In older versions of the kernel, event filtering by pid does not use the set_event_pid file. Instead, ftrace uses a common filter (created in make_pid_filter) to filter events based on PID.
The syntax of the filter generated by this function is overly permissive. When filtering by pid, || is used where && should be (in certain cases) which means that unrelated events are captured. Signed-off-by: Will Hawkins <[email protected]> --- trace-record.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/trace-record.c b/trace-record.c index a0b6541..741fe53 100644 --- a/trace-record.c +++ b/trace-record.c @@ -935,14 +935,16 @@ static char *make_pid_filter(char *curr_filter, const char *field) str = filter + curr_len; for (p = filter_pids; p; p = p->next) { - if (p == filter_pids) - orit = ""; - else - orit = "||"; - if (p->exclude) + if (p->exclude) { match = "!="; - else + orit = "&&"; + } else { match = "=="; + orit = "||"; + } + if (p == filter_pids) + orit = ""; + len = sprintf(str, "%s(%s%s%d)", orit, field, match, p->pid); str += len; } -- 2.7.4
