svn commit: r266986 - vendor-sys/illumos/dist/uts/common/dtrace vendor-sys/illumos/dist/uts/common/sys vendor/illumos/dist/cmd/dtrace/test/tst/common/aggs vendor/illumos/dist/cmd/dtrace/test/tst/co...
Mark Johnston
markj at FreeBSD.org
Tue Jun 3 00:55:17 UTC 2014
Author: markj
Date: Tue Jun 3 00:55:15 2014
New Revision: 266986
URL: http://svnweb.freebsd.org/changeset/base/266986
Log:
2915 DTrace in a zone should see "cpu", "curpsinfo", et al
2916 DTrace in a zone should be able to access fds[]
2917 DTrace in a zone should have limited provider access
illumos/illumos-gate at b0f673c4626e4cb1db7785287eaeed2731dfefe8
Added:
vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.fds.ksh
vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.getf.ksh
vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.procpriv.ksh
vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.providers.ksh
Modified:
vendor/illumos/dist/cmd/dtrace/test/tst/common/aggs/tst.subr.d
vendor/illumos/dist/lib/libdtrace/common/dt_open.c
Changes in other areas also in this revision:
Modified:
vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c
vendor-sys/illumos/dist/uts/common/dtrace/sdt_subr.c
vendor-sys/illumos/dist/uts/common/sys/dtrace.h
vendor-sys/illumos/dist/uts/common/sys/dtrace_impl.h
Modified: vendor/illumos/dist/cmd/dtrace/test/tst/common/aggs/tst.subr.d
==============================================================================
--- vendor/illumos/dist/cmd/dtrace/test/tst/common/aggs/tst.subr.d Mon Jun 2 23:50:19 2014 (r266985)
+++ vendor/illumos/dist/cmd/dtrace/test/tst/common/aggs/tst.subr.d Tue Jun 3 00:55:15 2014 (r266986)
@@ -98,6 +98,7 @@ STRFUNC(inet_ntoa6((in6_addr_t *)alloca(
STRFUNC(inet_ntop(AF_INET, (void *)alloca(sizeof (ipaddr_t))))
STRFUNC(toupper("foo"))
STRFUNC(tolower("BAR"))
+INTFUNC(getf(0))
BEGIN
/subr == DIF_SUBR_MAX + 1/
Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.fds.ksh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.fds.ksh Tue Jun 3 00:55:15 2014 (r266986)
@@ -0,0 +1,91 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2012, Joyent, Inc. All rights reserved.
+#
+
+tmpin=/tmp/tst.fds.$$.d
+tmpout1=/tmp/tst.fds.$$.out1
+tmpout2=/tmp/tst.fds.$$.out2
+
+cat > $tmpin <<EOF
+#define DUMPFIELD(fd, fmt, field) \
+ errmsg = "could not dump field"; \
+ printf("%d: field =fmt\n", fd, fds[fd].field);
+
+/*
+ * Note that we are explicitly not looking at fi_mount -- it (by design) does
+ * not work if not running with kernel permissions.
+ */
+#define DUMP(fd) \
+ DUMPFIELD(fd, %s, fi_name); \
+ DUMPFIELD(fd, %s, fi_dirname); \
+ DUMPFIELD(fd, %s, fi_pathname); \
+ DUMPFIELD(fd, %d, fi_offset); \
+ DUMPFIELD(fd, %s, fi_fs); \
+ DUMPFIELD(fd, %o, fi_oflags);
+
+BEGIN
+{
+ DUMP(0);
+ DUMP(1);
+ DUMP(2);
+ DUMP(3);
+ DUMP(4);
+ exit(0);
+}
+
+ERROR
+{
+ printf("error: %s\n", errmsg);
+ exit(1);
+}
+EOF
+
+#
+# First, with all privs
+#
+/usr/sbin/dtrace -q -Cs /dev/stdin < $tmpin > $tmpout2
+mv $tmpout2 $tmpout1
+
+#
+# And now with only dtrace_proc and dtrace_user -- the output should be
+# identical.
+#
+ppriv -s A=basic,dtrace_proc,dtrace_user $$
+
+/usr/sbin/dtrace -q -Cs /dev/stdin < $tmpin > $tmpout2
+
+echo ">>> $tmpout1"
+cat $tmpout1
+
+echo ">>> $tmpout2"
+cat $tmpout2
+
+rval=0
+
+if ! cmp $tmpout1 $tmpout2 ; then
+ rval=1
+fi
+
+rm $tmpout1 $tmpout2 $tmpin
+exit $rval
Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.getf.ksh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.getf.ksh Tue Jun 3 00:55:15 2014 (r266986)
@@ -0,0 +1,98 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2012, Joyent, Inc. All rights reserved.
