aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/trace/uprobetracer.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/trace/uprobetracer.txt')
-rw-r--r--Documentation/trace/uprobetracer.txt114
1 files changed, 67 insertions, 47 deletions
diff --git a/Documentation/trace/uprobetracer.txt b/Documentation/trace/uprobetracer.txt
index 24ce6823a09e..d9c3e682312c 100644
--- a/Documentation/trace/uprobetracer.txt
+++ b/Documentation/trace/uprobetracer.txt
@@ -1,6 +1,8 @@
1 Uprobe-tracer: Uprobe-based Event Tracing 1 Uprobe-tracer: Uprobe-based Event Tracing
2 ========================================= 2 =========================================
3 Documentation written by Srikar Dronamraju 3
4 Documentation written by Srikar Dronamraju
5
4 6
5Overview 7Overview
6-------- 8--------
@@ -13,78 +15,94 @@ current_tracer. Instead of that, add probe points via
13/sys/kernel/debug/tracing/events/uprobes/<EVENT>/enabled. 15/sys/kernel/debug/tracing/events/uprobes/<EVENT>/enabled.
14 16
15However unlike kprobe-event tracer, the uprobe event interface expects the 17However unlike kprobe-event tracer, the uprobe event interface expects the
16user to calculate the offset of the probepoint in the object 18user to calculate the offset of the probepoint in the object.
17 19
18Synopsis of uprobe_tracer 20Synopsis of uprobe_tracer
19------------------------- 21-------------------------
20 p[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a probe 22 p[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a uprobe
23 r[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a return uprobe (uretprobe)
24 -:[GRP/]EVENT : Clear uprobe or uretprobe event
21 25
22 GRP : Group name. If omitted, use "uprobes" for it. 26 GRP : Group name. If omitted, "uprobes" is the default value.
23 EVENT : Event name. If omitted, the event name is generated 27 EVENT : Event name. If omitted, the event name is generated based
24 based on SYMBOL+offs. 28 on SYMBOL+offs.
25 PATH : path to an executable or a library. 29 PATH : Path to an executable or a library.
26 SYMBOL[+offs] : Symbol+offset where the probe is inserted. 30 SYMBOL[+offs] : Symbol+offset where the probe is inserted.
27 31
28 FETCHARGS : Arguments. Each probe can have up to 128 args. 32 FETCHARGS : Arguments. Each probe can have up to 128 args.
29 %REG : Fetch register REG 33 %REG : Fetch register REG
30 34
31Event Profiling 35Event Profiling
32--------------- 36---------------
33 You can check the total number of probe hits and probe miss-hits via 37You can check the total number of probe hits and probe miss-hits via
34/sys/kernel/debug/tracing/uprobe_profile. 38/sys/kernel/debug/tracing/uprobe_profile.
35 The first column is event name, the second is the number of probe hits, 39The first column is event name, the second is the number of probe hits,
36the third is the number of probe miss-hits. 40the third is the number of probe miss-hits.
37 41
38Usage examples 42Usage examples
39-------------- 43--------------
40To add a probe as a new event, write a new definition to uprobe_events 44 * Add a probe as a new uprobe event, write a new definition to uprobe_events
41as below. 45as below: (sets a uprobe at an offset of 0x4245c0 in the executable /bin/bash)
46
47 echo 'p: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events
48
49 * Add a probe as a new uretprobe event:
50
51 echo 'r: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events
52
53 * Unset registered event:
42 54
43 echo 'p: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events 55 echo '-:bash_0x4245c0' >> /sys/kernel/debug/tracing/uprobe_events
44 56
45 This sets a uprobe at an offset of 0x4245c0 in the executable /bin/bash 57 * Print out the events that are registered:
46 58
47 echo > /sys/kernel/debug/tracing/uprobe_events 59 cat /sys/kernel/debug/tracing/uprobe_events
48 60
49 This clears all probe points. 61 * Clear all events:
50 62
51The following example shows how to dump the instruction pointer and %ax 63 echo > /sys/kernel/debug/tracing/uprobe_events
52a register at the probed text address. Here we are trying to probe 64
53function zfree in /bin/zsh 65Following example shows how to dump the instruction pointer and %ax register
66at the probed text address. Probe zfree function in /bin/zsh:
54 67
55 # cd /sys/kernel/debug/tracing/ 68 # cd /sys/kernel/debug/tracing/
56 # cat /proc/`pgrep zsh`/maps | grep /bin/zsh | grep r-xp 69 # cat /proc/`pgrep zsh`/maps | grep /bin/zsh | grep r-xp
57 00400000-0048a000 r-xp 00000000 08:03 130904 /bin/zsh 70 00400000-0048a000 r-xp 00000000 08:03 130904 /bin/zsh
58 # objdump -T /bin/zsh | grep -w zfree 71 # objdump -T /bin/zsh | grep -w zfree
59 0000000000446420 g DF .text 0000000000000012 Base zfree 72 0000000000446420 g DF .text 0000000000000012 Base zfree
60 73
610x46420 is the offset of zfree in object /bin/zsh that is loaded at 74 0x46420 is the offset of zfree in object /bin/zsh that is loaded at
620x00400000. Hence the command to probe would be : 75 0x00400000. Hence the command to uprobe would be:
76
77 # echo 'p:zfree_entry /bin/zsh:0x46420 %ip %ax' > uprobe_events
78
79 And the same for the uretprobe would be:
63 80
64 # echo 'p /bin/zsh:0x46420 %ip %ax' > uprobe_events 81 # echo 'r:zfree_exit /bin/zsh:0x46420 %ip %ax' >> uprobe_events
65 82
66Please note: User has to explicitly calculate the offset of the probepoint 83Please note: User has to explicitly calculate the offset of the probe-point
67in the object. We can see the events that are registered by looking at the 84in the object. We can see the events that are registered by looking at the
68uprobe_events file. 85uprobe_events file.
