€•©Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ%/translations/zh_CN/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/zh_TW/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/it_IT/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/ja_JP/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/ko_KR/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/pt_BR/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ%/translations/sp_SP/trace/fprobetrace”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³Œ?/var/lib/git/docbuild/linux/Documentation/trace/fprobetrace.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒFprobe-based Event Tracing”h]”hŒFprobe-based Event Tracing”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´Kubh¶)”}”(hŒ.Author: Masami Hiramatsu ”h]”hŒ.Author: Masami Hiramatsu ”…””}”hhÝsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒOverview”h]”hŒOverview”…””}”(hhîh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhëh²hh³hÇh´K ubhŒ paragraph”“”)”}”(hŒ¶Fprobe event is similar to the kprobe event, but limited to probe on the function entry and exit only. It is good enough for many use cases which only traces some specific functions.”h]”hŒ¶Fprobe event is similar to the kprobe event, but limited to probe on the function entry and exit only. It is good enough for many use cases which only traces some specific functions.”…””}”(hhþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K hhëh²hubhý)”}”(hŒçThis document also covers tracepoint probe events (tprobe) since this is also works only on the tracepoint entry. User can trace a part of tracepoint argument, or the tracepoint without trace-event, which is not exposed on tracefs.”h]”hŒçThis document also covers tracepoint probe events (tprobe) since this is also works only on the tracepoint entry. User can trace a part of tracepoint argument, or the tracepoint without trace-event, which is not exposed on tracefs.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khhëh²hubhý)”}”(hŒ†As same as other dynamic events, fprobe events and tracepoint probe events are defined via `dynamic_events` interface file on tracefs.”h]”(hŒ[As same as other dynamic events, fprobe events and tracepoint probe events are defined via ”…””}”(hjh²hh³Nh´NubhŒtitle_reference”“”)”}”(hŒ`dynamic_events`”h]”hŒdynamic_events”…””}”(hj$h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"hjubhŒ interface file on tracefs.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khhëh²hubeh}”(h]”Œoverview”ah ]”h"]”Œoverview”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K ubhÉ)”}”(hhh]”(hÎ)”}”(hŒSynopsis of fprobe-events”h]”hŒSynopsis of fprobe-events”…””}”(hjGh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjDh²hh³hÇh´KubhŒ literal_block”“”)”}”(hXþ f[:[GRP1/][EVENT1]] SYM [FETCHARGS] : Probe on function entry f[MAXACTIVE][:[GRP1/][EVENT1]] SYM%return [FETCHARGS] : Probe on function exit t[:[GRP2/][EVENT2]] TRACEPOINT [FETCHARGS] : Probe on tracepoint GRP1 : Group name for fprobe. If omitted, use "fprobes" for it. GRP2 : Group name for tprobe. If omitted, use "tracepoints" for it. EVENT1 : Event name for fprobe. If omitted, the event name is "SYM__entry" or "SYM__exit". EVENT2 : Event name for tprobe. If omitted, the event name is the same as "TRACEPOINT", but if the "TRACEPOINT" starts with a digit character, "_TRACEPOINT" is used. MAXACTIVE : Maximum number of instances of the specified function that can be probed simultaneously, or 0 for the default value as defined in Documentation/trace/fprobe.rst FETCHARGS : Arguments. Each probe can have up to 128 args. ARG : Fetch "ARG" function argument using BTF (only for function entry or tracepoint.) (\*1) @ADDR : Fetch memory at ADDR (ADDR should be in kernel) @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol) $stackN : Fetch Nth entry of stack (N >= 0) $stack : Fetch stack address. $argN : Fetch the Nth function argument. (N >= 1) (\*2) $retval : Fetch return value.