linux-trace-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
To: linux-trace-kernel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Steven Rostedt <rostedt@goodmis.org>,
	mhiramat@kernel.org, Florent Revest <revest@chromium.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Will Deacon <will@kernel.org>
Subject: [RFC PATCH 0/9] tracing: Add fprobe events
Date: Wed,  9 Nov 2022 00:49:14 +0900	[thread overview]
Message-ID: <166792255429.919356.14116090269057513181.stgit@devnote3> (raw)

Hi,

Here is a series of patches to improve fprobe and add a basic fprobe event
support for ftrace (tracefs) and perf.

With this series, user can add new events on the entry and exit of kernel
functions (which can be ftraced). Unlike kprobe events, the fprobe events
can only probe the function entry and exit, the IP address will have some
offsets from the symbol address. And it can only trace the function args,
return value, and stacks. (no registers)

The fprobe events syntax is here;

 f[:[GRP/][EVENT]] FUNCTION [FETCHARGS]
 f[MAXACTIVE][:[GRP/][EVENT]] FUNCTION%return [FETCHARGS]

E.g.

 # echo 'f vfs_read $arg1'  >> dynamic_events
 # echo 'f vfs_read%return $retval'  >> dynamic_events
 # cat dynamic_events
 f:fprobes/vfs_read_entry vfs_read arg1=$arg1
 f:fprobes/vfs_read_exit vfs_read%return arg1=$retval
 # echo 1 > events/fprobes/enable
 # head -n 20 trace | tail
 #           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
 #              | |         |   |||||     |         |
              sh-142     [005] ...1.   448.386420: vfs_read_entry: (vfs_read+0x4/0x340) arg1=0xffff888007f7c540
              sh-142     [005] .....   448.386436: vfs_read_exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=0x1
              sh-142     [005] ...1.   448.386451: vfs_read_entry: (vfs_read+0x4/0x340) arg1=0xffff888007f7c540
              sh-142     [005] .....   448.386458: vfs_read_exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=0x1
              sh-142     [005] ...1.   448.386469: vfs_read_entry: (vfs_read+0x4/0x340) arg1=0xffff888007f7c540
              sh-142     [005] .....   448.386476: vfs_read_exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=0x1
              sh-142     [005] ...1.   448.602073: vfs_read_entry: (vfs_read+0x4/0x340) arg1=0xffff888007f7c540
              sh-142     [005] .....   448.602089: vfs_read_exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=0x1

Future works:
 - Trace multiple function entry/exit (wildcard).
 - Integrate it with the function graph tracer.
 - Use ftrace_regs instead of pt_regs and remove dependency of
   CONFIG_DYNAMIC_FTRACE_WITH_REGS.
 - Support (limited) register access via ftrace_regs.
 - Support fprobe event by perf probe.
 - Support entry data accessing from exit event.
 - Support BTF for trace arguments.

This fprobe event may eventually replace the kprobe events for
function entry and exit on some archs (e.g. arm64).

Here's my current migration (kretprobe to fprobe) idea:

Phase 1. introduce fprobe events. (THIS)
Phase 2. introduce generic function graph shadow stack
Phase 3. Replace the rethook with function shadow stack
         and use ftrace_regs in fprobe handlers.
Phase 4. Extend this fprobe support to other archs.

Even if kretprobe event is replaced with fprobe event, tracefs user can
transparently use fprobe events for function entry/exit with 'p:...'
and 'r:...' syntax (for backward compatibility.)

Thank you,

---

Masami Hiramatsu (Google) (9):
      fprobe: Pass entry_data to handlers
      lib/test_fprobe: Add private entry_data testcases
      fprobe: Add nr_maxactive to specify rethook_node pool size
      lib/test_fprobe: Add a test case for nr_maxactive
      fprobe: Skip exit_handler if entry_handler returns !0
      lib/test_fprobe: Add a testcase for skipping exit_handler
      docs: tracing: Update fprobe documentation
      fprobe: Pass return address to the handlers
      tracing/probes: Add fprobe-events


 Documentation/trace/fprobe.rst  |   16 -
 include/linux/fprobe.h          |   17 +
 include/linux/rethook.h         |    2 
 include/linux/trace_events.h    |    3 
 kernel/kprobes.c                |    1 
 kernel/trace/Kconfig            |   14 
 kernel/trace/Makefile           |    1 
 kernel/trace/bpf_trace.c        |   19 +
 kernel/trace/fprobe.c           |   45 +-
 kernel/trace/rethook.c          |    3 
 kernel/trace/trace.h            |   11 
 kernel/trace/trace_fprobe.c     | 1120 +++++++++++++++++++++++++++++++++++++++
 kernel/trace/trace_probe.c      |    4 
 kernel/trace/trace_probe.h      |    4 
 lib/test_fprobe.c               |  109 ++++
 samples/fprobe/fprobe_example.c |   11 
 16 files changed, 1349 insertions(+), 31 deletions(-)
 create mode 100644 kernel/trace/trace_fprobe.c

--
Masami Hiramatsu (Google) <mhiramat@kernel.org>

             reply	other threads:[~2022-11-08 15:49 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-08 15:49 Masami Hiramatsu (Google) [this message]
2022-11-08 15:49 ` [RFC PATCH 1/9] fprobe: Pass entry_data to handlers Masami Hiramatsu (Google)
2023-01-18  1:43   ` Steven Rostedt
2023-01-20  3:48     ` Masami Hiramatsu
2022-11-08 15:49 ` [RFC PATCH 2/9] lib/test_fprobe: Add private entry_data testcases Masami Hiramatsu (Google)
2022-11-08 15:49 ` [RFC PATCH 3/9] fprobe: Add nr_maxactive to specify rethook_node pool size Masami Hiramatsu (Google)
2022-11-08 15:49 ` [RFC PATCH 4/9] lib/test_fprobe: Add a test case for nr_maxactive Masami Hiramatsu (Google)
2022-11-08 15:49 ` [RFC PATCH 5/9] fprobe: Skip exit_handler if entry_handler returns !0 Masami Hiramatsu (Google)
2022-11-08 15:50 ` [RFC PATCH 6/9] lib/test_fprobe: Add a testcase for skipping exit_handler Masami Hiramatsu (Google)
2022-11-08 15:50 ` [RFC PATCH 7/9] docs: tracing: Update fprobe documentation Masami Hiramatsu (Google)
2022-11-08 15:50 ` [RFC PATCH 8/9] fprobe: Pass return address to the handlers Masami Hiramatsu (Google)
2022-11-08 15:50 ` [RFC PATCH 9/9] tracing/probes: Add fprobe-events Masami Hiramatsu (Google)
2023-01-18 22:43   ` Steven Rostedt
2023-01-20 11:55     ` Masami Hiramatsu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=166792255429.919356.14116090269057513181.stgit@devnote3 \
    --to=mhiramat@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=revest@chromium.org \
    --cc=rostedt@goodmis.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).