diff options
Diffstat (limited to 'Documentation/trace')
-rw-r--r-- | Documentation/trace/uprobetracer.txt | 114 |
1 files changed, 67 insertions, 47 deletions
diff --git a/Documentation/trace/uprobetracer.txt b/Documentation/trace/uprobetracer.txt index 24ce6823a09e..d9c3e682312c 100644 --- a/Documentation/trace/uprobetracer.txt +++ b/Documentation/trace/uprobetracer.txt | |||
@@ -1,6 +1,8 @@ | |||
1 | Uprobe-tracer: Uprobe-based Event Tracing | 1 | Uprobe-tracer: Uprobe-based Event Tracing |
2 | ========================================= | 2 | ========================================= |
3 | Documentation written by Srikar Dronamraju | 3 | |
4 | Documentation written by Srikar Dronamraju | ||
5 | |||
4 | 6 | ||
5 | Overview | 7 | Overview |
6 | -------- | 8 | -------- |
@@ -13,78 +15,94 @@ current_tracer. Instead of that, add probe points via | |||
13 | /sys/kernel/debug/tracing/events/uprobes/<EVENT>/enabled. | 15 | /sys/kernel/debug/tracing/events/uprobes/<EVENT>/enabled. |
14 | 16 | ||
15 | However unlike kprobe-event tracer, the uprobe event interface expects the | 17 | However unlike kprobe-event tracer, the uprobe event interface expects the |
16 | user to calculate the offset of the probepoint in the object | 18 | user to calculate the offset of the probepoint in the object. |
17 | 19 | ||
18 | Synopsis of uprobe_tracer | 20 | Synopsis of uprobe_tracer |
19 | ------------------------- | 21 | ------------------------- |
20 | p[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a probe | 22 | p[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a uprobe |
23 | r[:[GRP/]EVENT] PATH:SYMBOL[+offs] [FETCHARGS] : Set a return uprobe (uretprobe) | ||
24 | -:[GRP/]EVENT : Clear uprobe or uretprobe event | ||
21 | 25 | ||
22 | GRP : Group name. If omitted, use "uprobes" for it. | 26 | GRP : Group name. If omitted, "uprobes" is the default value. |
23 | EVENT : Event name. If omitted, the event name is generated | 27 | EVENT : Event name. If omitted, the event name is generated based |
24 | based on SYMBOL+offs. | 28 | on SYMBOL+offs. |
25 | PATH : path to an executable or a library. | 29 | PATH : Path to an executable or a library. |
26 | SYMBOL[+offs] : Symbol+offset where the probe is inserted. | 30 | SYMBOL[+offs] : Symbol+offset where the probe is inserted. |
27 | 31 | ||
28 | FETCHARGS : Arguments. Each probe can have up to 128 args. | 32 | FETCHARGS : Arguments. Each probe can have up to 128 args. |
29 | %REG : Fetch register REG | 33 | %REG : Fetch register REG |
30 | 34 | ||
31 | Event Profiling | 35 | Event Profiling |
32 | --------------- | 36 | --------------- |
33 | You can check the total number of probe hits and probe miss-hits via | 37 | You can check the total number of probe hits and probe miss-hits via |
34 | /sys/kernel/debug/tracing/uprobe_profile. | 38 | /sys/kernel/debug/tracing/uprobe_profile. |
35 | The first column is event name, the second is the number of probe hits, | 39 | The first column is event name, the second is the number of probe hits, |
36 | the third is the number of probe miss-hits. | 40 | the third is the number of probe miss-hits. |
37 | 41 | ||
38 | Usage examples | 42 | Usage examples |
39 | -------------- | 43 | -------------- |
