ftrace events: parameter tracing

Christof Warlich <cwarlich@xxxxxx> · Wed, 14 Feb 2018 19:39:31 +0100



    Hi all,
    using ftrace events to trace the sys_open*() system calls seems
      to be a rather quick way to determine which files were used when
      running a program. E.g., recording the the start and the end of
      any open* system call while running ls /:
    
      # trace-cmd record --stderr  -e syscalls:sys_enter_open* -e
        syscalls:sys_exit_open* -c -F ls / 2>/dev/null
    
    Printing the recorded trace yields::

    
      # trace-cmd report

        bin    dev    home        initrd.img.old  lib32  lost+found 
        mnt  proc  run    snap  sys  usr    vmlinuz

        etc    initrd.img  lib            lib64  media       opt  root 
        sbin    srv   tmp  var    vmlinuz.old

        version = 6

        CPU 0 is empty

        CPU 1 is empty

        CPU 3 is empty

        CPU 4 is empty

        CPU 5 is empty

        CPU 6 is empty

        CPU 7 is empty

        cpus=8

                      ls-8307  [002] 15379.397993: sys_enter_open:      
        filename: 0x7f471c8e9271, flags: 0x00080000, mode: 0x00000001

                      ls-8307  [002] 15379.398000: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398012: sys_enter_open:      
        filename: 0x7f471caf0d60, flags: 0x00080000, mode:
        0x7f471caf0168

                      ls-8307  [002] 15379.398013: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398043: sys_enter_open:      
        filename: 0x7f471cad14c8, flags: 0x00080000, mode:
        0x7f471caf0168

                      ls-8307  [002] 15379.398045: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398070: sys_enter_open:      
        filename: 0x7f471cad19a8, flags: 0x00080000, mode:
        0x7f471cad1000

                      ls-8307  [002] 15379.398071: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398092: sys_enter_open:      
        filename: 0x7f471cad1e98, flags: 0x00080000, mode:
        0x7f471cad1000

                      ls-8307  [002] 15379.398094: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398113: sys_enter_open:      
        filename: 0x7f471cad0548, flags: 0x00080000, mode:
        0x7f471cad19d0

                      ls-8307  [002] 15379.398115: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398326: sys_enter_open:      
        filename: 0x7f471c6bfc15, flags: 0x00000000, mode: 0x000001b6

                      ls-8307  [002] 15379.398331: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398375: sys_enter_open:      
        filename: 0x7f471c470760, flags: 0x00080000, mode: 0x00000000

                      ls-8307  [002] 15379.398380: sys_exit_open:       
        0x3

                      ls-8307  [002] 15379.398428: sys_enter_open:      
        filename: 0x01c97cc0, flags: 0x00090800, mode: 0x00000000

                      ls-8307  [002] 15379.398430: sys_exit_open:       
        0x3

      
    Unfortunately, although ftrace prints the filename's address for
      each file being opened, I could not seen any way to obtain the
      filenames themselves.
    Any ideas on how to get hold of the filenames would be great,
      thanks.
    Cheers,
    Chris
  

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies