From: William Cohen <wcohen@redhat.com>
To: David Smith <dsmith@redhat.com>
Cc: systemtap <systemtap@sourceware.org>
Subject: Re: Using sys_enter sys_exit trace point in place of syscall.*{.return} probes where possible
Date: Thu, 20 Sep 2018 17:26:00 -0000 [thread overview]
Message-ID: <d430534e-1d10-c06c-b630-a5f221483e22@redhat.com> (raw)
In-Reply-To: <CAKFOr-b1-of-40uggSvP+gEKLSesgEq1FfKjVSSaS1GZC2JFqg@mail.gmail.com>
On 9/20/18 12:07 PM, David Smith wrote:
> On Thu, Sep 20, 2018 at 10:12 AM William Cohen <wcohen@redhat.com> wrote:
>>
>> On 9/19/18 5:14 PM, David Smith wrote:
>>> In testsuite/systemtap.examples/profiling/container_check.stp, you
>>> used _stp_syscall_nr(). I wouldn't do that, I'd use $id. I'm not 100%
>>> sure that _stp_syscall_nr() is going to work on every arch at that
>>> point.
>>
>> Hi David,
>>
>> Here are the raw tracepoints:
>>
>> $ stap -L 'kernel.trace("sys_*")'
>> kernel.trace("raw_syscalls:sys_enter") $regs:struct pt_regs* $id:long int
>> kernel.trace("raw_syscalls:sys_exit") $regs:struct pt_regs* $ret:long int
>>
>> It would have been preferable to use $id for the kernel.trace("sys_exit"), but it doesn't exist there. So it was _stp_syscall_nr() which works on some machines versus $id which doesn't work on any machine. I spent some time Wednesday changing things to have a tapset encapsulate with syscall_any and syscall_any.return probe points to hide details like the _stp_syscall_nr().>
> Ah, I didn't realize we were talking about syscall returns needing the
> syscall number. I seem to recall that arm64 (and perhaps s390x) had
> some restrictions about when the stuff called by _stp_syscall_nr()
> could be called. You might try testing on those platforms.
>
There are cases where it is nicer/more efficient to make the syscall number/name available for the return only need one probe point rather than two to collect data. An example of this are testsuite/systemtap.examples/lwtools/syscallbypid-nd.stp and testsuite/systemtap.examples/profiling/errno.stp where just want to know the syscall name/number and the return value.
Thanks for listing the architectures should look at to make sure that things work properly on. I will take a look at those and test on those machine.
>>> I also wonder if you shouldn't use the old code as a fallback,
>>> something like the following:
>>>
>>> ====
>>> probe kernel.trace("sys_exit")!, nd_syscall.*.return {
>>> # probe that doesn't do anything with the syscall info
>>> }
>>> ====
>>>
>>> That gets trickier if the probe does something with the syscall info.
>>
>> I considered using the nd_syscall.* and nd_syscall.*.return as fallbacks if the tracepoints were not available. However, the sys_enter and sys_exit tracepoints have been available since 2009. Even the RHEL6 kernel has them. It seemed unlikely that fallbacks on the nd_syscall.* would be needed, so they were omitted.
>
> OK, you talked me out of that one then.
>
Well, I had practice. I talked myself out it earlier. :) I previously had the probe points written just like you suggested.
-Will
prev parent reply other threads:[~2018-09-20 17:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-18 13:58 William Cohen
2018-09-19 21:14 ` David Smith
2018-09-20 15:12 ` William Cohen
2018-09-20 16:07 ` David Smith
2018-09-20 17:26 ` William Cohen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d430534e-1d10-c06c-b630-a5f221483e22@redhat.com \
--to=wcohen@redhat.com \
--cc=dsmith@redhat.com \
--cc=systemtap@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).