40 | To add a probe as a new event, write a new definition to uprobe_events | 44 | * Add a probe as a new uprobe event, write a new definition to uprobe_events |
41 | as below. | 45 | as below: (sets a uprobe at an offset of 0x4245c0 in the executable /bin/bash) |
46 | |||
47 | echo 'p: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events | ||
48 | |||
49 | * Add a probe as a new uretprobe event: | ||
50 | |||
51 | echo 'r: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events | ||
52 | |||
53 | * Unset registered event: | ||
42 | 54 | ||
43 | echo 'p: /bin/bash:0x4245c0' > /sys/kernel/debug/tracing/uprobe_events | 55 | echo '-:bash_0x4245c0' >> /sys/kernel/debug/tracing/uprobe_events |
44 | 56 | ||
45 | This sets a uprobe at an offset of 0x4245c0 in the executable /bin/bash | 57 | * Print out the events that are registered: |
46 | 58 | ||
47 | echo > /sys/kernel/debug/tracing/uprobe_events | 59 | cat /sys/kernel/debug/tracing/uprobe_events |
48 | 60 | ||
49 | This clears all probe points. | 61 | * Clear all events: |
50 | 62 | ||
51 | The following example shows how to dump the instruction pointer and %ax | 63 | echo > /sys/kernel/debug/tracing/uprobe_events |
52 | a register at the probed text address. Here we are trying to probe | 64 | |
53 | function zfree in /bin/zsh | 65 | Following example shows how to dump the instruction pointer and %ax register |
66 | at the probed text address. Probe zfree function in /bin/zsh: | ||
54 | 67 | ||
55 | # cd /sys/kernel/debug/tracing/ | 68 | # cd /sys/kernel/debug/tracing/ |
56 | # cat /proc/`pgrep zsh`/maps | grep /bin/zsh | grep r-xp | 69 | # cat /proc/`pgrep zsh`/maps | grep /bin/zsh | grep r-xp |
57 | 00400000-0048a000 r-xp 00000000 08:03 130904 /bin/zsh | 70 | 00400000-0048a000 r-xp 00000000 08:03 130904 /bin/zsh |
58 | # objdump -T /bin/zsh | grep -w zfree | 71 | # objdump -T /bin/zsh | grep -w zfree |
59 | 0000000000446420 g DF .text 0000000000000012 Base zfree | 72 | 0000000000446420 g DF .text 0000000000000012 Base zfree |
60 | 73 | ||
61 | 0x46420 is the offset of zfree in object /bin/zsh that is loaded at | 74 | 0x46420 is the offset of zfree in object /bin/zsh that is loaded at |
62 | 0x00400000. Hence the command to probe would be : | 75 | 0x00400000. Hence the command to uprobe would be: |
76 | |||
77 | # echo 'p:zfree_entry /bin/zsh:0x46420 %ip %ax' > uprobe_events | ||
78 | |||
79 | And the same for the uretprobe would be: | ||
63 | 80 | ||
64 | # echo 'p /bin/zsh:0x46420 %ip %ax' > uprobe_events | 81 | # echo 'r:zfree_exit /bin/zsh:0x46420 %ip %ax' >> uprobe_events |
65 | 82 | ||
66 | Please note: User has to explicitly calculate the offset of the probepoint | 83 | Please note: User has to explicitly calculate the offset of the probe-point |
67 | in the object. We can see the events that are registered by looking at the | 84 | in the object. We can see the events that are registered by looking at the |
68 | uprobe_events file. | 85 | uprobe_events file. |
69 | 86 | ||
70 | # cat uprobe_events | 87 | # cat uprobe_events |
71 | p:uprobes/p_zsh_0x46420 /bin/zsh:0x00046420 arg1=%ip arg2=%ax | 88 | p:uprobes/zfree_entry /bin/zsh:0x00046420 arg1=%ip arg2=%ax |
89 | r:uprobes/zfree_exit /bin/zsh:0x00046420 arg1=%ip arg2=%ax | ||
72 | 90 | ||
73 | The format of events can be seen by viewing the file events/uprobes/p_zsh_0x46420/format | 91 | Format of events can be seen by viewing the file events/uprobes/zfree_entry/format |
