xref: /kernel/linux/linux-5.10/tools/perf/builtin-trace.c

135 	} syscalls;
292  * sc:	for raw_syscalls:sys_{enter,exit} and syscalls:sys_{enter,exit}_SYSCALLNAME
316  * syscalls:sys_{enter,exit}_SYSCALL tracepoints
468 	/* older kernel (e.g., RHEL6) use syscalls:{enter,exit} */
470 		evsel = evsel__newtp("syscalls", direction);
1477 	 * So that the next arg with a payload can consume its augmented arg, i.e. for rename* syscalls
1717 			 * /sys/kernel/tracing/events/syscalls/sys_enter*
1754 	if (trace->syscalls.table == NULL) {
1755 		trace->syscalls.table = calloc(trace->sctbl->syscalls.max_id + 1, sizeof(*sc));
1756 		if (trace->syscalls.table == NULL)
1760 	if (id > trace->sctbl->syscalls.max_id || (id == 0 && trace->syscalls.table == NULL)) {
1762 		struct syscall *table = realloc(trace->syscalls.table, (id + 1) * sizeof(*sc));
1768 		if (trace->syscalls.table == NULL)
1771 			memset(table + trace->sctbl->syscalls.max_id + 1, 0, (id - trace->sctbl->syscalls.max_id) * sizeof(*sc));
1773 		trace->syscalls.table	      = table;
1774 		trace->sctbl->syscalls.max_id = id;
1777 	sc = trace->syscalls.table + id;
1790 	sc->tp_format = trace_event__tp_format("syscalls", tp_name);
1794 		sc->tp_format = trace_event__tp_format("syscalls", tp_name);
1873 				pr_debug("Skipping unknown syscalls: ");
2011 	 * not needed for syscalls that always return a given type, say an fd.
2108 	if (id > trace->sctbl->syscalls.max_id) {
2110 	if (id >= trace->sctbl->syscalls.max_id) {
2114 		 * go on reading syscalls.
2122 	if ((trace->syscalls.table == NULL || trace->syscalls.table[id].name == NULL) &&
2126 	if (trace->syscalls.table && trace->syscalls.table[id].nonexistent)
2129 	return &trace->syscalls.table[id];
2135 		if (id <= trace->sctbl->syscalls.max_id && trace->syscalls.table[id].name != NULL)
2136 			fprintf(trace->output, "(%s)", trace->syscalls.table[id].name);
2263 	 * use syscalls:sys_enter_NAME, so that we reduce the kernel/userspace
2313 	 * syscall->args_size using each syscalls:sys_enter_NAME tracefs format file,
2317 	 * here and avoid using augmented syscalls when the evsel is the raw_syscalls one.
2319 	if (evsel != trace->syscalls.events.sys_enter)
2743 		 * leaving show_arg_names just for syscalls?
2789 	if (evsel == trace->syscalls.events.augmented) {
3018 		else if (is_valid_tracepoint("syscalls:sys_enter"))
3019 			rec_argv[j++] = "syscalls:sys_enter,syscalls:sys_exit";
3021 			pr_err("Neither raw_syscalls nor syscalls events exist.\n");
3174 	trace->syscalls.events.sys_enter = sys_enter;
3175 	trace->syscalls.events.sys_exit  = sys_exit;
3199 	if (!evsel__append_tp_filter(trace->syscalls.events.sys_enter, filter)) {
3200 		sys_exit = trace->syscalls.events.sys_exit;
3228 	trace->syscalls.map = trace__find_bpf_map_by_name(trace, "syscalls");
3229 	trace->syscalls.prog_array.sys_enter = trace__find_bpf_map_by_name(trace, "syscalls_sys_enter");
3230 	trace->syscalls.prog_array.sys_exit  = trace__find_bpf_map_by_name(trace, "syscalls_sys_exit");
3248 		scnprintf(default_prog_name, sizeof(default_prog_name), "!syscalls:sys_%s_%s", type, sc->name);
3253 			scnprintf(default_prog_name, sizeof(default_prog_name), "!syscalls:sys_%s_%s", type, sc->fmt->alias);
3268 	pr_debug("Couldn't find BPF prog \"%s\" to associate with syscalls:sys_%s_%s, not augmenting it\n",
3271 	return trace->syscalls.unaugmented_prog;
3288 	return sc ? bpf_program__fd(sc->bpf_prog.sys_enter) : bpf_program__fd(trace->syscalls.unaugmented_prog);
3294 	return sc ? bpf_program__fd(sc->bpf_prog.sys_exit) : bpf_program__fd(trace->syscalls.unaugmented_prog);
3318 	int fd = bpf_map__fd(trace->syscalls.map);
3343 	int fd = bpf_map__fd(trace->syscalls.map);
3349 	for (key = 0; key < trace->sctbl->syscalls.nr_entries; ++key) {
3377 	 * We're only interested in syscalls that have a pointer:
3387 	for (id = 0; id < trace->sctbl->syscalls.nr_entries; ++id) {
3393 		    pair->bpf_prog.sys_enter == trace->syscalls.unaugmented_prog)
3426 		 * more than what is common to the two syscalls.
