ftrace是否允许捕获Linux内核的系统调用参数或仅捕获函数名称? [英] Does ftrace allow capture of system call arguments to the Linux kernel, or only function names?

问题描述

目标是检查任何进程传递给特定系统调用(例如exec，open等)的参数.

The goal is to examine arguments passed to specific system calls (e.g. exec, open, etc.) by any process.

从官方文档中，无法记录函数参数描述(主要查看功能"跟踪器，因为我不需要该图).

From the official documentation, no capability to log function arguments is described (looked mostly at the "function" tracer, as I don't need the graph).

如果我真的可以在ftrace的框架内做到这一点，我想确保我不会忽略某些东西，而浪费时间使用一些更奇特的东西.

I wanted to make sure I'm not overlooking something and wasting time using something more exotic if I could actually do this within the framework of ftrace.

推荐答案

尽管我将ftrace用于功能堆栈跟踪和延迟问题，但我对ftrace的经验有限. (经验丰富的人可能会建议)使用trace-cmd和kernelshark的体验几乎相同.

I have limited experience with ftrace, although I have used it for for function stack traces and latency issues. (People with more experience can possibly suggest) Its pretty much the same experience using trace-cmd and kernelshark.

但是，如果要跟踪内核空间内的系统调用，函数参数，内核API和返回值等，更好的选择是使用systemtap.它具有示例& Doc 非常适合用于函数调用跟踪，传递的参数值等.您可能需要查看一些示例，并根据需要进行调整.请参见general/para-callgraph-verbose.stp和process/sleeptime.stp

However, if you want to trace syscalls, function params, kernel APIs and return values etc. within the kernel space a better choice would be to go with systemtap. It has an extensive list of Samples & Doc which is good for function call tracing, argument values passed etc. You may want to look at some samples and taylor them to your requirement. See general/para-callgraph-verbose.stp and process/sleeptime.stp

"

general/para-callgraph-verbose.stp -使用详细参数的笔迹跟踪 关键字:TRACE CALLGRAPH

general/para-callgraph-verbose.stp - Callgraph Tracing with Verbose Arguments keywords: TRACE CALLGRAPH

打印定时的每线程微秒定时的调用图，其中包括漂亮打印的函数参数和返回值.第一个参数命名功能探针要跟踪的点.可选的第二个参数为触发器函数的探测点命名，用于仅跟踪当前线程嵌套在触发器中时发生的那些函数.

Print a timed per-thread microsecond-timed callgraph, complete with pretty-printed function parameters and return values. The first parameter names the function probe points to trace. The optional second parameter names the probe points for trigger functions, which acts to enable tracing for only those functions that occur while the current thread is nested within the trigger.

stap para-callgraph-verbose.stp 'kernel.function("*@fs/proc*.c")' \
'kernel.function("vfs_read")' -c "cat /proc/sys/vm/* || true"

process/strace.stp -跟踪系统调用 关键字:_BEST PROCESS SYSCALL

process/strace.stp - Trace system calls keywords: _BEST PROCESS SYSCALL

当应用于单个进程或层次结构(通过-c/-x)或整个系统(不带-c/-x)时，该脚本大致模拟strace.可以使用-G设置一些输出配置参数.

The script loosely emulates strace, when applied to individual processes or hierarchies (via -c/-x), or the entire system (without -c/-x). A few output configuration parameters may be set with -G.

stap strace.stp -c "sleep 1"

"

请注意，您需要安装正确版本的debug kernel和kernel-devel rpms/deb，以使stap正常工作.为此，只需使用stap-prep并根据您所使用的样式安装显示的依赖项.

Note you will need to install the correct version of the debug kernel and kernel-devel rpms/deb for stap to work correctly. For this just use stap-prep and install the dependencies shown depending on the flavour you are on.

这篇关于ftrace是否允许捕获Linux内核的系统调用参数或仅捕获函数名称?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！