+#
+
+ppriv -s A=basic,dtrace_proc,dtrace_user $$
+
+/usr/sbin/dtrace -q -Cs /dev/stdin <<EOF
+
+#define CANREAD(field) \
+ BEGIN { this->fp = getf(0); errmsg = "can't read field"; \
+ printf("field: "); trace(this->fp->field); printf("\n"); }
+
+#define CANTREAD(field) \
+ BEGIN { errmsg = ""; this->fp = getf(0); trace(this->fp->field); \
+ printf("\nable to successfully read field!"); exit(1); }
+
+CANREAD(f_flag)
+CANREAD(f_flag2)
+CANREAD(f_vnode)
+CANREAD(f_offset)
+CANREAD(f_cred)
+CANREAD(f_audit_data)
+CANREAD(f_count)
+
+/*
+ * We can potentially read parts of our cred, but we can't dereference
+ * through cr_zone.
+ */
+CANTREAD(f_cred->cr_zone->zone_id)
+
+CANREAD(f_vnode->v_path)
+CANREAD(f_vnode->v_op)
+CANREAD(f_vnode->v_op->vnop_name)
+
+CANTREAD(f_vnode->v_flag)
+CANTREAD(f_vnode->v_count)
+CANTREAD(f_vnode->v_pages)
+CANTREAD(f_vnode->v_type)
+CANTREAD(f_vnode->v_vfsmountedhere)
+CANTREAD(f_vnode->v_op->vop_open)
+
+BEGIN
+{
+ errmsg = "";
+ this->fp = getf(0);
+ this->fp2 = getf(1);
+
+ trace(this->fp->f_vnode);
+ printf("\nable to successfully read this->fp!");
+ exit(1);
+}
+
+BEGIN
+{
+ errmsg = "";
+ this->fp = getf(0);
+}
+
+BEGIN
+{
+ trace(this->fp->f_vnode);
+ printf("\nable to successfully read this->fp from prior clause!");
+}
+
+BEGIN
+{
+ exit(0);
+}
+
+ERROR
+/errmsg != ""/
+{
+ printf("fatal error: %s", errmsg);
+ exit(1);
+}
+
+EOF
Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.procpriv.ksh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.procpriv.ksh Tue Jun 3 00:55:15 2014 (r266986)
@@ -0,0 +1,138 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2012, Joyent, Inc. All rights reserved.
+#
+
+ppriv -s A=basic,dtrace_proc,dtrace_user $$
+
+#
+# When we have dtrace_proc (but lack dtrace_kernel), we expect to be able to
+# read certain curpsinfo/curlwpsinfo/curcpu fields even though they require
+# reading in-kernel state. However, there are other fields in these translated
+# structures that we know we shouldn't be able to read, as they require reading
+# in-kernel state that we cannot read with only dtrace_proc. Finally, there
+# are a few fields that we may or may not be able to read depending on the
+# specifics of context. This test therefore asserts that we can read what we
+# think we should be able to, that we can't read what we think we shouldn't be
+# able to, and (for purposes of completeness) that we are indifferent about
+# what we cannot assert one way or the other.
+#
+/usr/sbin/dtrace -q -Cs /dev/stdin <<EOF
+
+#define CANREAD(what, field) \
+ BEGIN { errmsg = "can't read field from what"; printf("field: "); \
+ trace(what->field); printf("\n"); }
+
+#define CANTREAD(what, field) \
+ BEGIN { errmsg = ""; trace(what->field); \
+ printf("\nable to successfully read field from what!"); exit(1); }
+
+#define MIGHTREAD(what, field) \
+ BEGIN { errmsg = ""; printf("field: "); trace(what->field); printf("\n"); }
+
+#define CANREADVAR(vname) \
+ BEGIN { errmsg = "can't read vname"; printf("vname: "); \
+ trace(vname); printf("\n"); }
+
+#define CANTREADVAR(vname) \
+ BEGIN { errmsg = ""; trace(vname); \
+ printf("\nable to successfully read vname!"); exit(1); }
+
+#define MIGHTREADVAR(vname) \
+ BEGIN { errmsg = ""; printf("vname: "); trace(vname); printf("\n"); }
+
+CANREAD(curpsinfo, pr_pid)
+CANREAD(curpsinfo, pr_nlwp)
+CANREAD(curpsinfo, pr_ppid)
+CANREAD(curpsinfo, pr_uid)
+CANREAD(curpsinfo, pr_euid)
+CANREAD(curpsinfo, pr_gid)
+CANREAD(curpsinfo, pr_egid)
+CANREAD(curpsinfo, pr_addr)
+CANREAD(curpsinfo, pr_start)
+CANREAD(curpsinfo, pr_fname)
+CANREAD(curpsinfo, pr_psargs)
+CANREAD(curpsinfo, pr_argc)
+CANREAD(curpsinfo, pr_argv)
+CANREAD(curpsinfo, pr_envp)
+CANREAD(curpsinfo, pr_dmodel)
+
+/*
+ * If our p_pgidp points to the same pid structure as our p_pidp, we will
+ * be able to read pr_pgid -- but we won't if not.
