On Sat, 7 Aug 2021 10:28:46 +0900 Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote: > Hmm, sorry, I rather like to use synthetic event with trigger action, > since this is not a kprobe. Correct, but I don't think it matches synthetic events either. > Can you change your idea to use trigger action with synthetic event? > > For example, if we have a "trace" action in the trigger action, > > echo "eopen char filename[]" >> synthetic_events > echo "trace:eopen,filename.ustring" >> events/syscalls/sys_enter_openat/trigger > > A new action is, > trace:SYNTH_EVENT,PARAM(s) [if FILTER] > and > .ustring/.string modifier for the PARAMS. > > I think this matches the current dynamic event model, and can extend > programmability of the ftrace, and keeps dynamic events simple. But we want to follow all the features of kprobes. This isn't about just taking existing fields. In fact, we want fields that are not available from the event. Here's an idea of what we want to do: echo 'e:hr_nr_events timer.hrtimer_expire_entry nr_events=+0x58(+0(+0x30($hrtimer))):u32' > kprobe_events echo 1 > events/kprobes/enable cat trace <idle>-0 [002] d.h2 937.412239: hr_nr_events: (0) nr_events=38380 <idle>-0 [000] d.h2 937.412239: hr_nr_events: (0) nr_events=930268 bash-1409 [001] d.h1 937.412239: hr_nr_events: (0) nr_events=33874 <idle>-0 [000] d.h2 937.413238: hr_nr_events: (0) nr_events=930269 <idle>-0 [004] d.h2 937.413238: hr_nr_events: (0) nr_events=35263 <idle>-0 [001] d.h2 937.413238: hr_nr_events: (0) nr_events=33875 Which gives me the nr_events from the hrtimer pointer passed to the timer.hrtimer_entry event via hrtimer->base->cpu_base->nr_events The idea is that we can get trace events into places that the maintainers have issues with (like the scheduler or vfs), where we may be allow to add a trace event that only gives us access to a pointer and nothing else that can become a limiting API. Then we can attach an eprobe to it that can offset the pointer to a structure and create dynamically all the fields we need. Daniel has some work he's doing that will can be improved by this feature. Having it as a trigger, will make this rather complex. Which is why we want this as a probe, and not a trigger. We are only using the trigger to get the data from the field. What we are also looking at is a way to create a "trace_probe" that can attach to a tracepoint (before the event data is added). Which will not be using the trigger code at all, but will be using the similar offset logic we want to do here, but on the entry of the tracepoint, not the exit of it. -- Steve