diff options
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/trace/kprobetrace.txt | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/Documentation/trace/kprobetrace.txt b/Documentation/trace/kprobetrace.txt index 8f882ebd1368..aaa6c1067c78 100644 --- a/Documentation/trace/kprobetrace.txt +++ b/Documentation/trace/kprobetrace.txt | |||
@@ -42,7 +42,8 @@ Synopsis of kprobe_events | |||
42 | aN : Fetch function argument. (N >= 0)(*) | 42 | aN : Fetch function argument. (N >= 0)(*) |
43 | rv : Fetch return value.(**) | 43 | rv : Fetch return value.(**) |
44 | ra : Fetch return address.(**) | 44 | ra : Fetch return address.(**) |
45 | +|-offs(FETCHARG) : fetch memory at FETCHARG +|- offs address.(***) | 45 | +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(***) |
46 | NAME=FETCHARG: Set NAME as the argument name of FETCHARG. | ||
46 | 47 | ||
47 | (*) aN may not correct on asmlinkaged functions and at the middle of | 48 | (*) aN may not correct on asmlinkaged functions and at the middle of |
48 | function body. | 49 | function body. |
@@ -62,12 +63,10 @@ enabled: | |||
62 | You can enable/disable the probe by writing 1 or 0 on it. | 63 | You can enable/disable the probe by writing 1 or 0 on it. |
63 | 64 | ||
64 | format: | 65 | format: |
65 | This shows the format of this probe event. It also shows aliases of arguments | 66 | This shows the format of this probe event. |
66 | which you specified to kprobe_events. | ||
67 | 67 | ||
68 | filter: | 68 | filter: |
69 | You can write filtering rules of this event. And you can use both of aliase | 69 | You can write filtering rules of this event. |
70 | names and field names for describing filters. | ||
71 | 70 | ||
72 | id: | 71 | id: |
73 | This shows the id of this probe event. | 72 | This shows the id of this probe event. |
@@ -85,10 +84,11 @@ Usage examples | |||
85 | To add a probe as a new event, write a new definition to kprobe_events | 84 | To add a probe as a new event, write a new definition to kprobe_events |
86 | as below. | 85 | as below. |
87 | 86 | ||
88 | echo p:myprobe do_sys_open a0 a1 a2 a3 > /sys/kernel/debug/tracing/kprobe_events | 87 | echo p:myprobe do_sys_open dfd=a0 filename=a1 flags=a2 mode=a3 > /sys/kernel/debug/tracing/kprobe_events |
89 | 88 | ||
90 | This sets a kprobe on the top of do_sys_open() function with recording | 89 | This sets a kprobe on the top of do_sys_open() function with recording |
91 | 1st to 4th arguments as "myprobe" event. | 90 | 1st to 4th arguments as "myprobe" event. As this example shows, users can |
91 | choose more familiar names for each arguments. | ||
92 | 92 | ||
93 | echo r:myretprobe do_sys_open rv ra >> /sys/kernel/debug/tracing/kprobe_events | 93 | echo r:myretprobe do_sys_open rv ra >> /sys/kernel/debug/tracing/kprobe_events |
94 | 94 | ||
@@ -99,7 +99,7 @@ recording return value and return address as "myretprobe" event. | |||
99 | 99 | ||
100 | cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format | 100 | cat /sys/kernel/debug/tracing/events/kprobes/myprobe/format |
101 | name: myprobe | 101 | name: myprobe |
102 | ID: 23 | 102 | ID: 75 |
103 | format: | 103 | format: |
104 | field:unsigned short common_type; offset:0; size:2; | 104 | field:unsigned short common_type; offset:0; size:2; |