74 | 92 | ||
75 | # cat events/uprobes/p_zsh_0x46420/format | 93 | # cat events/uprobes/zfree_entry/format |
76 | name: p_zsh_0x46420 | 94 | name: zfree_entry |
77 | ID: 922 | 95 | ID: 922 |
78 | format: | 96 | format: |
79 | field:unsigned short common_type; offset:0; size:2; signed:0; | 97 | field:unsigned short common_type; offset:0; size:2; signed:0; |
80 | field:unsigned char common_flags; offset:2; size:1; signed:0; | 98 | field:unsigned char common_flags; offset:2; size:1; signed:0; |
81 | field:unsigned char common_preempt_count; offset:3; size:1; signed:0; | 99 | field:unsigned char common_preempt_count; offset:3; size:1; signed:0; |
82 | field:int common_pid; offset:4; size:4; signed:1; | 100 | field:int common_pid; offset:4; size:4; signed:1; |
83 | field:int common_padding; offset:8; size:4; signed:1; | 101 | field:int common_padding; offset:8; size:4; signed:1; |
84 | 102 | ||
85 | field:unsigned long __probe_ip; offset:12; size:4; signed:0; | 103 | field:unsigned long __probe_ip; offset:12; size:4; signed:0; |
86 | field:u32 arg1; offset:16; size:4; signed:0; | 104 | field:u32 arg1; offset:16; size:4; signed:0; |
87 | field:u32 arg2; offset:20; size:4; signed:0; | 105 | field:u32 arg2; offset:20; size:4; signed:0; |
88 | 106 | ||
89 | print fmt: "(%lx) arg1=%lx arg2=%lx", REC->__probe_ip, REC->arg1, REC->arg2 | 107 | print fmt: "(%lx) arg1=%lx arg2=%lx", REC->__probe_ip, REC->arg1, REC->arg2 |
90 | 108 | ||
@@ -94,6 +112,7 @@ events, you need to enable it by: | |||
94 | # echo 1 > events/uprobes/enable | 112 | # echo 1 > events/uprobes/enable |
95 | 113 | ||
96 | Lets disable the event after sleeping for some time. | 114 | Lets disable the event after sleeping for some time. |
115 | |||
97 | # sleep 20 | 116 | # sleep 20 |
98 | # echo 0 > events/uprobes/enable | 117 | # echo 0 > events/uprobes/enable |
99 | 118 | ||
@@ -104,10 +123,11 @@ And you can see the traced information via /sys/kernel/debug/tracing/trace. | |||
104 | # | 123 | # |
105 | # TASK-PID CPU# TIMESTAMP FUNCTION | 124 | # TASK-PID CPU# TIMESTAMP FUNCTION |
106 | # | | | | | | 125 | # | | | | | |
107 | zsh-24842 [006] 258544.995456: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 | 126 | zsh-24842 [006] 258544.995456: zfree_entry: (0x446420) arg1=446420 arg2=79 |
108 | zsh-24842 [007] 258545.000270: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 | 127 | zsh-24842 [007] 258545.000270: zfree_exit: (0x446540 <- 0x446420) arg1=446540 arg2=0 |
109 | zsh-24842 [002] 258545.043929: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 | 128 | zsh-24842 [002] 258545.043929: zfree_entry: (0x446420) arg1=446420 arg2=79 |
110 | zsh-24842 [004] 258547.046129: p_zsh_0x46420: (0x446420) arg1=446421 arg2=79 | 129 | zsh-24842 [004] 258547.046129: zfree_exit: (0x446540 <- 0x446420) arg1=446540 arg2=0 |
111 | 130 | ||
112 | Each line shows us probes were triggered for a pid 24842 with ip being | 131 | Output shows us uprobe was triggered for a pid 24842 with ip being 0x446420 |
113 | 0x446421 and contents of ax register being 79. | 132 | and contents of ax register being 79. And uretprobe was triggered with ip at |
133 | 0x446540 with counterpart function entry at 0x446420. | ||