(\*3) $comm : Fetch current task comm. +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*4)(\*5) \IMM : Store an immediate value to the argument. NAME=FETCHARG : Set NAME as the argument name of FETCHARG. FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types (x8/x16/x32/x64), "char", "string", "ustring", "symbol", "symstr" and bitfield are supported. (\*1) This is available only when BTF is enabled. (\*2) only for the probe on function entry (offs == 0). Note, this argument access is best effort, because depending on the argument type, it may be passed on the stack. But this only support the arguments via registers. (\*3) only for return probe. Note that this is also best effort. Depending on the return value type, it might be passed via a pair of registers. But this only accesses one register. (\*4) this is useful for fetching a field of data structures. (\*5) "u" means user-space dereference.”h]”hXþ f[:[GRP1/][EVENT1]] SYM [FETCHARGS] : Probe on function entry f[MAXACTIVE][:[GRP1/][EVENT1]] SYM%return [FETCHARGS] : Probe on function exit t[:[GRP2/][EVENT2]] TRACEPOINT [FETCHARGS] : Probe on tracepoint GRP1 : Group name for fprobe. If omitted, use "fprobes" for it. GRP2 : Group name for tprobe. If omitted, use "tracepoints" for it. EVENT1 : Event name for fprobe. If omitted, the event name is "SYM__entry" or "SYM__exit". EVENT2 : Event name for tprobe. If omitted, the event name is the same as "TRACEPOINT", but if the "TRACEPOINT" starts with a digit character, "_TRACEPOINT" is used. MAXACTIVE : Maximum number of instances of the specified function that can be probed simultaneously, or 0 for the default value as defined in Documentation/trace/fprobe.rst FETCHARGS : Arguments. Each probe can have up to 128 args. ARG : Fetch "ARG" function argument using BTF (only for function entry or tracepoint.) (\*1) @ADDR : Fetch memory at ADDR (ADDR should be in kernel) @SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol) $stackN : Fetch Nth entry of stack (N >= 0) $stack : Fetch stack address. $argN : Fetch the Nth function argument. (N >= 1) (\*2) $retval : Fetch return value.(\*3) $comm : Fetch current task comm. +|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*4)(\*5) \IMM : Store an immediate value to the argument. NAME=FETCHARG : Set NAME as the argument name of FETCHARG. FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types (u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types (x8/x16/x32/x64), "char", "string", "ustring", "symbol", "symstr" and bitfield are supported. (\*1) This is available only when BTF is enabled. (\*2) only for the probe on function entry (offs == 0). Note, this argument access is best effort, because depending on the argument type, it may be passed on the stack. But this only support the arguments via registers. (\*3) only for return probe. Note that this is also best effort. Depending on the return value type, it might be passed via a pair of registers. But this only accesses one register. (\*4) this is useful for fetching a field of data structures. (\*5) "u" means user-space dereference.”…””}”hjWsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´KhjDh²hubhý)”}”(hŒRFor the details of TYPE, see :ref:`kprobetrace documentation `.”h]”(hŒFor the details of TYPE, see ”…””}”(hjeh²hh³Nh´Nubh)”}”(hŒ4:ref:`kprobetrace documentation `”h]”hŒinline”“”)”}”(hjoh]”hŒkprobetrace documentation”…””}”(hjsh²hh³Nh´Nubah}”(h]”h ]”(Œxref”Œstd”Œstd-ref”eh"]”h$]”h&]”uh1jqhjmubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œtrace/fprobetrace”Œ refdomain”j~Œreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆŒ reftarget”Œkprobetrace_types”uh1hh³hÇh´KGhjeubhŒ.”…””}”(hjeh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´KGhjDh²hubeh}”(h]”Œsynopsis-of-fprobe-events”ah ]”h"]”Œsynopsis of fprobe-events”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒFunction arguments at exit”h]”hŒFunction arguments at exit”…””}”(hj§h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj¤h²hh³hÇh´KJubhý)”}”(hXcFunction arguments can be accessed at exit probe using $arg fetcharg. This is useful to record the function parameter and return value at once, and trace the difference of structure fields (for debugging a function whether it correctly updates the given data structure or not) See the :ref:`sample` below for how it works.”h]”(hX Function arguments can be accessed at exit probe using $arg fetcharg. This is useful to record the function parameter and return value at once, and trace the difference of structure fields (for debugging a function whether it correctly updates the given data structure or not) See the ”…””}”(hjµh²hh³Nh´Nubh)”}”(hŒ+:ref:`sample`”h]”jr)”}”(hj¿h]”hŒsample”…””}”(hjÁh²hh³Nh´Nubah}”(h]”h ]”(j}Œstd”Œstd-ref”eh"]”h$]”h&]”uh1jqhj½ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jŠŒ refdomain”jËŒreftype”Œref”Œ refexplicit”ˆŒrefwarn”ˆjŒfprobetrace_exit_args_sample”uh1hh³hÇh´KKhjµubhŒ below for how it works.”