stackoom
  简体   繁体   中英

kprobe_events fetch-args works for x86 but not arm64

 原文  2019-04-19 12:48:49       linux-kernel/ trace/ perf/ kprobe/ tracepoint

Question

I wanted to get do_sys_open filename argument as string. For this i added kprobe following kprobetrace.txt . A simple probe which gives filename as hex works for both x86/arm64 .

x86: echo 'p:myprobe do_sys_open filename_string=%si' > kprobe_events
arm64: echo 'p:myprobe do_sys_open filename_string=%x1' > kprobe_events

However changing probe to get string for file name works on x86 but not arm64 (ie cannot get string representation filename_string=(fault) )

x86: 

echo 'p:myprobe do_sys_open filename_string=+0(%si):string' > kprobe_events
output: 
adb-30551 [001] d... 4570187.407426: myprobe: (do_sys_open+0x0/0x270) filename_string="/dev/bus/usb/001/001"

arm64:

echo 'p:myprobe do_sys_open filename_string=+0(%x1):string' > kprobe_events
output: 
netd-4621  [001] d...  8491.094187: myprobe: (do_sys_open+0x0/0x24c) filename_string=(fault)

To check if i was using arm ABI correctly i tried setting probe using perf . The probe created by perf as seen from /sys/kernel/debug/tracing/kprobe_events was similar

./perf4.14 probe 'do_sys_open filename:string'
/d/tracing # cat kprobe_events
p:kprobes/myprobe do_sys_open filename_string=+0(%x1):string

But perf probe was also failing (ie filename_string="" ) in this case.

./perf4.14 record -e probe:do_sys_open -aR sleep 3
/data/local/tmp # ./perf4.14 script
perf4.14  4587 [007]  7490.809036: probe:do_sys_open: (ffffff8337060148) filename_string=""

   sleep  4588 [003]  7490.817937: probe:do_sys_open: (ffffff8337060148) filename_string=""

What would be the correct way to set kprobe_events for arm to fetch args as string? Am i using the ABI incorrectly?

1 answers

solution1
 0  2021-04-27 20:27:14

On kernel version >= 4.20 , you can use $argN to fetch the N th function argument. From kernel 4.20 kprobetrace.rst :

 FETCHARGS  : Arguments. Each probe can have up to 128 args.
 .....
 .....
  $argN     : Fetch the Nth function argument. (N >= 1) (\*1)

Since the filename is second argument of do_sys_open() , you should give $arg2 in the kprobe event, like this:

echo 'p:myprobe do_sys_open filename_string=+0($arg2):string' > kprobe_events

This should work on both x86 and arm64 .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why can macos(x86) run docker arm container arm64v8/alpine? Cross compiling for arm from x86 raising a softirq in assembly x86 or ARM Difference in writing a platform device driver for x86 and ARM networking system call multiplexing on x86 but not on x64 How are memory segment permissions set in Linux x86_64 and x86 RTLinux on X86 PC Unable to understand how the “current” macro works for x86 architecture What are differences between linux kernel compiled for generic x86/64 vs Xeon or others In arm64 assembly, what does "adrp x0, idmap_pg_dir;" instruction mean?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM