Presentation is loading. Please wait.

Presentation is loading. Please wait.

Big Picture of Linux Probe and Trace Tools

Published byAbigail Eaton Modified over 6 years ago

Similar presentations

Presentation on theme: "Big Picture of Linux Probe and Trace Tools"— Presentation transcript:

0 Linux Tracepoint and Kprobe
Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee (480)

1 Big Picture of Linux Probe and Trace Tools
performance measurement, trace logs, debugging support (breakpoint, single step)

2 (https://lwn.net/Articles/132196/)
Linux Kprobe (1) Kprobes - Dynamic event tracing in kernel probes can be added or removed Add a new trace event register_kprobe() specifies where the probe is to be inserted and what pre_ and post_ handlers are to be called when the probe is hit. int register_kprobe(struct kprobe *p); struct kprobe – linux/include/linux/kprobes.h, line 73 unregister_kprobe() where -- function entry (symbol) + offset / function return handler can fetch various registers/memory/symbols – dereferencing (resolving pointer) is supported To enable kprobe CONFIG_KPROBES=y and CONFIG_KALLSYMS=y or CONFIG_KALLSYMS_ALL=y (

3 Linux Kprobe (2) uses a breakpoint and a single-step on copied code
Preparing Running

4 Linux Kprobe (3) Kprobes can be installed anywhere in the kernel, including ISR allow multiple probes at the same address multiple handlers (or multiple instances of the same handler) may run concurrently on different CPUs. registered kprobes are visible under the /sys/kernel/debug/kprobes/ directory when registered, probes are saved in a hash table hashed by the address of the probe Hash table can be locked using kprobe_lock (a spinlock) Kprobes cannot probe itself use a blacklist to prevent recursive traps Probe handlers are run with preemption disabled. Depending on the architecture and optimization state, handlers may also run with interrupts disabled (not on x86/x86-64). In any case, should not yield the CPU (e.g., by attempting to acquire a semaphore).

5 A Simple Kprobe Example
#include <linux/kernel.h> #include <linux/module.h> #include <linux/kprobes.h> static struct kprobe kp = { /* need to allocate a kprobe structure */ .symbol_name = "do_fork", }; static int handler_pre(struct kprobe *p, struct pt_regs *regs) { printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx," " flags = 0x%lx\n", p->addr, regs->ip, regs->flags); } static int __init kprobe_init(void) { int ret; kp.pre_handler = handler_pre; kp.post_handler = handler_post; kp.fault_handler = handler_fault; ret = register_kprobe(&kp); if (ret < 0) { printk(KERN_INFO "register_kprobe failed, returned %d\n", ret); return ret; printk(KERN_INFO "Planted kprobe at %p\n", kp.addr); return 0; static void __exit kprobe_exit(void) { unregister_kprobe(&kp); printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr); } (

6 Data Accessing in Kprobe
Accesses to registers %reg memory location in kernel symbol +|- offset (via kallsyms_lookup_name()) Global kernel structures The running kernel process task_struct or local variables kernel_stack_pointer and regs_get_kernel_stack_nth() in Linux/arch/x86/kernel/ptrace.c void handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long flags) { struct task_struct *task; read_lock(&tasklist_lock); for_each_process(task) { printk("pid =%x task-info_ptr=%lx\n", task->pid, task->thread_info); } read_unlock(&tasklist_lock); } (

7 Process Kernel Stack struct thread_info at the bottom of the process kernel stack pointer to task_struct (process control block) Where it is: (sp & ~(THREAD_SIZE - 1))) or GET_THREAD_INFO(reg) current_thread_info(void) (/arch/x86/include/asm/thread_info.h) Example: sys_getpid SYSCALL_DEFINE0(getpid) in /kernel/sys.c current is defined as current_thread_info()->task in /include/asm-generic/current.h

8 Linux Tracepoint (1) Static instrumentation (in source code)
callback functions that record data at a specific location in the kernel Example: in /kernel/sched/core.c a trace point is placed in context switch function context_switch() trace_sched_switch(prev, next); trace_sched_switch is generated via macro definitions TRACE_EVENT(sched_switch, …..) is defined in /include/trace/events/sched.h TRACE_EVENT macro TRACE_EVENT(name, proto, args, struct, assign, print) name - the name of the tracepoint to be created. prototype - the prototype for the tracepoint callbacks args - the arguments that match the prototype. struct - the structure that a tracer could use (but is not required to) to store the data passed into the tracepoint. assign - the C-like way to assign the data to the structure. print - the way to output the structure in human readable ASCII format.

9 Linux Tracepoint (2) TRACE_EVENT is defined differently based on the .h file included in /include/linux/tracepoint.h #define TRACE_EVENT(name, proto, args, struct, assign, print) \ DECLARE_TRACE(name, PARAMS(proto), PARAMS(args)) in /include/trace/ftrace.h #undef TRACE_EVENT #define TRACE_EVENT(name, proto, args, tstruct, assign, print) \ DECLARE_EVENT_CLASS(name, \ PARAMS(proto), \ PARAMS(args), \ PARAMS(tstruct), \ PARAMS(assign), \ PARAMS(print)); \ DEFINE_EVENT(name, name, PARAMS(proto), PARAMS(args)); in /include/trace/define_trace.h #define TRACE_EVENT(name, proto, args, tstruct, assign, print) \ DEFINE_TRACE(name)

