Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tools/opensnoop: Display mode for -e, --extended_fields #5196

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

tools/opensnoop: Display mode for -e, --extended_fields #5196

wants to merge 1 commit into from

Conversation

Rtoax
Copy link
Contributor

@Rtoax Rtoax commented Jan 19, 2025
edited
Loading

When a program creates a file with mode=0000, it cannot even access the file
itself. It would be helpful if we could track the mode value. so we can know
who did it.

Example:

    open("a.txt", O_WRONLY | O_EXCL | O_CREAT, 0000);

Then:

    $ ls -l a.txt
    ----------. 1 rongtao rongtao 0 Jan 24 09:07 a.txt
    $ cat a.txt
    cat: a.txt: Permission denied

    $ sudo ./opensnoop.py -e
    PID    COMM               FD ERR FLAGS    MODE PATH
    673067 open                3   0 00000301 0000 a.txt
                                              ^^^^

@ekyooo
Copy link
Contributor

ekyooo commented Jan 23, 2025

Could you include in the commit message when it is useful to output MODE information, which can be verified outside of the tool, within the tool itself?

@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from 906a2a1 to 761d813 Compare January 24, 2025 01:13
@Rtoax
Copy link
Contributor Author

Rtoax commented Jan 24, 2025

Could you include in the commit message when it is useful to output MODE information, which can be verified outside of the tool, within the tool itself?

Thanks, I just add the extra information.

@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from 761d813 to 8ed67b4 Compare January 24, 2025 01:16
@Rtoax
Copy link
Contributor Author

Rtoax commented Jan 24, 2025

Rebase to master

@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from 8ed67b4 to c188aaa Compare January 24, 2025 04:59
yonghong-song
yonghong-song reviewed Jan 24, 2025
View reviewed changes
Copy link
Collaborator

@yonghong-song yonghong-song left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although for struct open_how, it uses __u64 for flags and mode, but
in reality, mode value should be still within 32bit range.

So I suggest to change 'mode' type to __u32 (unsigned int) instead of 'unsigned short'.

tools/opensnoop.py Outdated Show resolved Hide resolved
tools/opensnoop.py Outdated Show resolved Hide resolved
@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from c188aaa to bbaa9ed Compare January 25, 2025 06:50
@Rtoax Rtoax requested a review from yonghong-song January 25, 2025 06:52
ekyooo
ekyooo reviewed Jan 27, 2025
View reviewed changes
tools/opensnoop_example.txt Outdated Show resolved Hide resolved
@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from bbaa9ed to 12cd1a7 Compare January 27, 2025 07:35
@Rtoax Rtoax requested a review from ekyooo January 27, 2025 07:36
ekyooo
ekyooo reviewed Jan 27, 2025
View reviewed changes
tools/opensnoop_example.txt Show resolved Hide resolved
tools/opensnoop.py Outdated Show resolved Hide resolved
@Rtoax
tools/opensnoop: Display mode for -e, --extended_fields
39d6351 
When a program creates a file with mode=0000, it cannot even access the file
itself. It would be helpful if we could track the mode value. so we can know
who did it.

Example:

    open("a.txt", O_WRONLY | O_EXCL | O_CREAT, 0000);

Then:

    $ ls -l a.txt
    ----------. 1 rongtao rongtao 0 Jan 24 09:07 a.txt
    $ cat a.txt
    cat: a.txt: Permission denied

    $ sudo ./opensnoop.py -e
    PID    COMM               FD ERR FLAGS    MODE PATH
    673067 open                3   0 00000301 n/a  a.txt
                                              ^^^^

If flags is an illegal value, displaying the mode value can better handle the
relationship between flags and mode. After all, mode is only effective when
flags only contains O_TMPFILE or O_CREAT.

Signed-off-by: Rong Tao <[email protected]>
@Rtoax Rtoax force-pushed the patch-39-tools-opensnoop-mode branch from 12cd1a7 to 39d6351 Compare January 28, 2025 07:31
@Rtoax Rtoax requested a review from ekyooo January 28, 2025 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendangregg brendangregg Awaiting requested review from brendangregg brendangregg is a code owner

@goldshtn goldshtn Awaiting requested review from goldshtn goldshtn is a code owner

@davemarchevsky davemarchevsky Awaiting requested review from davemarchevsky davemarchevsky is a code owner

@yonghong-song yonghong-song Awaiting requested review from yonghong-song

@ekyooo ekyooo Awaiting requested review from ekyooo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Rtoax @ekyooo @yonghong-song