…””}”(hjµh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´KKhj¤h²hubeh}”(h]”Œfunction-arguments-at-exit”ah ]”h"]”Œfunction arguments at exit”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KJubhÉ)”}”(hhh]”(hÎ)”}”(hŒ BTF arguments”h]”hŒ BTF arguments”…””}”(hjòh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjïh²hh³hÇh´KRubhý)”}”(hXRBTF (BPF Type Format) argument allows user to trace function and tracepoint parameters by its name instead of ``$argN``. This feature is available if the kernel is configured with CONFIG_BPF_SYSCALL and CONFIG_DEBUG_INFO_BTF. If user only specify the BTF argument, the event's argument name is also automatically set by the given name. ::”h]”(hŒnBTF (BPF Type Format) argument allows user to trace function and tracepoint parameters by its name instead of ”…””}”(hjh²hh³Nh´NubhŒliteral”“”)”}”(hŒ ``$argN``”h]”hŒ$argN”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒÚ. This feature is available if the kernel is configured with CONFIG_BPF_SYSCALL and CONFIG_DEBUG_INFO_BTF. If user only specify the BTF argument, the event’s argument name is also automatically set by the given name.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´KShjïh²hubjV)”}”(hŒ{# echo 'f:myprobe vfs_read count pos' >> dynamic_events # cat dynamic_events f:fprobes/myprobe vfs_read count=count pos=pos”h]”hŒ{# echo 'f:myprobe vfs_read count pos' >> dynamic_events # cat dynamic_events f:fprobes/myprobe vfs_read count=count pos=pos”…””}”hj"sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´KYhjïh²hubhý)”}”(hŒúIt also chooses the fetch type from BTF information. For example, in the above example, the ``count`` is unsigned long, and the ``pos`` is a pointer. Thus, both are converted to 64bit unsigned long, but only ``pos`` has "%Lx" print-format as below ::”h]”(hŒ\It also chooses the fetch type from BTF information. For example, in the above example, the ”…””}”(hj0h²hh³Nh´Nubj )”}”(hŒ ``count``”h]”hŒcount”…””}”(hj8h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj0ubhŒ is unsigned long, and the ”…””}”(hj0h²hh³Nh´Nubj )”}”(hŒ``pos``”h]”hŒpos”…””}”(hjJh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj0ubhŒI is a pointer. Thus, both are converted to 64bit unsigned long, but only ”…””}”(hj0h²hh³Nh´Nubj )”}”(hŒ``pos``”h]”hŒpos”…””}”(hj\h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj0ubhŒ$ has “%Lx†print-format as below”…””}”(hj0h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K]hjïh²hubjV)”}”(hX‘# cat events/fprobes/myprobe/format name: myprobe ID: 1313 format: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned long __probe_ip; offset:8; size:8; signed:0; field:u64 count; offset:16; size:8; signed:0; field:u64 pos; offset:24; size:8; signed:0; print fmt: "(%lx) count=%Lu pos=0x%Lx", REC->__probe_ip, REC->count, REC->pos”h]”hX‘# cat events/fprobes/myprobe/format name: myprobe ID: 1313 format: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned long __probe_ip; offset:8; size:8; signed:0; field:u64 count; offset:16; size:8; signed:0; field:u64 pos; offset:24; size:8; signed:0; print fmt: "(%lx) count=%Lu pos=0x%Lx", REC->__probe_ip, REC->count, REC->pos”…””}”hjtsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´Kbhjïh²hubhý)”}”(hŒ›If user unsures the name of arguments, ``$arg*`` will be helpful. The ``$arg*`` is expanded to all function arguments of the function or the tracepoint. ::”h]”(hŒ'If user unsures the name of arguments, ”…””}”(hj‚h²hh³Nh´Nubj )”}”(hŒ ``$arg*``”h]”hŒ$arg*”…””}”(hjŠh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj‚ubhŒ will be helpful. The ”…””}”(hj‚h²hh³Nh´Nubj )”}”(hŒ ``$arg*``”h]”hŒ$arg*”…””}”(hjœh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj‚ubhŒI is expanded to all function arguments of the function or the tracepoint.”