From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26150 invoked by alias); 20 Sep 2018 16:07:49 -0000 Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org Received: (qmail 26127 invoked by uid 89); 20 Sep 2018 16:07:48 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=talked, RHEL6, rhel6, Manager X-HELO: mail-oi0-f68.google.com Received: from mail-oi0-f68.google.com (HELO mail-oi0-f68.google.com) (209.85.218.68) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 20 Sep 2018 16:07:47 +0000 Received: by mail-oi0-f68.google.com with SMTP id v198-v6so8836568oif.9 for ; Thu, 20 Sep 2018 09:07:47 -0700 (PDT) MIME-Version: 1.0 References: <53339d9a-613a-07ed-0d43-3cf3b9453dd8@redhat.com> <678e627b-b984-b227-e2f5-1e396313e71a@redhat.com> In-Reply-To: <678e627b-b984-b227-e2f5-1e396313e71a@redhat.com> From: David Smith Date: Thu, 20 Sep 2018 16:07:00 -0000 Message-ID: Subject: Re: Using sys_enter sys_exit trace point in place of syscall.*{.return} probes where possible To: William Cohen Cc: systemtap Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2018-q3/txt/msg00190.txt.bz2 On Thu, Sep 20, 2018 at 10:12 AM William Cohen wrote: > > On 9/19/18 5:14 PM, David Smith wrote: > > In testsuite/systemtap.examples/profiling/container_check.stp, you > > used _stp_syscall_nr(). I wouldn't do that, I'd use $id. I'm not 100% > > sure that _stp_syscall_nr() is going to work on every arch at that > > point. > > Hi David, > > Here are the raw tracepoints: > > $ stap -L 'kernel.trace("sys_*")' > kernel.trace("raw_syscalls:sys_enter") $regs:struct pt_regs* $id:long int > kernel.trace("raw_syscalls:sys_exit") $regs:struct pt_regs* $ret:long int > > It would have been preferable to use $id for the kernel.trace("sys_exit")= , but it doesn't exist there. So it was _stp_syscall_nr() which works on s= ome machines versus $id which doesn't work on any machine. I spent some ti= me Wednesday changing things to have a tapset encapsulate with syscall_any = and syscall_any.return probe points to hide details like the _stp_syscall_n= r(). Ah, I didn't realize we were talking about syscall returns needing the syscall number. I seem to recall that arm64 (and perhaps s390x) had some restrictions about when the stuff called by _stp_syscall_nr() could be called. You might try testing on those platforms. > > I also wonder if you shouldn't use the old code as a fallback, > > something like the following: > > > > =3D=3D=3D=3D > > probe kernel.trace("sys_exit")!, nd_syscall.*.return { > > # probe that doesn't do anything with the syscall info > > } > > =3D=3D=3D=3D > > > > That gets trickier if the probe does something with the syscall info. > > I considered using the nd_syscall.* and nd_syscall.*.return as fallbacks = if the tracepoints were not available. However, the sys_enter and sys_exit= tracepoints have been available since 2009. Even the RHEL6 kernel has the= m. It seemed unlikely that fallbacks on the nd_syscall.* would be needed, s= o they were omitted. OK, you talked me out of that one then. --=20 David Smith Associate Manager Red Hat