105 | field:unsigned char common_flags; offset:2; size:1; | 105 | field:unsigned char common_flags; offset:2; size:1; |
@@ -109,21 +109,15 @@ format: | |||
109 | 109 | ||
110 | field: unsigned long ip; offset:16;tsize:8; | 110 | field: unsigned long ip; offset:16;tsize:8; |
111 | field: int nargs; offset:24;tsize:4; | 111 | field: int nargs; offset:24;tsize:4; |
112 | field: unsigned long arg0; offset:32;tsize:8; | 112 | field: unsigned long dfd; offset:32;tsize:8; |
113 | field: unsigned long arg1; offset:40;tsize:8; | 113 | field: unsigned long filename; offset:40;tsize:8; |
114 | field: unsigned long arg2; offset:48;tsize:8; | 114 | field: unsigned long flags; offset:48;tsize:8; |
115 | field: unsigned long arg3; offset:56;tsize:8; | 115 | field: unsigned long mode; offset:56;tsize:8; |
116 | 116 | ||
117 | alias: a0; original: arg0; | 117 | print fmt: "%lx: dfd=%lx filename=%lx flags=%lx mode=%lx", ip, REC->dfd, REC->filename, REC->flags, REC->mode |
118 | alias: a1; original: arg1; | ||
119 | alias: a2; original: arg2; | ||
120 | alias: a3; original: arg3; | ||
121 | 118 | ||
122 | print fmt: "%lx: 0x%lx 0x%lx 0x%lx 0x%lx", ip, arg0, arg1, arg2, arg3 | ||
123 | 119 | ||
124 | 120 | You can see that the event has 4 arguments as in the expressions you specified. | |
125 | You can see that the event has 4 arguments and alias expressions | ||
126 | corresponding to it. | ||
127 | 121 | ||
128 | echo > /sys/kernel/debug/tracing/kprobe_events | 122 | echo > /sys/kernel/debug/tracing/kprobe_events |
129 | 123 | ||
@@ -135,12 +129,12 @@ corresponding to it. | |||
135 | # | 129 | # |
136 | # TASK-PID CPU# TIMESTAMP FUNCTION | 130 | # TASK-PID CPU# TIMESTAMP FUNCTION |
137 | # | | | | | | 131 | # | | | | | |
138 | <...>-1447 [001] 1038282.286875: do_sys_open+0x0/0xd6: 0x3 0x7fffd1ec4440 0x8000 0x0 | 132 | <...>-1447 [001] 1038282.286875: do_sys_open+0x0/0xd6: dfd=3 filename=7fffd1ec4440 flags=8000 mode=0 |
139 | <...>-1447 [001] 1038282.286878: sys_openat+0xc/0xe <- do_sys_open: 0xfffffffffffffffe 0xffffffff81367a3a | 133 | <...>-1447 [001] 1038282.286878: sys_openat+0xc/0xe <- do_sys_open: rv=fffffffffffffffe ra=ffffffff81367a3a |
140 | <...>-1447 [001] 1038282.286885: do_sys_open+0x0/0xd6: 0xffffff9c 0x40413c 0x8000 0x1b6 | 134 | <...>-1447 [001] 1038282.286885: do_sys_open+0x0/0xd6: dfd=ffffff9c filename=40413c flags=8000 mode=1b6 |
141 | <...>-1447 [001] 1038282.286915: sys_open+0x1b/0x1d <- do_sys_open: 0x3 0xffffffff81367a3a | 135 | <...>-1447 [001] 1038282.286915: sys_open+0x1b/0x1d <- do_sys_open: rv=3 ra=ffffffff81367a3a |
142 | <...>-1447 [001] 1038282.286969: do_sys_open+0x0/0xd6: 0xffffff9c 0x4041c6 0x98800 0x10 | 136 | <...>-1447 [001] 1038282.286969: do_sys_open+0x0/0xd6: dfd=ffffff9c filename=4041c6 flags=98800 mode=10 |
143 | <...>-1447 [001] 1038282.286976: sys_open+0x1b/0x1d <- do_sys_open: 0x3 0xffffffff81367a3a | 137 | <...>-1447 [001] 1038282.286976: sys_open+0x1b/0x1d <- do_sys_open: rv=3 ra=ffffffff81367a3a |
144 | 138 | ||
145 | 139 | ||
146 | Each line shows when the kernel hits a probe, and <- SYMBOL means kernel | 140 | Each line shows when the kernel hits a probe, and <- SYMBOL means kernel |