2

I enabled ftrace event tracing for sys_enter_openat syscall. The respective output format given at events/syscalls/sys_enter_openat/format is 

print fmt: "dfd: 0x%08lx, filename: 0x%08lx, flags: 0x%08lx, mode: 0x%08lx", ((unsigned long)(REC->dfd)), ((unsigned long)(REC->filename)), ((unsigned long)(REC->flags)), ((unsigned long)(REC->mode))

As expected a sample output line to ftrace is something like

msm_irqbalance-1338 [000] ...1 211710.033931: sys_openat(dfd: ffffff9c, filename: 5af693f224, flags: 2, mode: 0)

Is there a way to change output format such that filename: 5af693f224 can be shown as filename: <string> instead of address? I guess this would have been possible using systemtap or krpobe but my setup does not allow its use as of now.

Improve this question

1 Answer 1

Reset to default
0

You can define kprobe events with your own format:

cd /sys/kernel/debug/tracing echo 'p:open do_sys_open file=+0(%si):string' > kprobe_events echo 1 > events/kprobes/open/enable cat trace_pipe

which outputs:

cat-123 [001] .... 123.123: open: (do_sys_open+0x0/0x80) file="/etc/fstab" cat-123 [001] .... 123.124: open: (do_sys_open+0x0/0x80) file="/dev/zero"

For details, see: https://events19.linuxfoundation.org/wp-content/uploads/2017/12/oss-eu-2018-fun-with-dynamic-trace-events_steven-rostedt.pdf

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.