aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/trace/kprobetrace.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/trace/kprobetrace.txt')
-rw-r--r--Documentation/trace/kprobetrace.txt57
1 files changed, 32 insertions, 25 deletions
diff --git a/Documentation/trace/kprobetrace.txt b/Documentation/trace/kprobetrace.txt
index 47aabeebbdf6..a9100b28eb84 100644
--- a/Documentation/trace/kprobetrace.txt
+++ b/Documentation/trace/kprobetrace.txt
@@ -24,6 +24,7 @@ Synopsis of kprobe_events
24------------------------- 24-------------------------
25 p[:[GRP/]EVENT] SYMBOL[+offs]|MEMADDR [FETCHARGS] : Set a probe 25 p[:[GRP/]EVENT] SYMBOL[+offs]|MEMADDR [FETCHARGS] : Set a probe
26 r[:[GRP/]EVENT] SYMBOL[+0] [FETCHARGS] : Set a return probe 26 r[:[GRP/]EVENT] SYMBOL[+0] [FETCHARGS] : Set a return probe
27 -:[GRP/]EVENT : Clear a probe
27 28
28 GRP : Group name. If omitted, use "kprobes" for it. 29 GRP : Group name. If omitted, use "kprobes" for it.
29 EVENT : Event name. If omitted, the event name is generated 30 EVENT : Event name. If omitted, the event name is generated
@@ -37,15 +38,12 @@ Synopsis of kprobe_events
37 @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol) 38 @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol)
38 $stackN : Fetch Nth entry of stack (N >= 0) 39 $stackN : Fetch Nth entry of stack (N >= 0)
39 $stack : Fetch stack address. 40 $stack : Fetch stack address.
40 $argN : Fetch function argument. (N >= 0)(*) 41 $retval : Fetch return value.(*)
41 $retval : Fetch return value.(**) 42 +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(**)
42 +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(***)
43 NAME=FETCHARG: Set NAME as the argument name of FETCHARG. 43 NAME=FETCHARG: Set NAME as the argument name of FETCHARG.
44 44
45 (*) aN may not correct on asmlinkaged functions and at the middle of 45 (*) only for return probe.
46 function body. 46 (**) this is useful for fetching a field of data structures.
47 (**) only for return probe.
48 (***) this is useful for fetching a field of data structures.
49 47
50 48
51Per-Probe Event Filtering 49Per-Probe Event Filtering
@@ -82,13 +80,16 @@ Usage examples
82To add a probe as a new event, write a new definition to kprobe_events 80To add a probe as a new event, write a new definition to kprobe_events
83as below. 81as below.
84 82
85 echo p:myprobe do_sys_open dfd=$arg0 filename=$arg1 flags=$arg2 mode=$arg3 > /sys/kernel/debug/tracing/kprobe_events 83 echo 'p:myprobe do_sys_open dfd=%ax filename=%dx flags=%cx mode=+4($stack)' > /sys/kernel/debug/tracing/kprobe_events
86 84
87 This sets a kprobe on the top of do_sys_open() function with recording 85 This sets a kprobe on the top of do_sys_open() function with recording
881st to 4th arguments as "myprobe" event. As this example shows, users can 861st to 4th arguments as "myprobe" event. Note, which register/stack entry is
89choose more familiar names for each arguments. 87assigned to each function argument depends on arch-specific ABI. If you unsure
88the ABI, please try to use probe subcommand of perf-tools (you can find it
89under tools/perf/).
90As this example shows, users can choose more familiar names for each arguments.
90 91
91 echo r:myretprobe do_sys_open $retval >> /sys/kernel/debug/tracing/kprobe_events 92 echo 'r:myretprobe do_sys_open $retval' >> /sys/kernel/debug/tracing/kprobe_events
92 93
93 This sets a kretprobe on the return point of do_sys_open() function with 94 This sets a kretprobe on the return point of do_sys_open() function with
94recording return value as "myretprobe" event. 95recording return value as "myretprobe" event.
@@ -97,23 +98,24 @@ recording return value as "myretprobe" event.
97 98
98 cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format 99 cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format
99name: myprobe 100name: myprobe
100ID: 75 101ID: 780
101format: 102format:
102 field:unsigned short common_type; offset:0; size:2; 103 field:unsigned short common_type; offset:0; size:2; signed:0;
103 field:unsigned char common_flags; offset:2; size:1; 104 field:unsigned char common_flags; offset:2; size:1; signed:0;
104 field:unsigned char common_preempt_count; offset:3; size:1; 105 field:unsigned char common_preempt_count; offset:3; size:1;signed:0;
105 field:int common_pid; offset:4; size:4; 106 field:int common_pid; offset:4; size:4; signed:1;
106 field:int common_tgid; offset:8; size:4; 107 field:int common_lock_depth; offset:8; size:4; signed:1;
107 108
108 field: unsigned long ip; offset:16;tsize:8; 109 field:unsigned long __probe_ip; offset:12; size:4; signed:0;
109 field: int nargs; offset:24;tsize:4; 110 field:int __probe_nargs; offset:16; size:4; signed:1;
110 field: unsigned long dfd; offset:32;tsize:8; 111 field:unsigned long dfd; offset:20; size:4; signed:0;
111 field: unsigned long filename; offset:40;tsize:8; 112 field:unsigned long filename; offset:24; size:4; signed:0;
112 field: unsigned long flags; offset:48;tsize:8; 113 field:unsigned long flags; offset:28; size:4; signed:0;
113 field: unsigned long mode; offset:56;tsize:8; 114 field:unsigned long mode; offset:32; size:4; signed:0;
114 115
115print fmt: "(%lx) dfd=%lx filename=%lx flags=%lx mode=%lx", REC->ip, REC->dfd, REC->filename, REC->flags, REC->mode
116 116
117print fmt: "(%lx) dfd=%lx filename=%lx flags=%lx mode=%lx", REC->__probe_ip,
118REC->dfd, REC->filename, REC->flags, REC->mode
117 119
118 You can see that the event has 4 arguments as in the expressions you specified. 120 You can see that the event has 4 arguments as in the expressions you specified.
119 121
@@ -121,6 +123,12 @@ print fmt: "(%lx) dfd=%lx filename=%lx flags=%lx mode=%lx", REC->ip, REC->dfd, R
121 123
122 This clears all probe points. 124 This clears all probe points.
123 125
126 Or,
127
128 echo -:myprobe >> kprobe_events
129
130 This clears probe points selectively.
131
124 Right after definition, each event is disabled by default. For tracing these 132 Right after definition, each event is disabled by default. For tracing these
125events, you need to enable it. 133events, you need to enable it.
126 134
@@ -146,4 +154,3 @@ events, you need to enable it.
146returns from SYMBOL(e.g. "sys_open+0x1b/0x1d <- do_sys_open" means kernel 154returns from SYMBOL(e.g. "sys_open+0x1b/0x1d <- do_sys_open" means kernel
147returns from do_sys_open to sys_open+0x1b). 155returns from do_sys_open to sys_open+0x1b).
148 156
149