aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/trace/kprobetrace.txt46
1 files changed, 20 insertions, 26 deletions
diff --git a/Documentation/trace/kprobetrace.txt b/Documentation/trace/kprobetrace.txt
index 8f882ebd136..aaa6c1067c7 100644
--- a/Documentation/trace/kprobetrace.txt
+++ b/Documentation/trace/kprobetrace.txt
@@ -42,7 +42,8 @@ Synopsis of kprobe_events
42 aN : Fetch function argument. (N >= 0)(*) 42 aN : Fetch function argument. (N >= 0)(*)
43 rv : Fetch return value.(**) 43 rv : Fetch return value.(**)
44 ra : Fetch return address.(**) 44 ra : Fetch return address.(**)
45 +|-offs(FETCHARG) : fetch memory at FETCHARG +|- offs address.(***) 45 +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(***)
46 NAME=FETCHARG: Set NAME as the argument name of FETCHARG.
46 47
47 (*) aN may not correct on asmlinkaged functions and at the middle of 48 (*) aN may not correct on asmlinkaged functions and at the middle of
48 function body. 49 function body.
@@ -62,12 +63,10 @@ enabled:
62 You can enable/disable the probe by writing 1 or 0 on it. 63 You can enable/disable the probe by writing 1 or 0 on it.
63 64
64format: 65format:
65 This shows the format of this probe event. It also shows aliases of arguments 66 This shows the format of this probe event.
66 which you specified to kprobe_events.
67 67
68filter: 68filter:
69 You can write filtering rules of this event. And you can use both of aliase 69 You can write filtering rules of this event.
70 names and field names for describing filters.
71 70
72id: 71id:
73 This shows the id of this probe event. 72 This shows the id of this probe event.
@@ -85,10 +84,11 @@ Usage examples
85To add a probe as a new event, write a new definition to kprobe_events 84To add a probe as a new event, write a new definition to kprobe_events
86as below. 85as below.
87 86
88 echo p:myprobe do_sys_open a0 a1 a2 a3 > /sys/kernel/debug/tracing/kprobe_events 87 echo p:myprobe do_sys_open dfd=a0 filename=a1 flags=a2 mode=a3 > /sys/kernel/debug/tracing/kprobe_events
89 88
90 This sets a kprobe on the top of do_sys_open() function with recording 89 This sets a kprobe on the top of do_sys_open() function with recording
911st to 4th arguments as "myprobe" event. 901st to 4th arguments as "myprobe" event. As this example shows, users can
91choose more familiar names for each arguments.
92 92
93 echo r:myretprobe do_sys_open rv ra >> /sys/kernel/debug/tracing/kprobe_events 93 echo r:myretprobe do_sys_open rv ra >> /sys/kernel/debug/tracing/kprobe_events
94 94
@@ -99,7 +99,7 @@ recording return value and return address as "myretprobe" event.
99 99
100 cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format 100 cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format
101name: myprobe 101name: myprobe
102ID: 23 102ID: 75
103format: 103format:
104 field:unsigned short common_type; offset:0; size:2; 104 field:unsigned short common_type; offset:0; size:2;
105 field:unsigned char common_flags; offset:2; size:1; 105 field:unsigned char common_flags; offset:2; size:1;
@@ -109,21 +109,15 @@ format:
109 109
110 field: unsigned long ip; offset:16;tsize:8; 110 field: unsigned long ip; offset:16;tsize:8;
111 field: int nargs; offset:24;tsize:4; 111 field: int nargs; offset:24;tsize:4;
112 field: unsigned long arg0; offset:32;tsize:8; 112 field: unsigned long dfd; offset:32;tsize:8;
113 field: unsigned long arg1; offset:40;tsize:8; 113 field: unsigned long filename; offset:40;tsize:8;
114 field: unsigned long arg2; offset:48;tsize:8; 114 field: unsigned long flags; offset:48;tsize:8;
115 field: unsigned long arg3; offset:56;tsize:8; 115 field: unsigned long mode; offset:56;tsize:8;
116 116
117 alias: a0; original: arg0; 117print fmt: "%lx: dfd=%lx filename=%lx flags=%lx mode=%lx", ip, REC->dfd, REC->filename, REC->flags, REC->mode
118 alias: a1; original: arg1;
119 alias: a2; original: arg2;
120 alias: a3; original: arg3;
121 118
122print fmt: "%lx: 0x%lx 0x%lx 0x%lx 0x%lx", ip, arg0, arg1, arg2, arg3
123 119
124 120 You can see that the event has 4 arguments as in the expressions you specified.
125 You can see that the event has 4 arguments and alias expressions
126corresponding to it.
127 121
128 echo > /sys/kernel/debug/tracing/kprobe_events 122 echo > /sys/kernel/debug/tracing/kprobe_events
129 123
@@ -135,12 +129,12 @@ corresponding to it.
135# 129#
136# TASK-PID CPU# TIMESTAMP FUNCTION 130# TASK-PID CPU# TIMESTAMP FUNCTION
137# | | | | | 131# | | | | |
138 <...>-1447 [001] 1038282.286875: do_sys_open+0x0/0xd6: 0x3 0x7fffd1ec4440 0x8000 0x0 132 <...>-1447 [001] 1038282.286875: do_sys_open+0x0/0xd6: dfd=3 filename=7fffd1ec4440 flags=8000 mode=0
139 <...>-1447 [001] 1038282.286878: sys_openat+0xc/0xe <- do_sys_open: 0xfffffffffffffffe 0xffffffff81367a3a 133 <...>-1447 [001] 1038282.286878: sys_openat+0xc/0xe <- do_sys_open: rv=fffffffffffffffe ra=ffffffff81367a3a
140 <...>-1447 [001] 1038282.286885: do_sys_open+0x0/0xd6: 0xffffff9c 0x40413c 0x8000 0x1b6 134 <...>-1447 [001] 1038282.286885: do_sys_open+0x0/0xd6: dfd=ffffff9c filename=40413c flags=8000 mode=1b6
141 <...>-1447 [001] 1038282.286915: sys_open+0x1b/0x1d <- do_sys_open: 0x3 0xffffffff81367a3a 135 <...>-1447 [001] 1038282.286915: sys_open+0x1b/0x1d <- do_sys_open: rv=3 ra=ffffffff81367a3a
142 <...>-1447 [001] 1038282.286969: do_sys_open+0x0/0xd6: 0xffffff9c 0x4041c6 0x98800 0x10 136 <...>-1447 [001] 1038282.286969: do_sys_open+0x0/0xd6: dfd=ffffff9c filename=4041c6 flags=98800 mode=10
143 <...>-1447 [001] 1038282.286976: sys_open+0x1b/0x1d <- do_sys_open: 0x3 0xffffffff81367a3a 137 <...>-1447 [001] 1038282.286976: sys_open+0x1b/0x1d <- do_sys_open: rv=3 ra=ffffffff81367a3a
144 138
145 139
146 Each line shows when the kernel hits a probe, and <- SYMBOL means kernel 140 Each line shows when the kernel hits a probe, and <- SYMBOL means kernel