69 86
70 # cat uprobe_events 87 # cat uprobe_events
71 p:uprobes/p_zsh_0x46420 /bin/zsh:0x00046420 arg1=%ip arg2=%ax 88 p:uprobes/zfree_entry /bin/zsh:0x00046420 arg1=%ip arg2=%ax
89 r:uprobes/zfree_exit /bin/zsh:0x00046420 arg1=%ip arg2=%ax
72 90
73The format of events can be seen by viewing the file events/uprobes/p_zsh_0x46420/format 91Format of events can be seen by viewing the file events/uprobes/zfree_entry/format
74 92
75 # cat events/uprobes/p_zsh_0x46420/format 93 # cat events/uprobes/zfree_entry/format
76 name: p_zsh_0x46420 94 name: zfree_entry
77 ID: 922 95 ID: 922
78 format: 96 format:
79 field:unsigned short common_type; offset:0; size:2; signed:0; 97 field:unsigned short common_type; offset:0; size:2; signed:0;
80 field:unsigned char common_flags; offset:2; size:1; signed:0; 98 field:unsigned char common_flags; offset:2; size:1; signed:0;
81 field:unsigned char common_preempt_count; offset:3; size:1; signed:0; 99 field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
82 field:int common_pid; offset:4; size:4; signed:1; 100 field:int common_pid; offset:4; size:4; signed:1;
83 field:int common_padding; offset:8; size:4; signed:1; 101 field:int common_padding; offset:8; size:4; signed:1;
84 102
85 field:unsigned long __probe_ip; offset:12; size:4; signed:0; 103 field:unsigned long __probe_ip; offset:12; size:4; signed:0;
86 field:u32 arg1; offset:16; size:4; signed:0; 104 field:u32 arg1; offset:16; size:4; signed:0;
87 field:u32 arg2; offset:20; size:4; signed:0; 105 field:u32 arg2; offset:20; size:4; signed:0;
88 106
89 print fmt: "(%lx) arg1=%lx arg2=%lx", REC->__probe_ip, REC->arg1, REC->arg2 107 print fmt: "(%lx) arg1=%lx arg2=%lx", REC->__probe_ip, REC->arg1, REC->arg2
90 108
@@ -94,6 +112,7 @@ events, you need to enable it by:
94 # echo 1 > events/uprobes/enable 112 # echo 1 > events/uprobes/enable
95 113
96Lets disable the event after sleeping for some time. 114Lets disable the event after sleeping for some time.
115
97 # sleep 20 116 # sleep 20
98 # echo 0 > events/uprobes/enable 117 # echo 0 > events/uprobes/enable
99 118
@@ -104,10 +123,11 @@ And you can see the traced information via /sys/kernel/debug/tracing/trace.
104 # 123 #
105 # TASK-PID CPU# TIMESTAMP FUNCTION 124 # TASK-PID CPU# TIMESTAMP FUNCTION
106 # | | | | | 125 # | | | | |
107 zsh-24842 [006] 258544.995456: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 126 zsh-24842 [006] 258544.995456: zfree_entry: (0x446420) arg1=446420 arg2=79
108 zsh-24842 [007] 258545.000270: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 127 zsh-24842 [007] 258545.000270: zfree_exit: (0x446540 <- 0x446420) arg1=446540 arg2=0
109 zsh-24842 [002] 258545.043929: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 128 zsh-24842 [002] 258545.043929: zfree_entry: (0x446420) arg1=446420 arg2=79
110 zsh-24842 [004] 258547.046129: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 129 zsh-24842 [004] 258547.046129: zfree_exit: (0x446540 <- 0x446420) arg1=446540 arg2=0
111 130
112Each line shows us probes were triggered for a pid 24842 with ip being 131Output shows us uprobe was triggered for a pid 24842 with ip being 0x446420
1130x446421 and contents of ax register being 79. 132and contents of ax register being 79. And uretprobe was triggered with ip at
1330x446540 with counterpart function entry at 0x446420.