…””}”(hj‚h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Kqhjïh²hubjV)”}”(hŒ‰# echo 'f:myprobe vfs_read $arg*' >> dynamic_events # cat dynamic_events f:fprobes/myprobe vfs_read file=file buf=buf count=count pos=pos”h]”hŒ‰# echo 'f:myprobe vfs_read $arg*' >> dynamic_events # cat dynamic_events f:fprobes/myprobe vfs_read file=file buf=buf count=count pos=pos”…””}”hj´sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´Kthjïh²hubhý)”}”(hŒ°BTF also affects the ``$retval``. If user doesn't set any type, the retval type is automatically picked from the BTF. If the function returns ``void``, ``$retval`` is rejected.”h]”(hŒBTF also affects the ”…””}”(hjÂh²hh³Nh´Nubj )”}”(hŒ ``$retval``”h]”hŒ$retval”…””}”(hjÊh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjÂubhŒp. If user doesn’t set any type, the retval type is automatically picked from the BTF. If the function returns ”…””}”(hjÂh²hh³Nh´Nubj )”}”(hŒ``void``”h]”hŒvoid”…””}”(hjÜh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjÂubhŒ, ”…””}”(hjÂh²hh³Nh´Nubj )”}”(hŒ ``$retval``”h]”hŒ$retval”…””}”(hjîh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjÂubhŒ is rejected.”…””}”(hjÂh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Kxhjïh²hubhý)”}”(hŒ•You can access the data fields of a data structure using allow operator ``->`` (for pointer type) and dot operator ``.`` (for data structure type.)::”h]”(hŒHYou can access the data fields of a data structure using allow operator ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``->``”h]”hŒ->”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ% (for pointer type) and dot operator ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``.``”h]”hŒ.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ (for data structure type.):”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K|hjïh²hubjV)”}”(hŒW# echo 't sched_switch preempt prev_pid=prev->pid next_pid=next->pid' >> dynamic_events”h]”hŒW# echo 't sched_switch preempt prev_pid=prev->pid next_pid=next->pid' >> dynamic_events”…””}”hj8sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´Khjïh²hubhý)”}”(hXThe field access operators, ``->`` and ``.`` can be combined for accessing deeper members and other structure members pointed by the member. e.g. ``foo->bar.baz->qux`` If there is non-name union member, you can directly access it as the C code does. For example::”h]”(hŒThe field access operators, ”…””}”(hjFh²hh³Nh´Nubj )”}”(hŒ``->``”h]”hŒ->”…””}”(hjNh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjFubhŒ and ”…””}”(hjFh²hh³Nh´Nubj )”}”(hŒ``.``”h]”hŒ.”…””}”(hj`h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjFubhŒf can be combined for accessing deeper members and other structure members pointed by the member. e.g. ”…””}”(hjFh²hh³Nh´Nubj )”}”(hŒ``foo->bar.baz->qux``”h]”hŒfoo->bar.baz->qux”…””}”(hjrh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjFubhŒ_ If there is non-name union member, you can directly access it as the C code does. For example:”…””}”(hjFh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khjïh²hubjV)”}”(hŒEstruct { union { int a; int b; }; } *foo;”h]”hŒEstruct { union { int a; int b; }; } *foo;”…””}”hjŠsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´K†hjïh²hubhý)”}”(hŒFTo access ``a`` and ``b``, use ``foo->a`` and ``foo->b`` in this case.”h]”(hŒ To access ”…””}”(hj˜h²hh³Nh´Nubj )”}”(hŒ``a``”h]”hŒa”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj˜ubhŒ and ”…””}”(hj˜h²hh³Nh´Nubj )”}”(hŒ``b``”h]”hŒb”…””}”(hj²h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj˜ubhŒ, use ”…””}”(hj˜h²hh³Nh´Nubj )”}”(hŒ ``foo->a``”h]”hŒfoo->a”…””}”(hjÄh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj˜ubhŒ and ”…””}”hj˜sbj )”}”(hŒ ``foo->b``”h]”hŒfoo->b”…””}”(hjÖh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj˜ubhŒ in this case.”…””}”(hj˜h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khjïh²hubhý)”}”(hŒaThis data field access is available for the return value via ``$retval``, e.g. ``$retval->name``.”h]”(hŒ=This data field access is available for the return value via ”…””}”(hjîh²hh³Nh´Nubj )”}”(hŒ ``$retval``”h]”hŒ$retval”…””}”(hjöh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjîubhŒ, e.g. ”…””}”(hjîh²hh³Nh´Nubj )”}”(hŒ``$retval->name``”h]”hŒ $retval->name”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjîubhŒ.”