[PATCH v3 00/13] tracing: Show contents of syscall trace event user space fields

[Steven Rostedt <rostedt@kernel.org>]

As of commit 654ced4a1377 ("tracing: Introduce tracepoint_is_faultable()")
system call trace events allow faulting in user space memory. Have some of
the system call trace events take advantage of this.

Also, commit 64cf7d058a00 ("tracing: Have trace_marker use per-cpu data to
read user space") added the method to use per CPU buffers to read data from
user space in critical sections. Instead of recreating that code, make that
code generic so that the system calls can utilize it as well.

Update the system call trace events to read user space for various system
calls (like openat, execve, etc).

A new file is created in the tracefs directory (and also per instance) that
allows the user to shorten the amount copied from user space. It can be
completely disabled if set to zero (it will only display "" or (, ...)
but no copying from user space will be performed). The max size to copy is
hard coded to 165, which should be enough for this purpose. The default
size is 63 bytes.

This allows the output to look like this:

 sys_access(filename: 0x7f8c55368470 "/etc/ld.so.preload", mode: 4)
 sys_execve(filename: 0x564ebcf5a6b8 "/usr/bin/emacs", argv: 0x7fff357c0300, envp: 0x564ebc4a4820)
 sys_write(fd: 1, buf: 0x56430f353be0 (2f:72:6f:6f:74:0a) "/root.", count: 6)
 sys_sethostname(name: 0x5584310eb2a0 "debian", len: 6)
 sys_renameat2(olddfd: 0xffffff9c, oldname: 0x7ffe02facdff "/tmp/x", newdfd: 0xffffff9c, newname: 0x7ffe02face06 "/tmp/y", flags: 1)

Perf system call logic is also updated to take advantage of this work.

The openat system call was updated to show the flags as well:

  sys_openat(dfd: 18446744073709551516, filename: 140733603151330 "/tmp/x", flags: O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, mode: 0666)

Changes since v2: https://lore.kernel.org/linux-trace-kernel/20250923130457.901085554@kernel.org

- Now that trace_marker uses the per CPU read method for reading user
  space, make that code generic so that the system call logic can
  use it as well.

- Update perf system calls to read user space as well.

- Make openat() show what the flags are. Instead of a number, use the
  actual flag names.

- Show printable characters in the data dumps (like the write system call).

- Allow persistent ring buffer to parse system calls appropriately.

Steven Rostedt (13):
      tracing: Make trace_user_fault_read() exposed to rest of tracing
      tracing: Have syscall trace events read user space string
      perf: tracing: Simplify perf_sysenter_enable/disable() with guards
      perf: tracing: Have perf system calls read user space
      tracing: Have system call events record user array data
      tracing: Display some syscall arrays as strings
      tracing: Allow syscall trace events to read more than one user parameter
      tracing: Add a config and syscall_user_buf_size file to limit amount written
      tracing: Show printable characters in syscall arrays
      tracing: Add trace_seq_pop() and seq_buf_pop()
      tracing: Add parsing of flags to the sys_enter_openat trace event
      tracing: Check for printable characters when printing field dyn strings
      tracing: Have persistent ring buffer print syscalls normally

----
 Documentation/trace/ftrace.rst |   8 +
 include/linux/seq_buf.h        |  17 +
 include/linux/trace_seq.h      |  13 +
 include/trace/syscall.h        |   8 +-
 kernel/trace/Kconfig           |  14 +
 kernel/trace/trace.c           | 312 ++++++++++++---
 kernel/trace/trace.h           |  20 +
 kernel/trace/trace_output.c    |  27 +-
 kernel/trace/trace_syscalls.c  | 886 ++++++++++++++++++++++++++++++++++++++---
 9 files changed, 1188 insertions(+), 117 deletions(-)