[lttng-dev] tracepoint sys_enter and sys_exit
Thibault, Daniel
Daniel.Thibault at drdc-rddc.gc.ca
Fri Apr 4 12:19:00 EDT 2014
----------------------------------------------------------------------
Date: Fri, 04 Apr 2014 08:26:52 -0400
From: Francis Giraldeau <francis.giraldeau at gmail.com>
To: "zhenyu.ren" <zhenyu.ren at aliyun.com>
> > But where are these two tracepoints (hits) in kernel source code?
>
> If I remember correctly, for x86_64, the file is arch/x86/kernel/entry_64.S and search for syscall_trace_enter.
>
> Francis
Syscall_trace_enter appears in a handful of .S files (assembly code) in the arch hierarchy. Also ptrace.c and thread_info.h. If thread info includes the TIF_SYSCALL_TRACEPOINT flag, in the x86 case this invokes the tracepoint trace_sys_enter (registered and unregistered by kernel/trace/trace_syscalls.c). The tracepoint provider is the lttng-tracer.ko kernel module.
Daniel U. Thibault
Protection des systèmes et contremesures (PSC) | Systems Protection & Countermeasures (SPC)
Cyber sécurité pour les missions essentielles (CME) | Mission Critical Cyber Security (MCCS)
R & D pour la défense Canada - Valcartier (RDDC Valcartier) | Defence R&D Canada - Valcartier (DRDC Valcartier)
2459 route de la Bravoure
Québec QC G3J 1X5
CANADA
Vox : (418) 844-4000 x4245
Fax : (418) 844-4538
NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ>
Gouvernement du Canada | Government of Canada
<http://www.valcartier.drdc-rddc.gc.ca/>
More information about the lttng-dev
mailing list