…””}”(hjîh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khjïh²hubhý)”}”(hX÷For these BTF arguments and fields, ``:string`` and ``:ustring`` change the behavior. If these are used for BTF argument or field, it checks whether the BTF type of the argument or the data field is ``char *`` or ``char []``, or not. If not, it rejects applying the string types. Also, with the BTF support, you don't need a memory dereference operator (``+0(PTR)``) for accessing the string pointed by a ``PTR``. It automatically adds the memory dereference operator according to the BTF type. e.g. ::”h]”(hŒ$For these BTF arguments and fields, ”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ ``:string``”h]”hŒ:string”…””}”(hj(h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒ and ”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ ``:ustring``”h]”hŒ:ustring”…””}”(hj:h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒ‡ change the behavior. If these are used for BTF argument or field, it checks whether the BTF type of the argument or the data field is ”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ ``char *``”h]”hŒchar *”…””}”(hjLh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒ or ”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ ``char []``”h]”hŒchar []”…””}”(hj^h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒ…, or not. If not, it rejects applying the string types. Also, with the BTF support, you don’t need a memory dereference operator (”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ ``+0(PTR)``”h]”hŒ+0(PTR)”…””}”(hjph²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒ() for accessing the string pointed by a ”…””}”(hj h²hh³Nh´Nubj )”}”(hŒ``PTR``”h]”hŒPTR”…””}”(hj‚h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj ubhŒW. It automatically adds the memory dereference operator according to the BTF type. e.g.”…””}”(hj h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K’hjïh²hubjV)”}”(hŒ‚# echo 't sched_switch prev->comm:string' >> dynamic_events # echo 'f getname_flags%return $retval->name:string' >> dynamic_events”h]”hŒ‚# echo 't sched_switch prev->comm:string' >> dynamic_events # echo 'f getname_flags%return $retval->name:string' >> dynamic_events”…””}”hjšsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´Kšhjïh²hubhý)”}”(hŒÅThe ``prev->comm`` is an embedded char array in the data structure, and ``$retval->name`` is a char pointer in the data structure. But in both cases, you can use ``:string`` type to get the string.”h]”(hŒThe ”…””}”(hj¨h²hh³Nh´Nubj )”}”(hŒ``prev->comm``”h]”hŒ prev->comm”…””}”(hj°h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj¨ubhŒ6 is an embedded char array in the data structure, and ”…””}”(hj¨h²hh³Nh´Nubj )”}”(hŒ``$retval->name``”h]”hŒ $retval->name”…””}”(hjÂh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj¨ubhŒI is a char pointer in the data structure. But in both cases, you can use ”…””}”(hj¨h²hh³Nh´Nubj )”}”(hŒ ``:string``”h]”hŒ:string”…””}”(hjÔh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhj¨ubhŒ type to get the string.”…””}”(hj¨h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Khjïh²hubeh}”(h]”Œ btf-arguments”ah ]”h"]”Œ btf arguments”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KRubhÉ)”}”(hhh]”(hÎ)”}”(hŒUsage examples”h]”hŒUsage examples”…””}”(hj÷h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjôh²hh³hÇh´K£ubhý)”}”(hŒiHere is an example to add fprobe events on ``vfs_read()`` function entry and exit, with BTF arguments. ::”h]”(hŒ+Here is an example to add fprobe events on ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``vfs_read()``”h]”hŒ vfs_read()”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ- function entry and exit, with BTF arguments.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K¤hjôh²hubjV)”}”(hXã # echo 'f vfs_read $arg*' >> dynamic_events # echo 'f vfs_read%return $retval' >> dynamic_events # cat dynamic_events f:fprobes/vfs_read__entry vfs_read file=file buf=buf count=count pos=pos f:fprobes/vfs_read__exit vfs_read%return arg1=$retval # echo 1 > events/fprobes/enable # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] ...1. 335.883195: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883208: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 335.883220: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883224: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 335.883232: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c687a count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883237: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 336.050329: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 336.050343: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1”h]”hXã # echo 'f vfs_read $arg*' >> dynamic_events # echo 'f vfs_read%return $retval' >> dynamic_events # cat dynamic_events f:fprobes/vfs_read__entry vfs_read file=file buf=buf count=count pos=pos f:fprobes/vfs_read__exit vfs_read%return arg1=$retval # echo 1 > events/fprobes/enable # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] ...1. 