10 Linux Tracepoint (3) Tracepoint is to insert a function statically in source program Why the macro mechanism is adapted too tedious to create a callback for every tracepoint automate the process that tracepoints are created, registered, and managed (enabled), as well as to connect to a tracer (e.g. Ftrace) # ls /sys/kernel/debug/tracing/events block enable ext4 header_event module sched skb timer enable ftrace header_page irq kmem power syscalls workqueue # ls /sys/kernel/debug/tracing/events/sched enable sched_process_exit sched_stat_wait filter sched_process_fork sched_stick_numa sched_kthread_stop sched_process_free sched_swap_numa sched_kthread_stop_ret sched_process_wait sched_switch sched_migrate_task sched_stat_blocked sched_wait_task sched_move_numa sched_stat_iowait sched_wakeup sched_pi_setprio sched_stat_runtime sched_wakeup_new sched_process_exec sched_stat_sleep

11 An Example – Sillymod-event.c
Tracepoint “trace_me_silly()” is defined in silly_trace.h in which tracepoint.h is included to define TRACE_EVENT (me_silly …..) define TRACE_SYSTEM, TRACE_INCLUDE_PATH, and TRACE_INCLUDE_FILE define_trace.h is included In define_trace.h, TRACE_EVENT is redefined silly_trace.h is included again (#include TRACE_INCLUDE(TRACE_INCLUDE_FILE) TRACE_EVENT (me_silly …..) leads to the declaration of “struct tracepoint __tracepointme_silly” TRACE_INCLUDE(TRACE_INCLUDE_FILE) will include the file that included it Then ftrace.h is included 4 stages of macro expansion of silly_trace.h #include TRACE_INCLUDE(TRACE_INCLUDE_FILE) TRACE_EVENT is redefined again

Download ppt "Big Picture of Linux Probe and Trace Tools"

Similar presentations

Device Drivers. Linux Device Drivers Linux supports three types of hardware device: character, block and network –character devices: R/W without buffering.

Device Drivers. Linux Device Drivers Linux supports three types of hardware device: character, block and network –character devices: R/W without buffering.
R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.

R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.
CSCC69: Operating Systems

CSCC69: Operating Systems
CSC 501 Lecture 2: Processes. Von Neumann Model Both program and data reside in memory Execution stages in CPU: Fetch instruction Decode instruction Execute.

CSC 501 Lecture 2: Processes. Von Neumann Model Both program and data reside in memory Execution stages in CPU: Fetch instruction Decode instruction Execute.
Processes CSCI 444/544 Operating Systems Fall 2008.

Processes CSCI 444/544 Operating Systems Fall 2008.
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
Overview C programming Environment C Global Variables C Local Variables Memory Map for a C Function C Activation Records Example Compilation.

Overview C programming Environment C Global Variables C Local Variables Memory Map for a C Function C Activation Records Example Compilation.
CS-502 Fall 2006Processes in Unix, Linux, & Windows 1 Processes in Unix, Linux, and Windows CS502 Operating Systems.

CS-502 Fall 2006Processes in Unix, Linux, & Windows 1 Processes in Unix, Linux, and Windows CS502 Operating Systems.
Unix & Windows Processes 1 CS502 Spring 2006 Unix/Windows Processes.

Unix & Windows Processes 1 CS502 Spring 2006 Unix/Windows Processes.
CPS110: Implementing threads/locks on a uni-processor Landon Cox.

CPS110: Implementing threads/locks on a uni-processor Landon Cox.
Introduction to Embedded Systems

Introduction to Embedded Systems
Real-time Systems Lab, Computer Science and Engineering, ASU Linux Input Systems (ESP – Fall 2014) Computer Science & Engineering Department Arizona State.

Real-time Systems Lab, Computer Science and Engineering, ASU Linux Input Systems (ESP – Fall 2014) Computer Science & Engineering Department Arizona State.
CS1550 Assignment 5 Multiprogramming Implementation notes Matt Craven.

CS1550 Assignment 5 Multiprogramming Implementation notes Matt Craven.
Names and Scope. Scope Suppose that a name is used many times for different entities in text of the program, or in the course of execution. When the name.

Names and Scope. Scope Suppose that a name is used many times for different entities in text of the program, or in the course of execution. When the name.
Computer Architecture and Operating Systems CS 3230: Operating System Section Lecture OS-1 Process Concepts Department of Computer Science and Software.

Computer Architecture and Operating Systems CS 3230: Operating System Section Lecture OS-1 Process Concepts Department of Computer Science and Software.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Module R3 Process Scheduling. Module R3 involves the creation of a simple “Round Robin” dispatcher. The successful completion of this module will require.

Module R3 Process Scheduling. Module R3 involves the creation of a simple “Round Robin” dispatcher. The successful completion of this module will require.
Linux Processes Travis Willey Jeff Mihalik. What is a process? A process is a program in execution A process includes: –program counter –stack –data section.

Linux Processes Travis Willey Jeff Mihalik. What is a process? A process is a program in execution A process includes: –program counter –stack –data section.
1 Review of Process Mechanisms. 2 Scheduling: Policy and Mechanism Scheduling policy answers the question: Which process/thread, among all those ready.

1 Review of Process Mechanisms. 2 Scheduling: Policy and Mechanism Scheduling policy answers the question: Which process/thread, among all those ready.
RTX - 51 Objectives  Resources needed  Architecture  Components of RTX-51 - Task - Memory pools - Mail box - Signals.

RTX - 51 Objectives  Resources needed  Architecture  Components of RTX-51 - Task - Memory pools - Mail box - Signals.

Similar presentations

Ads by Google