastfile[pid]
249256
if (opt_file && filename !~ file)

0 commit comments

Comments
 (0)