335.883195: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883208: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 335.883220: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883224: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 335.883232: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c687a count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 335.883237: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1 sh-70 [000] ...1. 336.050329: vfs_read__entry: (vfs_read+0x4/0x340) file=0xffff888005cf9a80 buf=0x7ffef36c6879 count=1 pos=0xffffc900005aff08 sh-70 [000] ..... 336.050343: vfs_read__exit: (ksys_read+0x75/0x100 <- vfs_read) arg1=1”…””}”hj%sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´K¨hjôh²hubhý)”}”(hŒPYou can see all function arguments and return values are recorded as signed int.”h]”hŒPYou can see all function arguments and return values are recorded as signed int.”…””}”(hj3h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Kºhjôh²hubhý)”}”(hŒžAlso, here is an example of tracepoint events on ``sched_switch`` tracepoint. To compare the result, this also enables the ``sched_switch`` traceevent too. ::”h]”(hŒ1Also, here is an example of tracepoint events on ”…””}”(hjAh²hh³Nh´Nubj )”}”(hŒ``sched_switch``”h]”hŒ sched_switch”…””}”(hjIh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjAubhŒ: tracepoint. To compare the result, this also enables the ”…””}”(hjAh²hh³Nh´Nubj )”}”(hŒ``sched_switch``”h]”hŒ sched_switch”…””}”(hj[h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjAubhŒ traceevent too.”…””}”(hjAh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´K¼hjôh²hubjV)”}”(hX # echo 't sched_switch $arg*' >> dynamic_events # echo 1 > events/sched/sched_switch/enable # echo 1 > events/tracepoints/sched_switch/enable # echo > trace # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] d..2. 3912.083993: sched_switch: prev_comm=sh prev_pid=70 prev_prio=120 prev_state=S ==> next_comm=swapper/0 next_pid=0 next_prio=120 sh-70 [000] d..3. 3912.083995: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffff88800664e100 next=0xffffffff828229c0 prev_state=1 -0 [000] d..2. 3912.084183: sched_switch: prev_comm=swapper/0 prev_pid=0 prev_prio=120 prev_state=R ==> next_comm=rcu_preempt next_pid=16 next_prio=120 -0 [000] d..3. 3912.084184: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffffffff828229c0 next=0xffff888004208000 prev_state=0 rcu_preempt-16 [000] d..2. 3912.084196: sched_switch: prev_comm=rcu_preempt prev_pid=16 prev_prio=120 prev_state=I ==> next_comm=swapper/0 next_pid=0 next_prio=120 rcu_preempt-16 [000] d..3. 3912.084196: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffff888004208000 next=0xffffffff828229c0 prev_state=1026 -0 [000] d..2. 3912.085191: sched_switch: prev_comm=swapper/0 prev_pid=0 prev_prio=120 prev_state=R ==> next_comm=rcu_preempt next_pid=16 next_prio=120 -0 [000] d..3. 3912.085191: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffffffff828229c0 next=0xffff888004208000 prev_state=0”h]”hX # echo 't sched_switch $arg*' >> dynamic_events # echo 1 > events/sched/sched_switch/enable # echo 1 > events/tracepoints/sched_switch/enable # echo > trace # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] d..2. 3912.083993: sched_switch: prev_comm=sh prev_pid=70 prev_prio=120 prev_state=S ==> next_comm=swapper/0 next_pid=0 next_prio=120 sh-70 [000] d..3. 3912.083995: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffff88800664e100 next=0xffffffff828229c0 prev_state=1 -0 [000] d..2. 3912.084183: sched_switch: prev_comm=swapper/0 prev_pid=0 prev_prio=120 prev_state=R ==> next_comm=rcu_preempt next_pid=16 next_prio=120 -0 [000] d..3. 3912.084184: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffffffff828229c0 next=0xffff888004208000 prev_state=0 rcu_preempt-16 [000] d..2. 