[PATCH v3 8/8] Documentation: tracing: Add entry argument access at function exit

linux-trace-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
To: Steven Rostedt <rostedt@goodmis.org>, Jiri Olsa <jolsa@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org,
	mhiramat@kernel.org, linux-doc@vger.kernel.org,
	linux-kselftest@vger.kernel.org
Subject: [PATCH v3 8/8] Documentation: tracing: Add entry argument access at function exit
Date: Mon,  4 Mar 2024 12:41:15 +0900	[thread overview]
Message-ID: <170952367549.229804.8843506960483577062.stgit@devnote2> (raw)
In-Reply-To: <170952359657.229804.14867636035660590574.stgit@devnote2>

From: Masami Hiramatsu (Google) <mhiramat@kernel.org>

Add a notes about the entry argument access at function exit probes for
kprobes and fprobe trace event.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
---
 Changes in v3:
  - Add usage example in fprobetrace.rst.
---
 Documentation/trace/fprobetrace.rst |   31 +++++++++++++++++++++++++++++++
 Documentation/trace/kprobetrace.rst |    9 +++++++++
 2 files changed, 40 insertions(+)

diff --git a/Documentation/trace/fprobetrace.rst b/Documentation/trace/fprobetrace.rst
index e35e6b18df40..0f187e3796e4 100644
--- a/Documentation/trace/fprobetrace.rst
+++ b/Documentation/trace/fprobetrace.rst
@@ -70,6 +70,14 @@ Synopsis of fprobe-events
 
 For the details of TYPE, see :ref:`kprobetrace documentation <kprobetrace_types>`.
 
+Function arguments at exit
+--------------------------
+Function arguments can be accessed at exit probe using $arg<N> fetcharg. This
+is useful to record the function parameter and return value at once, and
+trace the difference of structure fields (for debuging a function whether it
+correctly updates the given data structure or not)
+See the :ref:`sample<fprobetrace_exit_args_sample>` below for how it works.
+
 BTF arguments
 -------------
 BTF (BPF Type Format) argument allows user to trace function and tracepoint
@@ -218,3 +226,26 @@ traceprobe event, you can trace that field as below.
            <idle>-0       [000] d..3.  5606.690317: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000
       kworker/0:1-14      [000] d..3.  5606.690339: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0
            <idle>-0       [000] d..3.  5606.692368: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000
+
+.. _fprobetrace_exit_args_sample:
+
+The return probe allows us to access the results of some functions, which returns
+the error code and its results are passed via function parameter, such as an
+structure-initialization function.
+
+For example, vfs_open() will link the file structure to the inode and update
+mode. You can trace that changes with return probe.
+::
+
+ # echo 'f vfs_open mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events
+ # echo 'f vfs_open%%return mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events
+ # echo 1 > events/fprobes/enable
+ # cat trace
+              sh-131     [006] ...1.  1945.714346: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x2 inode=0x0
+              sh-131     [006] ...1.  1945.714358: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4d801e inode=0xffff888008470168
+             cat-143     [007] ...1.  1945.717949: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0
+             cat-143     [007] ...1.  1945.717956: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4a801d inode=0xffff888005f78d28
+             cat-143     [007] ...1.  1945.720616: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0
+             cat-143     [007] ...1.  1945.728263: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0xa800d inode=0xffff888004ada8d8
+
+You can see the `file::f_mode` and `file::f_inode` are upated in `vfs_open()`.
diff --git a/Documentation/trace/kprobetrace.rst b/Documentation/trace/kprobetrace.rst
index bf9cecb69fc9..a49662ccd53c 100644
--- a/Documentation/trace/kprobetrace.rst
+++ b/Documentation/trace/kprobetrace.rst
@@ -70,6 +70,15 @@ Synopsis of kprobe_events
   (\*3) this is useful for fetching a field of data structures.
   (\*4) "u" means user-space dereference. See :ref:`user_mem_access`.
 
+Function arguments at kretprobe
+-------------------------------
+Function arguments can be accessed at kretprobe using $arg<N> fetcharg. This
+is useful to record the function parameter and return value at once, and
+trace the difference of structure fields (for debuging a function whether it
+correctly updates the given data structure or not).
+See the :ref:`sample<fprobetrace_exit_args_sample>` in fprobe event for how
+it works.
+
 .. _kprobetrace_types:
 
 Types

     prev parent reply	other threads:[~2024-03-04  3:41 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-04  3:39 [PATCH v3 0/8] tracing/probes: Support function parameter access from return probe Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 1/8] fprobe: Fix to allocate entry_data_size buffer with rethook instances Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 2/8] tracing/fprobe-event: cleanup: Fix a wrong comment in fprobe event Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 3/8] tracing/probes: Cleanup probe argument parser Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 4/8] tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 5/8] tracing: Remove redundant #else block for BTF args from README Masami Hiramatsu (Google)
2024-03-04  3:40 ` [PATCH v3 6/8] tracing/probes: Support $argN in return probe (kprobe and fprobe) Masami Hiramatsu (Google)
2024-03-04  3:41 ` [PATCH v3 7/8] selftests/ftrace: Add test cases for entry args at function exit Masami Hiramatsu (Google)
2024-03-04  3:41 ` Masami Hiramatsu (Google) [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e35e6b18df4 dfblob:0f187e3796e dfblob:bf9cecb69fc
dfblob:a49662ccd53 )
 OR (
bs:"[PATCH v3 8/8] Documentation: tracing: Add entry argument access at function exit" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=170952367549.229804.8843506960483577062.stgit@devnote2 \
    --to=mhiramat@kernel.org \
    --cc=jolsa@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).