[PATCH v13 00/12] tracing: Add fprobe/tracepoint events

From: Masami Hiramatsu (Google)
Date: Fri May 26 2023 - 00:18:05 EST


Here is the 13th version of add a basic fprobe event support for
ftrace (tracefs) and perf. Here is the previous version.


This version fixes some minor issues in the previous version.
I found that TPARG_FL_FPROBE was not set and TPARG_FL_FENTRY and
TPARG_FL_RETURN were not mutually exclusive, so fix it in [2/12] (new patch)
and [3/12].
I also fixed the fprobe-event selftest because it didn't found the syntax
error that fprobe-event shouldn't access %reg [4/12].
For the BTF var name feature, there is a bug that the BTF var name is used
with fetch_type (e.g. varname:u8), it failed to apply the BTF var name as
the event argument name. So fixed that in [7/12]. In [8/12], if user specified
only '$argN' the kernel crashed, and if BTF is not there, it returned an error.
So I fixed both bugs. [8/12] also had another bug that it convert $argN to
$argN+1, that is also fixed.

You can also get this series from:

git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git topic/fprobe-event-ext

With this fprobe events, we can continue to trace function entry/exit
even if the CONFIG_KPROBES_ON_FTRACE is not available. Since
it is not available if the architecture only supports
CONFIG_DYNAMIC_FTRACE_WITH_ARGS (e.g. arm64). And that means kprobe
events can not probe function entry/exit effectively on such architecture.
But this problem can be solved if the dynamic events supports fprobe events
because fprobe events doesn't use kprobe but ftrace via fprobe.


Fprobe events allows user to add new events on the entry and exit of kernel
functions (which can be ftraced). Unlike kprobe events, the fprobe events
can only probe the function entry and exit, and it can only trace the
function args, return value, and stacks. (no registers)
For probing function body, users can continue to use the kprobe events.

The tracepoint probe events (tprobe events) also allows user to add new
events dynamically on the tracepoint. Most of the tracepoint already has
trace-events, so this feature is useful if you only want to know a
specific parameter, or trace the tracepoints which has no trace-events
(e.g. sched_*_tp tracepoints only exposes the tracepoints.)

The fprobe events syntax is;


And tracepoint probe events syntax is;


This series includes BTF argument support for fprobe/tracepoint events,
and kprobe events. This allows us to fetch a specific function parameter
by name, and all parameters by '$arg*'.
Note that enabling this feature, you need to enable CONFIG_BPF_SYSCALL and
confirm that your arch supports CONFIG_HAVE_FUNCTION_ARG_ACCESS_API.


# echo 't kfree ptr' >> dynamic_events
# echo 'f kfree object' >> dynamic_events
# cat dynamic_events
t:tracepoints/kfree kfree ptr=ptr
f:fprobes/kfree__entry kfree object=object
# echo 1 > events/fprobes/enable
# echo 1 > events/tracepoints/enable
# echo > trace
# head -n 20 trace | tail
# | | | ||||| | |
tail-84 [000] ..... 1324.561958: kfree__entry: (kfree+0x4/0x140) object=0xffff888006383c00
tail-84 [000] ...1. 1324.561961: kfree: (__probestub_kfree+0x4/0x10) ptr=0xffff888006383c00
tail-84 [000] ..... 1324.561988: kfree__entry: (kfree+0x4/0x140) object=0x0
tail-84 [000] ...1. 1324.561988: kfree: (__probestub_kfree+0x4/0x10) ptr=0x0
tail-84 [000] ..... 1324.561989: kfree__entry: (kfree+0x4/0x140) object=0xffff88800671e600
tail-84 [000] ...1. 1324.561989: kfree: (__probestub_kfree+0x4/0x10) ptr=0xffff88800671e600
tail-84 [000] ..... 1324.562368: kfree__entry: (kfree+0x4/0x140) object=0xffff8880065e0580
tail-84 [000] ...1. 1324.562369: kfree: (__probestub_kfree+0x4/0x10) ptr=0xffff8880065e0580

Thank you,


Masami Hiramatsu (Google) (12):
fprobe: Pass return address to the handlers
tracing/probes: Avoid setting TPARG_FL_FENTRY and TPARG_FL_RETURN
tracing/probes: Add fprobe events for tracing function entry and exit.
selftests/ftrace: Add fprobe related testcases
tracing/probes: Add tracepoint support on fprobe_events
tracing/probes: Move event parameter fetching code to common parser
tracing/probes: Support function parameters if BTF is available
tracing/probes: Add $arg* meta argument for all function args
tracing/probes: Add BTF retval type support
selftests/ftrace: Add tracepoint probe test case
selftests/ftrace: Add BTF arguments test cases
Documentation: tracing/probes: Add fprobe event tracing document

Documentation/trace/fprobetrace.rst | 188 +++
Documentation/trace/index.rst | 1
Documentation/trace/kprobetrace.rst | 2
include/linux/fprobe.h | 11
include/linux/rethook.h | 2
include/linux/trace_events.h | 3
include/linux/tracepoint-defs.h | 1
include/linux/tracepoint.h | 5
kernel/kprobes.c | 1
kernel/trace/Kconfig | 26
kernel/trace/Makefile | 1
kernel/trace/bpf_trace.c | 6
kernel/trace/fprobe.c | 17
kernel/trace/rethook.c | 3
kernel/trace/trace.c | 13
kernel/trace/trace.h | 11
kernel/trace/trace_eprobe.c | 44 -
kernel/trace/trace_fprobe.c | 1199 ++++++++++++++++++++
kernel/trace/trace_kprobe.c | 35 -
kernel/trace/trace_probe.c | 652 +++++++++--
kernel/trace/trace_probe.h | 49 +
kernel/trace/trace_uprobe.c | 8
lib/test_fprobe.c | 10
samples/fprobe/fprobe_example.c | 6
.../ftrace/test.d/dynevent/add_remove_btfarg.tc | 58 +
.../ftrace/test.d/dynevent/add_remove_fprobe.tc | 26
.../ftrace/test.d/dynevent/add_remove_tprobe.tc | 27
.../ftrace/test.d/dynevent/fprobe_syntax_errors.tc | 111 ++
.../ftrace/test.d/dynevent/tprobe_syntax_errors.tc | 82 +
.../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 16
30 files changed, 2450 insertions(+), 164 deletions(-)
create mode 100644 Documentation/trace/fprobetrace.rst
create mode 100644 kernel/trace/trace_fprobe.c
create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_btfarg.tc
create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_fprobe.tc
create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_tprobe.tc
create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/fprobe_syntax_errors.tc
create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/tprobe_syntax_errors.tc

Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>