From nick.alcock at oracle.com Tue Dec 2 23:04:53 2025 From: nick.alcock at oracle.com (Nick Alcock) Date: Tue, 2 Dec 2025 23:04:53 +0000 Subject: [DTrace-devel] [PATCH] dtprobed: use /proc/$pid/map_files, not the filename of the mapping Message-ID: <20251202230453.124306-1-nick.alcock@oracle.com> When hunting down a text mapping, prf->prf_mapname is equivalent to looking at the symlink target of the /proc/$pid/map_files/* file, so opening that opens (say) /usr/bin/blah. If we use Pmap_mapfile_name() instead, we get the name of the actual /proc/$pid/map_files file itself. This looks like a symlink, but it's actually magic: it points to the target of the mapping even if that target is in a different filesystem namespace, and you can dereference and open it to get the contents of the mapping even if the symlink is apparently "broken". DTrace already uses this elsewhere in USDT probe lookup, so we can surely use it here as well. Fixes e.g. running programs with probes out of /home (which is jailed away from dtprobed by dtprobed's systemd service file). Signed-off-by: Nick Alcock --- dtprobed/dtprobed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dtprobed/dtprobed.c b/dtprobed/dtprobed.c index a808586559d96..9a6928055cd13 100644 --- a/dtprobed/dtprobed.c +++ b/dtprobed/dtprobed.c @@ -487,7 +487,7 @@ handle_usdt_notes(pid_t pid, uintptr_t addr) fuse_log(FUSE_LOG_ERR, "%i: dtprobed: cannot look up mapping (process dead?)\n", pid); goto out; - } else if ((fn = prf->prf_mapname) == NULL) { + } else if ((fn = Pmap_mapfile_name(P, mapp)) == NULL) { fuse_log(FUSE_LOG_ERR, "%i: dtprobed: cannot look up mapname (process dead?)\n", pid); goto out; base-commit: 6e94c7d0a253806f85c39ff5f4e32a800d4cb6b6 -- 2.51.0.284.g117bcb8de7