[PATCH 0/5] tracing/syscalls: Add filtering support
From: Li Zefan
Date: Wed Aug 19 2009 - 03:53:24 EST
This patchset adds filtering support for syscall events
For syscall enter events, we can do filtering on syscall
parameters, and for exit events, filter on syscall return
value.
For example, we set 'mode == 0666' (0666 == 0x1b6) to
sys_enter_open, and set 'ret == 0' to sys_exit_open,
and here's the output:
# echo 'mode == 0666' > events/syscalls/sys_enter_open
# echo 'ret == 0' > events/syscalls/sys_exit_open
# echo 1 > events/syscalls/sys_enter_open
# echo 1 > events/syscalls/sys_exit_open
# cat trace
...
modprobe-3084 [001] 117.463140: sys_open(filename: 917d3e8, flags: 0, mode: 1b6)
modprobe-3084 [001] 117.463176: sys_open -> 0x0
less-3086 [001] 117.510455: sys_open(filename: 9c6bdb8, flags: 8000, mode: 1b6)
sendmail-2574 [001] 122.145840: sys_open(filename: b807a365, flags: 0, mode: 1b6)
...
[PATCH 1/5] tracing/syscalls: Fix fields format for enter events
[PATCH 2/5] tracing/syscalls: Add fields format for exit events
[PATCH 3/5] tracing/events: Add ftrace_event_call param to define_fields()
[PATCH 4/5] tracing/events: Add trace_define_common_fields()
[PATCH 5/5] tracing/syscalls: Add filtering support
---
include/linux/ftrace_event.h | 15 ++----
include/linux/syscalls.h | 19 +++++--
include/trace/ftrace.h | 11 ++---
include/trace/syscall.h | 13 ++++-
kernel/trace/trace_events.c | 29 +++++++++-
kernel/trace/trace_export.c | 13 ++---
kernel/trace/trace_syscalls.c | 120 +++++++++++++++++++++++++++++++----------
7 files changed, 156 insertions(+), 64 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/