SystemTap 笔记 (15)—— syscall probes

SystemTap提供了系统调用(syscall)的probe

# stap -L "syscall.*"
syscall.accept sockfd:long addr_uaddr:long addrlen_uaddr:long name:string flags:long flags_str:string argstr:string
syscall.accept4 sockfd:long addr_uaddr:long addrlen_uaddr:long flags:long name:string flags_str:string argstr:string
syscall.access name:string pathname:string mode:long mode_str:string argstr:string $filename:long int $mode:long int
syscall.acct name:string filename:string argstr:string $name:long int
......
# stap -L "syscall.*.return"
syscall.accept.return
syscall.accept4.return
syscall.access.return name:string retstr:string $return:long int $filename:long int $mode:long int
syscall.acct.return name:string retstr:string $return:long int $name:long int
......

关于syscall probe的变量定义:

Each probe alias defines a variety of variables. Look at the tapset source code to find the most reliable source of variable definitions. Generally, each variable listed in the standard manual page is available as a script-level variable. For example, syscall.open exposes file name, flags, and mode. In addition, a standard suite of variables is available at most aliases, as follows:

argstr: A pretty-printed form of the entire argument list, without parentheses.
name: The name of the system call.
retstr: For return probes, a pretty-printed form of the system call result.

syscall.opensyscall.open.return为例:

# stap -L "syscall.open"
syscall.open filename:string mode:long __nr:long name:string flags:long argstr:string $filename:long int $flags:long int $mode:long int

# stap -e 'probe syscall.open{printf("argstr is %s, __nr is %d\n", argstr, __nr)}'
argstr is "/sys/fs/cgroup/systemd/system.slice/systemd-udevd.service/cgroup.procs", O_RDONLY|O_CLOEXEC, __nr is 2
argstr is "/etc/passwd", O_RDONLY|O_CLOEXEC, __nr is 2
argstr is "/proc/self/maps", O_RDONLY|O_CLOEXEC, __nr is 2
......

# stap -e 'probe syscall.open{printf("filename is %s, name is %s, flags is 0x%x, mode is 0x%x\n", filename, name, flags, mode)}'
filename is "/sys/fs/cgroup/systemd/system.slice/systemd-udevd.service/cgroup.procs", name is open, flags is 0x80000, mode is 0x1b6
filename is "/proc/interrupts", name is open, flags is 0x0, mode is 0x1b6
filename is "/proc/stat", name is open, flags is 0x0, mode is 0x1b6
......

# stap -e 'probe syscall.open{printf("filename is 0x%x, $flags is 0x%x, $mode is 0x%x\n", $filename, $flags, $mode)}'
filename is 0x1a658f0, $flags is 0x80000, $mode is 0x1b6
filename is 0x7f750760b26e, $flags is 0x0, $mode is 0x1b6
filename is 0x7f750760b291, $flags is 0x0, $mode is 0x1b6
filename is 0x7ffcf45d73d0, $flags is 0x0, $mode is 0x1b6
......

# stap -L "syscall.open.return"
syscall.open.return __nr:long name:string retstr:string $return:long int $filename:long int $flags:long int $mode:long int

# stap -e 'probe syscall.open.return{printf("__nr is %d, name is %s, retstr is %s\n", __nr, name, retstr)}'
__nr is 2, name is open, retstr is 13
__nr is 2, name is open, retstr is 3
__nr is 2, name is open, retstr is 3
__nr is 2, name is open, retstr is -2 (ENOENT)
__nr is 2, name is open, retstr is -2 (ENOENT)
__nr is 2, name is open, retstr is -2 (ENOENT)
......

# stap -e 'probe syscall.open.return{printf("fiilename is 0x%x, $flags is 0x%x, $mode is 0x%x\n", $filename, $flags, $mode)}'
fiilename is 0x7f750760b26e, $flags is 0x0, $mode is 0x1b6
fiilename is 0x7f750760b291, $flags is 0x0, $mode is 0x1b6
fiilename is 0x7ffcf45d73d0, $flags is 0x0, $mode is 0x1b6
fiilename is 0x7ffcf45d73d0, $flags is 0x0, $mode is 0x1b6
fiilename is 0x7ffcf45d73d0, $flags is 0x0, $mode is 0x1b6
......

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注