This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: How to get correct filename in probe.execve
- From: Arkady <larytet at gmail dot com>
- To: "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: David Smith <dsmith at redhat dot com>, systemtap at sourceware dot org
- Date: Sat, 21 Jan 2017 12:36:12 +0200
- Subject: Re: How to get correct filename in probe.execve
- Authentication-results: sourceware.org; auth=none
- References: <CANA-60q=SyAPsa3645iBW1JpvixQPLaVA1dUYN5g+L+HWu5bKg@mail.gmail.com> <y0mefzzf69v.fsf@fche.csb> <CANA-60qHj=KJkA+k=P5OmVuxp_zdFq85Hn_sa_rN-UgOfP0P=A@mail.gmail.com> <fba52f17-7761-8381-f67d-cbb483e5655d@redhat.com> <CANA-60rt-Fy8y-KfiSeoioA4Crva=BnFiNbX3B18s-LnJGgsfw@mail.gmail.com> <20170121065215.GI20931@redhat.com>
On Sat, Jan 21, 2017 at 8:52 AM, Frank Ch. Eigler <fche@redhat.com> wrote:
> Hi -
>
>> probe kprocess.exec
>> {
>> .........
>> EXEC_FILENAME[pid(),tid()] = ulong_arg(1)
>> }
>
> I'd use the tapset-provided variables or $context variables rather
> than ulong_arg*:
>
I am trying to ensure that I keep an integer in the EXEC_FILENAME.
If I do
EXEC_FILENAME=filename
SystemTap assumes a (zero terminated) string. After that I want to do
something like
user_string_quoted(EXEC_FILENAME[pid(), tid()])
> % stap -L kprocess.exec
>
> kprocess.exec name:string filename:string __argv:long args:string __envp:long env_str:string argstr:string $filename:long int $argv:long int $envp:long int
>
> Those are likely more stable across versions / architectures. You can
> use the @defined() function to test for availability of $context
> variables, so your script can even fall back between one and the other.
>
>
> By the way, there is no need to index -both- by pid() and tid().
> Just tid() is enough if you want per-process+per-thread tracking;
> just pid() if per-process.
>
Great tip. I did not think about it - the kernel knows only threads, of course.
>
>> I am getting this marvel:
>>
>> [...]
>
> Good, enjoy!
Thank you!
>
>
> - FChE