On Wed, 27 Feb 2019 23:44:42 +0900
Masami Hiramatsu <mhira...@kernel.org> wrote:
>
> +.. _user_mem_access:
> +User Memory Access
> +------------------
> +Kprobe events supports user-space memory access. For that purpose, you can
> use
> +either user-space dereference syntax or 'ustring' type.
> +
> +user-space dereference syntax allows you to access a field of a data
> structure
"The user-space"
> +n user-space. This is done by "u" prefix with dereference syntax. For
> example,
in user-space? "This is done by adding the "u" prefix to the dereference
syntax"
> ++u4(%si) means read a user memory from the user-space address %si+4. You can
"means it will read memory from the address in the register %si offset
by 4, and that memory is expected to be in user-space."
> +use this for string too, e.g. +u0(%si):string means that the read a user
> space
"for strings too"
> +string from the address where %si register points. 'ustring' is a kind of
> +short-cut. You can use +0(%si):ustring instead of that.
"+u0(%si):string will read a string from the address in the register
%si that is expected to be in user-space. 'ustring' is a shortcut way
off performing the same task. That is, +0(%si):ustring is equivalent
to +u0(%si):string."
> +
> +Note that kprobe-event provides user-memory access syntax, but it
> doesn't +use it transparently. This means if you use normal
> dereference or string type +for user memory, it might fail, and
> always fails on some arch. So user has to +check if the targe data is
> in kernel or in user space carefully.
> Per-Probe Event Filtering
> -------------------------
> diff --git a/Documentation/trace/uprobetracer.rst
> b/Documentation/trace/uprobetracer.rst index
> 4c3bfde2ba47..6144423b2368 100644 ---
> a/Documentation/trace/uprobetracer.rst +++
> b/Documentation/trace/uprobetracer.rst @@ -42,16 +42,17 @@ Synopsis
> of uprobe_tracer @+OFFSET : Fetch memory at OFFSET (OFFSET
> from same file as PATH) $stackN : Fetch Nth entry of stack (N
> >= 0) $stack : Fetch stack address.
> - $retval : Fetch return value.(*)
> + $retval : Fetch return value.(\*1)
> $comm : Fetch current task comm.
> - +|-offs(FETCHARG) : Fetch memory at FETCHARG +|- offs address.(**)
> + +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS
> address.(\*2)(\*3) NAME=FETCHARG : Set NAME as the argument name
> of FETCHARG. FETCHARG:TYPE : Set TYPE as the type of FETCHARG.
> Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal
> types (x8/x16/x32/x64), "string" and bitfield are supported.
>
> - (*) only for return probe.
> - (**) this is useful for fetching a field of data structures.
> + (\*1) only for return probe.
> + (\*2) this is useful for fetching a field of data structures.
> + (\*3) Unlike kprobe event, "u" prefix will be just ignored.
"will just be ignored."
>
> Types
> -----
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 4cacbb0e1538..5408a82a015d 100644
-- Steve
