Re: [RFC] [RFC] trace: Add kprobe on tracepoint
From: Masami Hiramatsu
Date: Sat Aug 07 2021 - 23:16:03 EST
On Fri, 6 Aug 2021 23:54:13 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Sat, 7 Aug 2021 10:28:46 +0900
> Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:
>
> > Hmm, sorry, I rather like to use synthetic event with trigger action,
> > since this is not a kprobe.
>
> Correct, but I don't think it matches synthetic events either.
>
> > Can you change your idea to use trigger action with synthetic event?
> >
> > For example, if we have a "trace" action in the trigger action,
> >
> > echo "eopen char filename[]" >> synthetic_events
> > echo "trace:eopen,filename.ustring" >> events/syscalls/sys_enter_openat/trigger
> >
> > A new action is,
> > trace:SYNTH_EVENT,PARAM(s) [if FILTER]
> > and
> > .ustring/.string modifier for the PARAMS.
> >
> > I think this matches the current dynamic event model, and can extend
> > programmability of the ftrace, and keeps dynamic events simple.
>
> But we want to follow all the features of kprobes. This isn't about
> just taking existing fields. In fact, we want fields that are not
> available from the event. Here's an idea of what we want to do:
>
> echo 'e:hr_nr_events timer.hrtimer_expire_entry nr_events=+0x58(+0(+0x30($hrtimer))):u32' > kprobe_events
> echo 1 > events/kprobes/enable
> cat trace
> <idle>-0 [002] d.h2 937.412239: hr_nr_events: (0) nr_events=38380
> <idle>-0 [000] d.h2 937.412239: hr_nr_events: (0) nr_events=930268
> bash-1409 [001] d.h1 937.412239: hr_nr_events: (0) nr_events=33874
> <idle>-0 [000] d.h2 937.413238: hr_nr_events: (0) nr_events=930269
> <idle>-0 [004] d.h2 937.413238: hr_nr_events: (0) nr_events=35263
> <idle>-0 [001] d.h2 937.413238: hr_nr_events: (0) nr_events=33875
>
>
> Which gives me the nr_events from the hrtimer pointer passed to the
> timer.hrtimer_entry event via hrtimer->base->cpu_base->nr_events
>
> The idea is that we can get trace events into places that the
> maintainers have issues with (like the scheduler or vfs), where we may
> be allow to add a trace event that only gives us access to a pointer
> and nothing else that can become a limiting API.
>
> Then we can attach an eprobe to it that can offset the pointer to a
> structure and create dynamically all the fields we need.
>
> Daniel has some work he's doing that will can be improved by this
> feature.
OK, that's a good reason why you need it. However, the desgin is still
be a bit wrong. You should make it as another probe event, because
1. eprobe is not a kprobe but an event converter (reusing fetchargs)
2. we already have dynevent framework for expanding new dynamic events.
3. what you need is the "fetch args", that is shared with uprobe-event
there is no reason we can't share it with one more probe-event. :)
Thus, I recommend you to introduce a new dynevent, you don't need
to add "eprobe_events" file but you can use "dynamic_events" interface.
>
> Having it as a trigger, will make this rather complex.
OK, for the dereference feature, it may need more careful
implementation. (and maybe need a different parser)
>
> Which is why we want this as a probe, and not a trigger. We are only
> using the trigger to get the data from the field. What we are also
> looking at is a way to create a "trace_probe" that can attach to a
> tracepoint (before the event data is added). Which will not be using
> the trigger code at all, but will be using the similar offset logic we
> want to do here, but on the entry of the tracepoint, not the exit of it.
OK, but I want you to create another dynevent, not extending kprobe_events
for non-kprobe things. That will make things much harder to be maintained.
So maybe what you need is trace_eprobe.c, instead of modifying trace_kprobe.c.
Thank you,
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>