Hi Folks,
Im trying to get a handle on how the Trace meta data collection works - i can roughly get a grasp of what the SYSCALL_METADA macro does but there are a few curious compiler flags that I've never used before, and think i need some help understanding their implications.
Ive been looking in vim include/linux/syscalls.h and look at the macros SYSCALL_TRACE_ENTER_EVENT SYSCALL_TRACE_EXIT_EVENT SYSCALL_METADATA and these macros create some data structures, but don't seem to call any functions to make any use of them, so I'm assuming that these macros set up some data structures used by something else.
They all end with an assignment that has a compiler directive like __attribute__((section("xxxxxx"))) for example, SYSCALL_METADATA ends with
This data structure has been been placed into a special section in the kernel called "__syscalls_metadata" Is this a heap kind of area somewhere ? i assume that something is watching this area for changes (or being signal somehow) so it will see these changes in data ?static struct syscall_metadata __used \__attribute__((section("__syscalls_metadata"))) \*__p_syscall_meta_##sname = &__syscall_meta_##sname;
the macros SYSCALL_TRACE_ENTER_EVENT have similar attributes on their assignment that put the data into "_ftrace_events".
I suppose trying to follow logically through the code has now put me into a bit of a dead end - can anyone point me to the documentation / code that reads this data so i can complete the chain execution ?
Cheers
Dave
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