3912.084196: sched_switch: prev_comm=rcu_preempt prev_pid=16 prev_prio=120 prev_state=I ==> next_comm=swapper/0 next_pid=0 next_prio=120 rcu_preempt-16 [000] d..3. 3912.084196: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffff888004208000 next=0xffffffff828229c0 prev_state=1026 -0 [000] d..2. 3912.085191: sched_switch: prev_comm=swapper/0 prev_pid=0 prev_prio=120 prev_state=R ==> next_comm=rcu_preempt next_pid=16 next_prio=120 -0 [000] d..3. 3912.085191: sched_switch: (__probestub_sched_switch+0x4/0x10) preempt=0 prev=0xffffffff828229c0 next=0xffff888004208000 prev_state=0”…””}”hjssbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´KÀhjôh²hubhý)”}”(hXAs you can see, the ``sched_switch`` trace-event shows *cooked* parameters, on the other hand, the ``sched_switch`` tracepoint probe event shows *raw* parameters. This means you can access any field values in the task structure pointed by the ``prev`` and ``next`` arguments.”h]”(hŒAs you can see, the ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``sched_switch``”h]”hŒ sched_switch”…””}”(hj‰h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ trace-event shows ”…””}”(hjh²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*cooked*”h]”hŒcooked”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j›hjubhŒ$ parameters, on the other hand, the ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``sched_switch``”h]”hŒ sched_switch”…””}”(hj¯h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ tracepoint probe event shows ”…””}”(hjh²hh³Nh´Nubjœ)”}”(hŒ*raw*”h]”hŒraw”…””}”(hjÁh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j›hjubhŒ] parameters. This means you can access any field values in the task structure pointed by the ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``prev``”h]”hŒprev”…””}”(hjÓh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ and ”…””}”(hjh²hh³Nh´Nubj )”}”(hŒ``next``”h]”hŒnext”…””}”(hjåh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubhŒ arguments.”…””}”(hjh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´KÐhjôh²hubhý)”}”(hŒ…For example, usually ``task_struct::start_time`` is not traced, but with this traceprobe event, you can trace that field as below. ::”h]”(hŒFor example, usually ”…””}”(hjýh²hh³Nh´Nubj )”}”(hŒ``task_struct::start_time``”h]”hŒtask_struct::start_time”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjýubhŒR is not traced, but with this traceprobe event, you can trace that field as below.”…””}”(hjýh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´KÕhjôh²hubjV)”}”(hX] # echo 't sched_switch comm=next->comm:string next->start_time' > dynamic_events # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] d..3. 5606.686577: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="rcu_preempt" usage=1 start_time=245000000 rcu_preempt-16 [000] d..3. 5606.686602: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="sh" usage=1 start_time=1596095526 sh-70 [000] d..3. 5606.686637: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.687190: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="rcu_preempt" usage=1 start_time=245000000 rcu_preempt-16 [000] d..3. 5606.687202: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.690317: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000 kworker/0:1-14 [000] d..3. 5606.690339: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.692368: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000”h]”hX] # echo 't sched_switch comm=next->comm:string next->start_time' > dynamic_events # head -n 20 trace | tail # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | sh-70 [000] d..3. 5606.686577: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="rcu_preempt" usage=1 start_time=245000000 rcu_preempt-16 [000] d..3. 5606.686602: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="sh" usage=1 start_time=1596095526 sh-70 [000] d..3. 5606.686637: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.687190: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="rcu_preempt" usage=1 start_time=245000000 rcu_preempt-16 [000] d..3. 5606.687202: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.690317: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000 kworker/0:1-14 [000] d..3. 5606.690339: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="swapper/0" usage=2 start_time=0 -0 [000] d..3. 