diff options
| author | Steven Rostedt (Google) <rostedt@goodmis.org> | 2022-12-19 13:31:07 -0500 |
|---|---|---|
| committer | Steven Rostedt (Google) <rostedt@goodmis.org> | 2023-01-25 10:31:11 -0500 |
| commit | e6745a4da964f5f49b21cbcce5125456984ddc6b (patch) | |
| tree | 06ffa744498e7ece4d553fbfc3762a042db8a200 /Documentation/trace | |
| parent | ae3edea88e6c1bbb8b41ef958f79a7a44ab45f7c (diff) | |
| download | linux-e6745a4da964f5f49b21cbcce5125456984ddc6b.tar.gz linux-e6745a4da964f5f49b21cbcce5125456984ddc6b.tar.bz2 linux-e6745a4da964f5f49b21cbcce5125456984ddc6b.zip | |
tracing: Add a way to filter function addresses to function names
There's been several times where an event records a function address in
its field and I needed to filter on that address for a specific function
name. It required looking up the function in kallsyms, finding its size,
and doing a compare of "field >= function_start && field < function_end".
But this would change from boot to boot and is unreliable in scripts.
Also, it is useful to have this at boot up, where the addresses will not
be known. For example, on the boot command line:
trace_trigger="initcall_finish.traceoff if func.function == acpi_init"
To implement this, add a ".function" prefix, that will check that the
field is of size long, and the only operations allowed (so far) are "=="
and "!=".
Link: https://lkml.kernel.org/r/20221219183213.916833763@goodmis.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: Zheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: Ross Zwisler <zwisler@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Diffstat (limited to 'Documentation/trace')
| -rw-r--r-- | Documentation/trace/events.rst | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Documentation/trace/events.rst b/Documentation/trace/events.rst index c47f381d0c00..d0fd5c7220b7 100644 --- a/Documentation/trace/events.rst +++ b/Documentation/trace/events.rst @@ -207,6 +207,18 @@ field name:: As the kernel will have to know how to retrieve the memory that the pointer is at from user space. +You can convert any long type to a function address and search by function name:: + + call_site.function == security_prepare_creds + +The above will filter when the field "call_site" falls on the address within +"security_prepare_creds". That is, it will compare the value of "call_site" and +the filter will return true if it is greater than or equal to the start of +the function "security_prepare_creds" and less than the end of that function. + +The ".function" postfix can only be attached to values of size long, and can only +be compared with "==" or "!=". + 5.2 Setting filters ------------------- |