Lines Matching +full:2 +full:x32 +full:- +full:bit
2 Kprobe-based Event Tracing
8 --------
9 These events are similar to tracepoint-based events. Instead of tracepoints,
13 Unlike the tracepoint-based event, this can be added and removed
28 -------------------------
34 -:[GRP/][EVENT] : Clear a probe
50 @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol)
54 $retval : Fetch return value.(\*2)
56 +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*3)(\*4)
61 (x8/x16/x32/x64), VFS layer common type(%pd/%pD), "char",
68 (\*2) only for return probe. Note that this is also best effort. Depending on the
72 (\*4) "u" means user-space dereference. See :ref:`user_mem_access`.
75 -------------------------------
86 -----
90 in decimal ('s' and 'u') or hexadecimal ('x'). Without type casting, 'x32'
91 or 'x64' is used depends on the architecture (e.g. x86-32 uses x32, and
92 x86-64 uses x64).
96 E.g. 'x16[4]' means an array of x16 (2-byte hex) with 4 elements.
98 apply it to registers/stack-entries etc. (for example, '$stack1:x8[8]' is
103 String type is a special type, which fetches a "null-terminated" string from
105 has been paged out. "ustring" type is an alternative of string for user-space.
108 The string array type is a bit different from other types. For other base
109 types, <base-type>[1] is equal to <base-type> (e.g. +0(%di):x32[1] is same
110 as +0(%di):x32.) But string[1] is not equal to string. The string type itself
113 Bitfield is another special type, which takes 3 parameters, bit-width, bit-
114 offset, and container-size (usually 32). The syntax is::
116 b<bit-width>@<bit-offset>/<container-size>
120 On the other hand, symbol-string type ('symstr') converts the given address to
121 "symbol+offset/symbolsize" style and stores it as a null-terminated string.
132 ------------------
133 Kprobe events supports user-space memory access. For that purpose, you can use
134 either user-space dereference syntax or 'ustring' type.
136 The user-space dereference syntax allows you to access a field of a data
137 structure in user-space. This is done by adding the "u" prefix to the
140 user-space. You can use this for strings too, e.g. +u0(%si):string will read
141 a string from the address in the register %si that is expected to be in user-
145 Note that kprobe-event provides the user-memory access syntax but it doesn't
150 Per-Probe Event Filtering
151 -------------------------
152 Per-probe event filtering feature allows you to set different filter on each
175 ---------------
176 You can check the total number of probe hits and probe miss-hits via
179 the third is the number of probe miss-hits.
182 ---------------------
184 "kprobe_event=" parameter. The parameter accepts a semicolon-delimited
186 The difference is that the probe definition parameters are comma-delimited
197 --------------
205 assigned to each function argument depends on arch-specific ABI. If you unsure
206 the ABI, please try to use probe subcommand of perf-tools (you can find it
223 field:unsigned short common_type; offset:0; size:2; signed:0;
224 field:unsigned char common_flags; offset:2; size:1; signed:0;
236 print fmt: "(%lx) dfd=%lx filename=%lx flags=%lx mode=%lx", REC->__probe_ip,
237 REC->dfd, REC->filename, REC->flags, REC->mode
249 echo -:myprobe >> kprobe_events
273 # TASK-PID CPU# TIMESTAMP FUNCTION
275 …<...>-1447 [001] 1038282.286875: myprobe: (do_sys_open+0x0/0xd6) dfd=3 filename=7fffd1ec4440 flag…
276 …<...>-1447 [001] 1038282.286878: myretprobe: (sys_openat+0xc/0xe <- do_sys_open) $retval=ffffffff…
277 …<...>-1447 [001] 1038282.286885: myprobe: (do_sys_open+0x0/0xd6) dfd=ffffff9c filename=40413c fla…
278 … <...>-1447 [001] 1038282.286915: myretprobe: (sys_open+0x1b/0x1d <- do_sys_open) $retval=3
279 …<...>-1447 [001] 1038282.286969: myprobe: (do_sys_open+0x0/0xd6) dfd=ffffff9c filename=4041c6 fla…
280 … <...>-1447 [001] 1038282.286976: myretprobe: (sys_open+0x1b/0x1d <- do_sys_open) $retval=3
283 Each line shows when the kernel hits an event, and <- SYMBOL means kernel
284 returns from SYMBOL(e.g. "sys_open+0x1b/0x1d <- do_sys_open" means kernel