3441 		 * For instance, we have "!syscalls:sys_enter_renameat" and that is
3446 			if (pair_prog == trace->syscalls.unaugmented_prog)
3461 	int map_enter_fd = bpf_map__fd(trace->syscalls.prog_array.sys_enter),
3462 	    map_exit_fd  = bpf_map__fd(trace->syscalls.prog_array.sys_exit);
3465 	for (key = 0; key < trace->sctbl->syscalls.nr_entries; ++key) {
3485 	 * Now lets do a second pass looking for enabled syscalls without
3512 	for (key = 0; key < trace->sctbl->syscalls.nr_entries; ++key) {
3524 		if (sc->bpf_prog.sys_enter != trace->syscalls.unaugmented_prog)
3528 		 * Look at all the other syscalls for one that has a signature
3555 	evlist__remove(trace->evlist, trace->syscalls.events.augmented);
3556 	evsel__delete(trace->syscalls.events.augmented);
3557 	trace->syscalls.events.augmented = NULL;
3616 		if (evsel == trace->syscalls.events.augmented ||
3628 	if (trace->syscalls.map)
3630 	if (trace->syscalls.events.sys_enter)
4004 	if (trace->syscalls.map)
4007 	if (trace->syscalls.prog_array.sys_enter)
4015 		if (trace->syscalls.events.sys_exit) {
4017 				 trace->syscalls.events.sys_exit->filter);
4025 	 * syscalls opening a pathname and associating it with a descriptor or
4240 	/* older kernels have syscalls tp versus raw_syscalls */
4243 							     "syscalls:sys_enter");
4256 							     "syscalls:sys_exit");
4339 			sc = &trace->syscalls.table[syscall_stats_entry->syscall];
4537 		if (strcmp(evsel->tp_format->system, "syscalls")) {
4566  * XXX: Hackish, just splitting the combined -e+--event (syscalls
4761 	OPT_CALLBACK(0, "expr", &trace, "expr", "list of syscalls/events to trace",
4793 		    "Show only syscalls that failed"),
4797 		    "Show all syscalls and summary with statistics"),
4802 	OPT_BOOLEAN(0, "syscalls", &trace.trace_syscalls, "Trace syscalls"),
4909 		pr_err("ERROR: Setup trace syscalls enter failed: %s\n", bf);
4914 		trace.syscalls.events.augmented = evsel;
4931 		 * explicit --syscalls, then assume we want all strace-like
4932 		 * syscalls:
4966 			trace.syscalls.unaugmented_prog = trace__find_bpf_program_by_title(&trace, "!raw_syscalls:unaugmented");
5016 			perror("failed to set syscalls:* tracepoint fields");
5027 	 * If we are augmenting syscalls, then combine what we put in the
5029 	 * syscalls:sys_exit_FOO tracepoints, i.e. just like we do without BPF,
5037 	if (trace.syscalls.events.augmented) {
5046 			if (trace.syscalls.events.augmented->priv == NULL &&
5047 			    strstr(evsel__name(evsel), "syscalls:sys_enter")) {
5048 				struct evsel *augmented = trace.syscalls.events.augmented;
5055 				 * that we get from syscalls:sys_enter tracefs format file.
5059 				 * Now we do the same for the *syscalls:sys_enter event so that
5070 			if (strstarts(evsel__name(evsel), "syscalls:sys_exit_")) {
5091 				 * syscalls:sys_enter_NAME, so that we reduce

Indexes created Thu Nov 07 10:32:03 CST 2024