gpt4 book ai didi

linux - 如何使用 ftrace 仅跟踪系统调用事件而不显示 Linux 内核中的任何其他函数?

转载 作者:IT王子 更新时间:2023-10-29 00:59:45 24 4
gpt4 key购买 nike

例如,要监控所有 mkdir 调用,我能想到的最好办法是:

#!/bin/sh
set -eux

d=debug/tracing

mkdir -p debug
if ! mountpoint -q debug; then
mount -t debugfs nodev debug
fi

# Stop tracing.
echo 0 > "${d}/tracing_on"

# Clear previous traces.
echo > "${d}/trace"

# Enable tracing mkdir
echo sys_enter_mkdir > "${d}/set_event"

# Set tracer type.
echo function > "${d}/current_tracer"

# Filter only sys_mkdir as a workaround.
echo SyS_mkdir > "${d}/set_ftrace_filter"

# Start tracing.
echo 1 > "${d}/tracing_on"

# Generate two mkdir calls.
rm -rf /tmp/a
rm -rf /tmp/b
mkdir /tmp/a
mkdir /tmp/b

# View the trace.
cat "${d}/trace"

# Stop tracing.
echo 0 > "${d}/tracing_on"

umount debug

然后在使用 sudo 运行后,它给出:

# tracer: function
#
# entries-in-buffer/entries-written: 4/4 #P:16
#
# _-----=> irqs-off
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / delay
# TASK-PID CPU# |||| TIMESTAMP FUNCTION
# | | | |||| | |
mkdir-31254 [015] .... 2010985.576760: sys_mkdir(pathname: 7ffc54b32c77, mode: 1ff)
mkdir-31254 [015] .... 2010985.576763: SyS_mkdir <-tracesys_phase2
mkdir-31255 [007] .... 2010985.578363: sys_mkdir(pathname: 7fff02d90c77, mode: 1ff)
mkdir-31255 [007] .... 2010985.578365: SyS_mkdir <-tracesys_phase2

我的问题是它为每个系统调用输出两行:

  • sys_mkdir 这是我想要的事件
  • SyS_mkdir 这是过滤后的函数解决方法,我不想看到它

如果我尝试这样做:

echo > "${d}/set_ftrace_filter"

或者根本不碰那个文件,那么它会显示大量函数,并且很难找到系统调用。

是否有更好的方法来禁用常规功能并只保留系统调用事件?

我可以只使用 SyS_mkdir 并禁用我猜的系统调用事件,但如果我可以使用更具体的事件,感觉会更干净吗?还有:

  • 事件显示参数,这样更好。
  • syscall 函数名称在内核版本之间发生变化。例如,在 Linux v4.18 上它已经是 __x64_sys_mkdir 而不是 SyS_mkdir

相关:

在 Ubuntu 18.04、Linux 内核 4.15 上测试。

最佳答案

使用nop 跟踪器

作为proposed by sruffell ,我们所要做的就是使用 nop 跟踪器而不是 function,这将禁用函数跟踪,但不会禁用事件。

使用 sudo 运行:

#!/bin/sh
set -eux

d=debug/tracing

mkdir -p debug
if ! mountpoint -q debug; then
mount -t debugfs nodev debug
fi

# Stop tracing.
echo 0 > "${d}/tracing_on"

# Clear previous traces.
echo > "${d}/trace"

# Find the tracer name.
cat "${d}/available_tracers"

# Disable tracing functions, show only system call events.
echo nop > "${d}/current_tracer"

# Find the event name with.
grep mkdir "${d}/available_events"

# Enable tracing mkdir.
# Both statements below seem to do the exact same thing,
# just with different interfaces.
# https://www.kernel.org/doc/html/v4.18/trace/events.html
echo sys_enter_mkdir > "${d}/set_event"
# echo 1 > "${d}/events/syscalls/sys_enter_mkdir/enable"

# Start tracing.
echo 1 > "${d}/tracing_on"

# Generate two mkdir calls by two different processes.
rm -rf /tmp/a /tmp/b
mkdir /tmp/a
mkdir /tmp/b

# View the trace.
cat "${d}/trace"

# Stop tracing.
echo 0 > "${d}/tracing_on"

umount debug

这给出了所需的输出:

   mkdir-26064 [007] .... 2014370.909743: sys_mkdir(pathname: 7fffbd461c77, mode: 1ff)
mkdir-26065 [014] .... 2014370.911615: sys_mkdir(pathname: 7ffea53bac77, mode: 1ff)

替代方案不是最佳方案

这也行,但绝对不那么好,替换:

echo SyS_mkdir > "${d}/set_ftrace_filter"

与:

echo '*' > "${d}/set_ftrace_notrace"

这将关闭文档中提到的所有功能:https://www.kernel.org/doc/html/v4.18/trace/ftrace.html#the-file-system

set_ftrace_notrace:

This has an effect opposite to that of set_ftrace_filter. Any function that is added here will not be traced. If a function exists in both set_ftrace_filter and set_ftrace_notrace, the function will not be traced.

关于linux - 如何使用 ftrace 仅跟踪系统调用事件而不显示 Linux 内核中的任何其他函数?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52764544/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com