* Lttng filename
@ 2013-06-28 14:13 Alex Mesa
0 siblings, 0 replies; 2+ messages in thread
From: Alex Mesa @ 2013-06-28 14:13 UTC (permalink / raw)
To: lttng-dev
Good Morning,
I would like to know if it is possible to include filename as an added
event or if there any way to output the filename (path) to the
following system calls:
sys_open, sys_write, sched_process_fork, and read.
Thank you.
Best regards,
-AM
Confidentiality Note: This message is intended only for the person or
entity to which it is addressed. It may contain confidential and/or
privileged material. Any review, transmission, dissemination or other
use, or taking of any action in reliance upon this message by persons
or entities other than the intended recipient is prohibited and may be
unlawful. If you received this message in error, please contact the
sender and delete it from your computer.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Lttng filename
[not found] <CAOK8cx8jyCTzjZJ2mTmkye80kgxymtd+1vo-O1Y+WnyQR7yHHQ@mail.gmail.com>
@ 2013-06-29 0:00 ` Alexandre Montplaisir
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Montplaisir @ 2013-06-29 0:00 UTC (permalink / raw)
To: Alex Mesa; +Cc: lttng-dev
On 13-06-28 10:13 AM, Alex Mesa wrote:
> Good Morning,
>
> I would like to know if it is possible to include filename as an added
> event or if there any way to output the filename (path) to the
> following system calls:
> sys_open, sys_write, sched_process_fork, and read.
> Thank you.
Hi,
"sys_open" should already have a "filename" field of type string,
doesn't it?
"sched_process_fork" does not specify a filename. When a process forks,
the newly created process will still have the same executable name as
its parent. In most cases, it will call exec() soon after. "sys_execve"
should have a filename field too.
As for sys_write and sys_read, those are a bit more complicated, since
they do not provide the file name directly.
When you see a sys_open, the following exit_syscall will carry the
return value of the call to open(), which is the file descriptor number
that was assigned to this particular file for this process. sys_read and
sys_write have a "fd" field, which indicates that file descriptor. So
you need to backtrack to the closest earlier sys_open to match the fd to
the file name.
In trace viewers, we use a state system to track this kind of
information, so that it is possible to know, at the timestamp of a
sys_read for example, which file is set to which fd, without having to
backtrack potentially up to the start of the trace. For reference, you
can look at the user guide for the Eclipse plugin viewer:
http://wiki.eclipse.org/Linux_Tools_Project/TMF/User_Guide#Generic_State_System
Cheers,
Alexandre
>
>
> Best regards,
> -AM
>
> Confidentiality Note: This message is intended only for the person or
> entity to which it is addressed. It may contain confidential and/or
> privileged material. Any review, transmission, dissemination or other
> use, or taking of any action in reliance upon this message by persons
> or entities other than the intended recipient is prohibited and may be
> unlawful. If you received this message in error, please contact the
> sender and delete it from your computer.
>
> _______________________________________________
> lttng-dev mailing list
> lttng-dev@lists.lttng.org
> http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-06-29 0:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-28 14:13 Lttng filename Alex Mesa
[not found] <CAOK8cx8jyCTzjZJ2mTmkye80kgxymtd+1vo-O1Y+WnyQR7yHHQ@mail.gmail.com>
2013-06-29 0:00 ` Alexandre Montplaisir
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.