+ */
+MIGHTREAD(curpsinfo, pr_pgid)
+
+CANTREAD(curpsinfo, pr_sid)
+CANTREAD(curpsinfo, pr_ttydev)
+CANTREAD(curpsinfo, pr_projid)
+CANTREAD(curpsinfo, pr_zoneid)
+CANTREAD(curpsinfo, pr_contract)
+
+CANREAD(curlwpsinfo, pr_flag)
+CANREAD(curlwpsinfo, pr_lwpid)
+CANREAD(curlwpsinfo, pr_addr)
+CANREAD(curlwpsinfo, pr_wchan)
+CANREAD(curlwpsinfo, pr_stype)
+CANREAD(curlwpsinfo, pr_state)
+CANREAD(curlwpsinfo, pr_sname)
+CANREAD(curlwpsinfo, pr_syscall)
+CANREAD(curlwpsinfo, pr_pri)
+CANREAD(curlwpsinfo, pr_onpro)
+CANREAD(curlwpsinfo, pr_bindpro)
+CANREAD(curlwpsinfo, pr_bindpset)
+
+CANTREAD(curlwpsinfo, pr_clname)
+CANTREAD(curlwpsinfo, pr_lgrp)
+
+CANREAD(curcpu, cpu_id)
+
+CANTREAD(curcpu, cpu_pset)
+CANTREAD(curcpu, cpu_chip)
+CANTREAD(curcpu, cpu_lgrp)
+CANTREAD(curcpu, cpu_info)
+
+/*
+ * We cannot assert one thing or another about the variable "root": for those
+ * with only dtrace_proc, it will be readable in the global but not readable in
+ * the non-global.
+ */
+MIGHTREADVAR(root)
+
+CANREADVAR(cpu)
+CANTREADVAR(pset)
+CANTREADVAR(cwd)
+CANTREADVAR(chip)
+CANTREADVAR(lgrp)
+
+BEGIN
+{
+ exit(0);
+}
+
+ERROR
+/errmsg != ""/
+{
+ printf("fatal error: %s", errmsg);
+ exit(1);
+}
Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.providers.ksh
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ vendor/illumos/dist/cmd/dtrace/test/tst/common/privs/tst.providers.ksh Tue Jun 3 00:55:15 2014 (r266986)
@@ -0,0 +1,126 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2012, Joyent, Inc. All rights reserved.
+#
+
+#
+# First, make sure that we can successfully enable the io provider
+#
+if ! dtrace -P io -n BEGIN'{exit(0)}' > /dev/null 2>&1 ; then
+ echo failed to enable io provider with full privs
+ exit 1
+fi
+
+ppriv -s A=basic,dtrace_proc,dtrace_user $$
+
+#
+# Now make sure that we cannot enable the io provider with reduced privs
+#
+if ! dtrace -x errtags -P io -n BEGIN'{exit(1)}' 2>&1 | \
+ grep D_PDESC_ZERO > /dev/null 2>&1 ; then
+ echo successfully enabled the io provider with reduced privs
+ exit 1
+fi
+
+#
+# Keeping our reduced privs, we want to assure that we can see every provider
+# that we think we should be able to see -- and that we can see curpsinfo
+# state but can't otherwise see arguments.