5606.692368: sched_switch: (__probestub_sched_switch+0x4/0x10) comm="kworker/0:1" usage=1 start_time=137000000”…””}”hjsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´KÙhjôh²hubhŒtarget”“”)”}”(hŒ!.. _fprobetrace_exit_args_sample:”h]”h}”(h]”h ]”h"]”h$]”h&]”Œrefid”Œfprobetrace-exit-args-sample”uh1j+h´Kæhjôh²hh³hÇubhý)”}”(hŒÁThe return probe allows us to access the results of some functions, which returns the error code and its results are passed via function parameter, such as an structure-initialization function.”h]”hŒÁThe return probe allows us to access the results of some functions, which returns the error code and its results are passed via function parameter, such as an structure-initialization function.”…””}”(hj9h²hh³Nh´Nubah}”(h]”j8ah ]”h"]”Œfprobetrace_exit_args_sample”ah$]”h&]”uh1hüh³hÇh´Kèhjôh²hŒexpect_referenced_by_name”}”jEj-sŒexpect_referenced_by_id”}”j8j-subhý)”}”(hŒƒFor example, vfs_open() will link the file structure to the inode and update mode. You can trace that changes with return probe. ::”h]”hŒ€For example, vfs_open() will link the file structure to the inode and update mode. You can trace that changes with return probe.”…””}”(hjLh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Kìhjôh²hubjV)”}”(hXº# echo 'f vfs_open mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events # echo 'f vfs_open%%return mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events # echo 1 > events/fprobes/enable # cat trace sh-131 [006] ...1. 1945.714346: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x2 inode=0x0 sh-131 [006] ...1. 1945.714358: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4d801e inode=0xffff888008470168 cat-143 [007] ...1. 1945.717949: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0 cat-143 [007] ...1. 1945.717956: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4a801d inode=0xffff888005f78d28 cat-143 [007] ...1. 1945.720616: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0 cat-143 [007] ...1. 1945.728263: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0xa800d inode=0xffff888004ada8d8”h]”hXº# echo 'f vfs_open mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events # echo 'f vfs_open%%return mode=file->f_mode:x32 inode=file->f_inode:x64' >> dynamic_events # echo 1 > events/fprobes/enable # cat trace sh-131 [006] ...1. 1945.714346: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x2 inode=0x0 sh-131 [006] ...1. 1945.714358: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4d801e inode=0xffff888008470168 cat-143 [007] ...1. 1945.717949: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0 cat-143 [007] ...1. 1945.717956: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0x4a801d inode=0xffff888005f78d28 cat-143 [007] ...1. 1945.720616: vfs_open__entry: (vfs_open+0x4/0x40) mode=0x1 inode=0x0 cat-143 [007] ...1. 1945.728263: vfs_open__exit: (do_open+0x274/0x3d0 <- vfs_open) mode=0xa800d inode=0xffff888004ada8d8”…””}”hjZsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jUh³hÇh´Kðhjôh²hubhý)”}”(hŒOYou can see the `file::f_mode` and `file::f_inode` are updated in `vfs_open()`.”h]”(hŒYou can see the ”…””}”(hjhh²hh³Nh´Nubj#)”}”(hŒ`file::f_mode`”h]”hŒ file::f_mode”…””}”(hjph²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"hjhubhŒ and ”…””}”(hjhh²hh³Nh´Nubj#)”}”(hŒ`file::f_inode`”h]”hŒ file::f_inode”…””}”(hj‚h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"hjhubhŒ are updated in ”…””}”(hjhh²hh³Nh´Nubj#)”}”(hŒ `vfs_open()`”h]”hŒ vfs_open()”…””}”(hj”h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"hjhubhŒ.”…””}”(hjhh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hüh³hÇh´Kûhjôh²hubeh}”(h]”Œusage-examples”ah ]”h"]”Œusage examples”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K£ubeh}”(h]”Œfprobe-based-event-tracing”ah ]”h"]”Œfprobe-based event tracing”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jߌerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”j8]”j-asŒnameids”}”(j¹j¶jAj>j¡jžjìjéjñjîj±j®jEj8uŒ nametypes”}”(j¹‰jA‰j¡‰jì‰jñ‰j±‰jEˆuh}”(j¶hÊj>hëjžjDjéj¤jîjïj®jôj8j9uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”hŒsystem_message”“”)”}”(hhh]”hý)”}”(hhh]”hŒBHyperlink target "fprobetrace-exit-args-sample" is not referenced.”…””}”hjIsbah}”(h]”h ]”h"]”h$]”h&]”uh1hühjFubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”ŒINFO”Œsource”hÇŒline”Kæuh1jDubaŒ transformer”NŒ include_log”]”Œ decoration”Nh²hub.