(Noob) What's the difference between task_pid(task) and new_pid?

(Noob) What's the difference between task_pid(task) and new_pid?

[Luis Fernando Muñoz Mejías]

Hello, world!

I'm doing some toy SystemTap probes and I found a weird thing. I want
to log every process that is created on my system, so I wrote this
tiny probe:

************************************************************
# Provides relevant information when a process is created
probe process.create {
        printf ("Process %d spawns child %d under uid (%d:%d)\n",
                pid(), new_pid, uid(), euid());
}
************************************************************

It does what I want it to do, but after ~3 hours it crashes. Some
annoying testing gives me a very small message like this:

"failed to access to address 0xYYYYYY on kread(&(t->tgid))"

The message I write by memory, the statement causing the crash is
exactly that one.

On the other hand, the following version:

************************************************************
# Provides relevant information when a process is created
probe process.create {
        printf ("Process %d spawns a new child %d under uid (%d:%d)\n",
                tid(), task_pid(task), uid(), euid());
}
************************************************************

has been running for three days with no problems. So, what's the
difference? Is it a bug?

I'm using systemtap-0.7.2-2.el5.el5, as shipped with RHEL 5.2.

Thanks.
-- 
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias@cern.ch

Re: (Noob) What's the difference between task_pid(task) and new_pid?

[Josh Stone]

Hi,

The tapset variable new_pid is defined as exactly task_pid(task), so at 
first glance, there's no difference.  However, process.create is defined 
this way:

probe process.create = kernel.function("copy_process").return {
     task = $return
     new_pid = task_pid(task)
     if (_IS_ERR(task)) next
}

The third line is an early return in case the task return value is 
indicating an error instead of being a valid task_struct, but the 
new_pid is set _before_ the pointer is checked.

I think your script is running into a failed create, so it's trying to 
read the PID from an error pointer.  Can you try swapping the second and 
third lines in the process.create tapset?  I'll make a commit to this 
effect anyway, since it can't hurt, but I think it will fix your issue.

Thanks,

Josh


Luis Fernando Muñoz Mejías wrote:
> Hello, world!
> 
> I'm doing some toy SystemTap probes and I found a weird thing. I want
> to log every process that is created on my system, so I wrote this
> tiny probe:
> 
> ************************************************************
> # Provides relevant information when a process is created
> probe process.create {
>         printf ("Process %d spawns child %d under uid (%d:%d)\n",
>                 pid(), new_pid, uid(), euid());
> }
> ************************************************************
> 
> It does what I want it to do, but after ~3 hours it crashes. Some
> annoying testing gives me a very small message like this:
> 
> "failed to access to address 0xYYYYYY on kread(&(t->tgid))"
> 
> The message I write by memory, the statement causing the crash is
> exactly that one.
> 
> On the other hand, the following version:
> 
> ************************************************************
> # Provides relevant information when a process is created
> probe process.create {
>         printf ("Process %d spawns a new child %d under uid (%d:%d)\n",
>                 tid(), task_pid(task), uid(), euid());
> }
> ************************************************************
> 
> has been running for three days with no problems. So, what's the
> difference? Is it a bug?
> 
> I'm using systemtap-0.7.2-2.el5.el5, as shipped with RHEL 5.2.
> 
> Thanks.

Re: (Noob) What's the difference between task_pid(task) and new_pid?

[Luis Fernando Muñoz Mejías]

Josh,

Thanks for your reply and your detailed explanation.

> I think your script is running into a failed create,

It seems so, the traces when the process dies are always the same (i.e:
the same parent spawning the exact same children),

> so it's trying to read the PID from an error pointer.  Can you try
> swapping the second and third lines in the process.create tapset?

I just did. I'll confirm if it doesn't fail, but the test takes a few
days...

Cheers.
-- 
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias@cern.ch

Re: (Noob) What's the difference between task_pid(task) and new_pid?

[Luis Fernando Muñoz Mejías]

Josh,

Just to confirm, the small change you suggested worked like a charm. My
probes have been up and running for 3 days now. :))

Thanks a lot.
-- 
Luis Fernando Muñoz Mejías
Luis.Fernando.Munoz.Mejias@cern.ch