将系统调用事件跟踪输出的格式更改为ftrace [英] Change format of syscall event trace output to ftrace

问题描述

我为 sys_enter_openat syscall启用了ftrace事件跟踪.在 events/syscalls/sys_enter_openat/format 中给出的相应输出格式是

I enabled ftrace event tracing for sys_enter_openat syscall. The respective output format given at events/syscalls/sys_enter_openat/format is

print fmt: "dfd: 0x%08lx, filename: 0x%08lx, flags: 0x%08lx, mode: 0x%08lx", ((unsigned long)(REC->dfd)), ((unsigned long)(REC->filename)), ((unsigned long)(REC->flags)), ((unsigned long)(REC->mode))

正如预期的那样，到ftrace的示例输出行类似于

As expected a sample output line to ftrace is something like

msm_irqbalance-1338  [000] ...1 211710.033931: sys_openat(dfd: ffffff9c, filename: 5af693f224, flags: 2, mode: 0)

有没有一种方法可以更改输出格式，使 filename:5af693f224 可以显示为 filename:< string> 而不是地址?我想使用 systemtap 或 krpobe 可以实现，但是我的设置目前不允许使用它.

Is there a way to change output format such that filename: 5af693f224 can be shown as filename: <string> instead of address? I guess this would have been possible using systemtap or krpobe but my setup does not allow its use as of now.

推荐答案

您可以使用自己的格式定义kprobe事件:

You can define kprobe events with your own format:

cd /sys/kernel/debug/tracing
echo 'p:open do_sys_open file=+0(%si):string' > kprobe_events
echo 1 > events/kprobes/open/enable
cat trace_pipe

输出:

cat-123 [001] .... 123.123: open: (do_sys_open+0x0/0x80) file="/etc/fstab"
cat-123 [001] .... 123.124: open: (do_sys_open+0x0/0x80) file="/dev/zero"

有关详细信息，请参阅: https://events19.linuxfoundation.org/wp-content/uploads/2017/12/oss-eu-2018-fun-with-dynamic-trace-events_steven-rostedt.pdf

For details, see: https://events19.linuxfoundation.org/wp-content/uploads/2017/12/oss-eu-2018-fun-with-dynamic-trace-events_steven-rostedt.pdf

这篇关于将系统调用事件跟踪输出的格式更改为ftrace的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！