Watchpoint probe (wprobe) Event Tracing¶
Overview¶
Wprobe event is a dynamic event based on the hardware breakpoint, which is similar to other probe events, but it is for watching data access. It allows you to trace which code accesses a specified data.
As same as other dynamic events, wprobe events are defined via dynamic_events interface file on tracefs.
Synopsis of wprobe-events¶
w:[GRP/][EVENT] SPEC [FETCHARGS] : Probe on data access
GRP : Group name for wprobe. If omitted, use "wprobes" for it.
EVENT : Event name for wprobe. If omitted, an event name is
generated based on the address or symbol.
SPEC : Breakpoint specification.
[r|w|rw]@<ADDRESS|SYMBOL[+|-OFFS]>[:LENGTH]
r|w|rw : Access type, r for read, w for write, and rw for both.
Default is rw if omitted.
ADDRESS : Address to trace (hexadecimal).
SYMBOL : Symbol name to trace.
LENGTH : Length of the data to trace in bytes. (1, 2, 4, or 8)
FETCHARGS : Arguments. Each probe can have up to 128 args.
$addr : Fetch the accessing address.
@ADDR : Fetch memory at ADDR (ADDR should be in kernel)
@SYM[+|-offs] : Fetch memory at SYM +|- offs (SYM should be a data symbol)
+|-[u]OFFS(FETCHARG) : Fetch memory at FETCHARG +|- OFFS address.(\*1)(\*2)
\IMM : Store an immediate value to the argument.
NAME=FETCHARG : Set NAME as the argument name of FETCHARG.
FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types
(u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types
(x8/x16/x32/x64), "char", "string", "ustring", "symbol", "symstr"
and bitfield are supported.
(\*1) this is useful for fetching a field of data structures.
(\*2) "u" means user-space dereference.
For the details of TYPE, see kprobetrace documentation.
Usage examples¶
Here is an example to add a wprobe event on a variable jiffies.
# echo 'w:my_jiffies w@jiffies' >> dynamic_events
# cat dynamic_events
w:wprobes/my_jiffies w@jiffies
# echo 1 > events/wprobes/enable
# cat trace | head
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
<idle>-0 [000] d.Z1. 717.026259: my_jiffies: (tick_do_update_jiffies64+0xbe/0x130)
<idle>-0 [000] d.Z1. 717.026373: my_jiffies: (tick_do_update_jiffies64+0xbe/0x130)
You can see the code which writes to jiffies is tick_do_update_jiffies64()
.