+#
+/usr/sbin/dtrace -wq -Cs /dev/stdin <<EOF
+
+int seen[string];
+int err;
+
+#define CANENABLE(provider) \
+provider::: \
+/err == 0 && progenyof(\$pid) && !seen["provider"]/ \
+{ \
+ trace(arg0); \
+ printf("\nsuccessful trace of arg0 in %s:%s:%s:%s\n", \
+ probeprov, probemod, probefunc, probename); \
+ exit(++err); \
+} \
+ \
+provider::: \
+/progenyof(\$pid)/ \
+{ \
+ seen["provider"]++; \
+} \
+ \
+provider::: \
+/progenyof(\$pid)/ \
+{ \
+ errstr = "provider"; \
+ this->ignore = stringof(curpsinfo->pr_psargs); \
+ errstr = ""; \
+} \
+ \
+END \
+/err == 0 && !seen["provider"]/ \
+{ \
+ printf("no probes from provider\n"); \
+ exit(++err); \
+} \
+ \
+END \
+/err == 0/ \
+{ \
+ printf("saw %d probes from provider\n", seen["provider"]); \
+}
+
+CANENABLE(proc)
+CANENABLE(sched)
+CANENABLE(vminfo)
+CANENABLE(sysinfo)
+
+BEGIN
+{
+ /*
+ * We'll kick off a system of a do-nothing command -- which should be
+ * enough to kick proc, sched, vminfo and sysinfo probes.
+ */
+ system("echo > /dev/null");
+}
+
+ERROR
+/err == 0 && errstr != ""/
+{
+ printf("fatal error: couldn't read curpsinfo->pr_psargs in ");
+ printf("%s-provided probe\n", errstr);
+ exit(++err);
+}
+
+proc:::exit
+/progenyof(\$pid)/
+{
+ exit(0);
+}
+
+tick-10ms
+/i++ > 500/
+{
+ printf("exit probe did not seem to fire\n");
+ exit(++err);
+}
+EOF
Modified: vendor/illumos/dist/lib/libdtrace/common/dt_open.c
==============================================================================
--- vendor/illumos/dist/lib/libdtrace/common/dt_open.c Mon Jun 2 23:50:19 2014 (r266985)
+++ vendor/illumos/dist/lib/libdtrace/common/dt_open.c Tue Jun 3 00:55:15 2014 (r266986)
@@ -21,7 +21,7 @@
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
* Copyright (c) 2012 by Delphix. All rights reserved.
*/
@@ -111,8 +111,9 @@
#define DT_VERS_1_8_1 DT_VERSION_NUMBER(1, 8, 1)
#define DT_VERS_1_9 DT_VERSION_NUMBER(1, 9, 0)
#define DT_VERS_1_9_1 DT_VERSION_NUMBER(1, 9, 1)
-#define DT_VERS_LATEST DT_VERS_1_9_1
-#define DT_VERS_STRING "Sun D 1.9.1"
+#define DT_VERS_1_10 DT_VERSION_NUMBER(1, 10, 0)
+#define DT_VERS_LATEST DT_VERS_1_10
+#define DT_VERS_STRING "Sun D 1.10"
const dt_version_t _dtrace_versions[] = {
DT_VERS_1_0, /* D API 1.0.0 (PSARC 2001/466) Solaris 10 FCS */
@@ -134,6 +135,7 @@ const dt_version_t _dtrace_versions[] =
DT_VERS_1_8_1, /* D API 1.8.1 */
DT_VERS_1_9, /* D API 1.9 */
DT_VERS_1_9_1, /* D API 1.9.1 */
+ DT_VERS_1_10, /* D API 1.10 */
0
};
@@ -247,6 +249,8 @@ static const dt_ident_t _dtrace_globals[
&dt_idops_func, "uint64_t(uint64_t)" },
{ "htons", DT_IDENT_FUNC, 0, DIF_SUBR_HTONS, DT_ATTR_EVOLCMN, DT_VERS_1_3,
&dt_idops_func, "uint16_t(uint16_t)" },
+{ "getf", DT_IDENT_FUNC, 0, DIF_SUBR_GETF, DT_ATTR_STABCMN, DT_VERS_1_10,
+ &dt_idops_func, "file_t *(int)" },
{ "gid", DT_IDENT_SCALAR, 0, DIF_VAR_GID, DT_ATTR_STABCMN, DT_VERS_1_0,
&dt_idops_type, "gid_t" },
{ "id", DT_IDENT_SCALAR, 0, DIF_VAR_ID, DT_ATTR_STABCMN, DT_VERS_1_0,
More information about the svn-src-all
mailing list