[PATCH RFC 0/5] tracing/probes: Support function parameter access from return probe

Wed, 14 Feb 2024 05:22:30 -0800 

Hi,

Here is a series of patches to support accessing function entry data from
function *return* probes (including kretprobe and fprobe-exit event).

This allows us to access the results of some functions, which returns the
error code and its results are passed via function parameter, such as an
structure-initialization function.

For example, vfs_open() will link the file structure to the inode and update
mode. Thus we can trace that changes.

 # echo 'f vfs_open mode=file->f_mode:x32 inode=file->f_inode:x64' >> 
dynamic_events
 # echo 'f vfs_open%return mode=file->f_mode:x32 inode=file->f_inode:x64' >> 
dynamic_events 
 # echo 1 > events/fprobes/enable 
 # cat trace
              sh-131     [006] ...1.  1945.714346: vfs_open__entry: 
(vfs_open+0x4/0x40) mode=0x2 inode=0x0
              sh-131     [006] ...1.  1945.714358: vfs_open__exit: 
(do_open+0x274/0x3d0 <- vfs_open) mode=0x4d801e inode=0xffff888008470168
             cat-143     [007] ...1.  1945.717949: vfs_open__entry: 
(vfs_open+0x4/0x40) mode=0x1 inode=0x0
             cat-143     [007] ...1.  1945.717956: vfs_open__exit: 
(do_open+0x274/0x3d0 <- vfs_open) mode=0x4a801d inode=0xffff888005f78d28
             cat-143     [007] ...1.  1945.720616: vfs_open__entry: 
(vfs_open+0x4/0x40) mode=0x1 inode=0x0
             cat-143     [007] ...1.  1945.728263: vfs_open__exit: 
(do_open+0x274/0x3d0 <- vfs_open) mode=0xa800d inode=0xffff888004ada8d8

So as you can see those fields are initialized at exit.

TODO:
 - update README file
 - add/update ftracetest
 - update documents

Thank you,

---

Masami Hiramatsu (Google) (5):
      tracing/probes: Fix to search structure fields correctly
      tracing/fprobe-event: cleanup: Fix a wrong comment in fprobe event
      tracing/probes: Cleanup probe argument parser
      tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init
      tracing/probes: Support $argN in return probe (kprobe and fprobe)


 kernel/trace/trace_btf.c        |    4 
 kernel/trace/trace_eprobe.c     |    8 -
 kernel/trace/trace_fprobe.c     |   59 ++++--
 kernel/trace/trace_kprobe.c     |   58 ++++-
 kernel/trace/trace_probe.c      |  417 ++++++++++++++++++++++++++++-----------
 kernel/trace/trace_probe.h      |   30 +++
 kernel/trace/trace_probe_tmpl.h |   10 -
 kernel/trace/trace_uprobe.c     |   14 +
 8 files changed, 433 insertions(+), 167 deletions(-)

--
Masami Hiramatsu (Google) <mhira...@kernel.org>

Reply via email to