TLDR; Does ftrace have a function similiar to trace_printk() which can print out the current function's call stack?
I know how to print out the function or function graph trace using ftrace, but sometimes I want to check one place's function call trace without touching others, that's to say, keep the other place's tracer as nop so the trace_printk() function will only output one line log and the place I'm curious of as function tracer, so I can go deep in what has happened in that place, it that feasible?
Related
I want to measure performance of some kernel functions using Ftrace but I want to measure it selectively for particular value of argument. This is because the same/other programs calling the same function (but with different argument) pollute my Ftrace output logs.
Also, I don't want to set PID filter as it would not solve my issue (I'm running multiple parallel kernel threads, and same program can also call that function with different arguments)
What's the best possible way of doing it without affecting the measurements? Is there any Ftrace functionality (or possibly customizing the trace points) that I'm missing?
We can use Conditional Tracepoints for this kinds of case. This patch may also be helpful in understanding. One can check this file - samples\trace_events\trace-events-sample.h in linux kernel to see sample examples.
In samples\trace_events\trace-events-sample.h, It became crystal-clear to me after seeing this macro - TRACE_EVENT_CONDITION(). Thanks to the author for providing a detailed documentation there.
Moreover, one can use pre-defined event-tracepoints or define a new custom event tracepoint in include/trace/events/*.h and filter the trace logs by adding condition in TRACE_DIR/tracing/events/EVENT/filter. This kernel documentation link is very helpful to understand this.
Is there a way on a RHEL system to trace back where a syslog() call comes from?
I am getting some weird generic message on my syslog and I have no idea where it is coming from.
Can I modify the main syslog function to output the stack trace when it encounters the log line I am looking for?
How would I go about this?
I am trying to achieve a fire-and-forget call of an output function with can take any time.
The caller is not interested at all whether this function is successful or not. It should just dispatch a "message", and move on.
I am thinking to use a multiprocessing.Pool for this task and "dispatch the messages" with apply_async. Usually one would use get() to get the result, but in my case that would complicate the code slightly. So I am thinking of never actually calling get(). Is that legal, or is this going to cause a cache (with None returns) somewhere to blow up after a while?
In gdb, when debugging inside a function, we can use "finish" command to run to the end of a function.
My question is: how does gdb know the ending position of a function, especially when there's no debugging symbol to match source code "{}"?
I guess gdb looks for either "leave" or "mov %rbp, %rsp,pop %rbp" under x86 in order to judge whether it has reached the end of a function.
But the problem is,
(1) There're still some extra registers that needs to push/pop at the begin/end of a function call, depending on source code and ABI structure.
(2)The number of registers needs to be push/pop is decided during compilation phase, and I'm afraid this "number" information is not available throw binary executable file.
So, how does gdb determine, where is the end of a function call, so that "finish" command can jump to it?
Thanks!
gdb doesn't try to analyze the machine code. Instead, it unwinds the stack, finds the caller's PC, and sets a temporary breakpoint there. Then it lets the inferior run until the breakpoint is hit.
Due to the way gdb's unwinder is designed, this automatically handles finish from an inlined function as well (though there are still a few special cases in the code due to this).
i am using LD_PRELOAD to capture write() system call in linux .
I am successfully able to do this for write system call and make it work.
But when i call printf() that time it does not work. If we observe printf stack trace using strace i found that, at the end printf calls write() system call to write to console, but at that time my write() system call is not called before actually calling the the write() system call.
Anybody have any idea why is this happening ?
Function calls made from one library to another or from the executable to a dynamically loaded library go through the PLT (Procedure Linkage Table) and are able to be redirected by the use of LD_PRELOAD. However, function calls within a library can be resolved at compile time and do not go through the PLT. Therefore they are unable to be redirected by LD_PRELOAD. Since printf and write are both compiled into libc.so.6, the call to write from printf never goes through the PLT to look for a possible redirection, but when you call write directly from your application (or from another shared library) it does.