Lines Matching +full:per +full:- +full:string
2 Kprobe-based Event Tracing
8 --------
9 These events are similar to tracepoint-based events. Instead of tracepoints,
13 Unlike the tracepoint-based event, this can be added and removed
28 -------------------------
34 -:[GRP/][EVENT] : Clear a probe
50 @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol)
56 +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*3)(\*4)
62 "string", "ustring", "symbol", "symstr" and bitfield are
72 (\*4) "u" means user-space dereference. See :ref:`user_mem_access`.
75 -------------------------------
86 -----
91 or 'x64' is used depends on the architecture (e.g. x86-32 uses x32, and
92 x86-64 uses x64).
96 E.g. 'x16[4]' means an array of x16 (2-byte hex) with 4 elements.
98 apply it to registers/stack-entries etc. (for example, '$stack1:x8[8]' is
103 String type is a special type, which fetches a "null-terminated" string from
104 kernel space. This means it will fail and store NULL if the string container
105 has been paged out. "ustring" type is an alternative of string for user-space.
108 The string array type is a bit different from other types. For other base
109 types, <base-type>[1] is equal to <base-type> (e.g. +0(%di):x32[1] is same
110 as +0(%di):x32.) But string[1] is not equal to string. The string type itself
111 represents "char array", but string array type represents "char * array".
112 So, for example, +0(%di):string[1] is equal to +0(+0(%di)):string.
113 Bitfield is another special type, which takes 3 parameters, bit-width, bit-
114 offset, and container-size (usually 32). The syntax is::
116 b<bit-width>@<bit-offset>/<container-size>
120 On the other hand, symbol-string type ('symstr') converts the given address to
121 "symbol+offset/symbolsize" style and stores it as a null-terminated string.
124 For $comm, the default type is "string"; any other type is invalid.
132 ------------------
133 Kprobe events supports user-space memory access. For that purpose, you can use
134 either user-space dereference syntax or 'ustring' type.
136 The user-space dereference syntax allows you to access a field of a data
137 structure in user-space. This is done by adding the "u" prefix to the
140 user-space. You can use this for strings too, e.g. +u0(%si):string will read
141 a string from the address in the register %si that is expected to be in user-
143 +0(%si):ustring is equivalent to +u0(%si):string.
145 Note that kprobe-event provides the user-memory access syntax but it doesn't
146 use it transparently. This means if you use normal dereference or string type
150 Per-Probe Event Filtering
151 -------------------------
152 Per-probe event filtering feature allows you to set different filter on each
175 ---------------
176 You can check the total number of probe hits and probe miss-hits via
179 the third is the number of probe miss-hits.
182 ---------------------
184 "kprobe_event=" parameter. The parameter accepts a semicolon-delimited
186 The difference is that the probe definition parameters are comma-delimited
197 --------------
205 assigned to each function argument depends on arch-specific ABI. If you unsure
206 the ABI, please try to use probe subcommand of perf-tools (you can find it
236 print fmt: "(%lx) dfd=%lx filename=%lx flags=%lx mode=%lx", REC->__probe_ip,
237 REC->dfd, REC->filename, REC->flags, REC->mode
249 echo -:myprobe >> kprobe_events
273 # TASK-PID CPU# TIMESTAMP FUNCTION
275 …<...>-1447 [001] 1038282.286875: myprobe: (do_sys_open+0x0/0xd6) dfd=3 filename=7fffd1ec4440 flag…
276 …<...>-1447 [001] 1038282.286878: myretprobe: (sys_openat+0xc/0xe <- do_sys_open) $retval=ffffffff…
277 …<...>-1447 [001] 1038282.286885: myprobe: (do_sys_open+0x0/0xd6) dfd=ffffff9c filename=40413c fla…
278 … <...>-1447 [001] 1038282.286915: myretprobe: (sys_open+0x1b/0x1d <- do_sys_open) $retval=3
279 …<...>-1447 [001] 1038282.286969: myprobe: (do_sys_open+0x0/0xd6) dfd=ffffff9c filename=4041c6 fla…
280 … <...>-1447 [001] 1038282.286976: myretprobe: (sys_open+0x1b/0x1d <- do_sys_open) $retval=3
283 Each line shows when the kernel hits an event, and <- SYMBOL means kernel
284 returns from SYMBOL(e.g. "sys_open+0x1b/0x1d <- do_sys_open" means kernel