All of lore.kernel.org
 help / color / mirror / Atom feed
From: cwarlich@gmx.de (Christof Warlich)
To: kernelnewbies@lists.kernelnewbies.org
Subject: ftrace events: parameter tracing
Date: Wed, 14 Feb 2018 19:39:31 +0100	[thread overview]
Message-ID: <2936b31c-5842-0438-dd5a-79cc49ad7f45@gmx.de> (raw)

Hi all,

using ftrace events to trace the sys_open*() system calls seems to be a 
rather quick way to determine which files were used when running a 
program. E.g., recording the the start and the end of any open* system 
call while running ls /:

    # trace-cmd record --stderr? -e syscalls:sys_enter_open* -e
    syscalls:sys_exit_open* -c -F ls / 2>/dev/null

Printing the recorded trace yields::

    # trace-cmd report
    bin ?? dev??? home??? ??? initrd.img.old? lib32? lost+found mnt?
    proc? run??? snap? sys? usr??? vmlinuz
    etc??? initrd.img? lib??? ??? ??? lib64? media?????? opt? root
    sbin??? srv?? tmp? var??? vmlinuz.old
    version = 6
    CPU 0 is empty
    CPU 1 is empty
    CPU 3 is empty
    CPU 4 is empty
    CPU 5 is empty
    CPU 6 is empty
    CPU 7 is empty
    cpus=8
     ????????????? ls-8307? [002] 15379.397993: sys_enter_open:
    filename: 0x7f471c8e9271, flags: 0x00080000, mode: 0x00000001
     ????????????? ls-8307? [002] 15379.398000: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398012: sys_enter_open:
    filename: 0x7f471caf0d60, flags: 0x00080000, mode: 0x7f471caf0168
     ????????????? ls-8307? [002] 15379.398013: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398043: sys_enter_open:
    filename: 0x7f471cad14c8, flags: 0x00080000, mode: 0x7f471caf0168
     ????????????? ls-8307? [002] 15379.398045: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398070: sys_enter_open:
    filename: 0x7f471cad19a8, flags: 0x00080000, mode: 0x7f471cad1000
     ????????????? ls-8307? [002] 15379.398071: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398092: sys_enter_open:
    filename: 0x7f471cad1e98, flags: 0x00080000, mode: 0x7f471cad1000
     ????????????? ls-8307? [002] 15379.398094: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398113: sys_enter_open:
    filename: 0x7f471cad0548, flags: 0x00080000, mode: 0x7f471cad19d0
     ????????????? ls-8307? [002] 15379.398115: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398326: sys_enter_open:
    filename: 0x7f471c6bfc15, flags: 0x00000000, mode: 0x000001b6
     ????????????? ls-8307? [002] 15379.398331: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398375: sys_enter_open:
    filename: 0x7f471c470760, flags: 0x00080000, mode: 0x00000000
     ????????????? ls-8307? [002] 15379.398380: sys_exit_open: 0x3
     ????????????? ls-8307? [002] 15379.398428: sys_enter_open:
    filename: 0x01c97cc0, flags: 0x00090800, mode: 0x00000000
     ????????????? ls-8307? [002] 15379.398430: sys_exit_open: 0x3

Unfortunately, although ftrace prints the filename's address for each 
file being opened, I could not seen any way to obtain the filenames 
themselves.

Any ideas on how to get hold of the filenames would be great, thanks.

Cheers,

Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20180214/e46e4a48/attachment.html>

             reply	other threads:[~2018-02-14 18:39 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-14 18:39 Christof Warlich [this message]
2018-02-14 18:47 ` ftrace events: parameter tracing valdis.kletnieks at vt.edu
2018-02-14 19:26   ` Christof Warlich
2018-02-14 19:43     ` valdis.kletnieks at vt.edu
2018-02-14 20:47       ` Christof Warlich
2018-02-14 19:06 ` valdis.kletnieks at vt.edu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2936b31c-5842-0438-dd5a-79cc49ad7f45@gmx.de \
    --to=cwarlich@gmx.de \
    --cc=kernelnewbies@lists.kernelnewbies.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.