Kyle Swenson | 8d8f654 | 2021-03-15 11:02:55 -0600 | [diff] [blame] | 1 | Using the Linux Kernel Tracepoints |
| 2 | |
| 3 | Mathieu Desnoyers |
| 4 | |
| 5 | |
| 6 | This document introduces Linux Kernel Tracepoints and their use. It |
| 7 | provides examples of how to insert tracepoints in the kernel and |
| 8 | connect probe functions to them and provides some examples of probe |
| 9 | functions. |
| 10 | |
| 11 | |
| 12 | * Purpose of tracepoints |
| 13 | |
| 14 | A tracepoint placed in code provides a hook to call a function (probe) |
| 15 | that you can provide at runtime. A tracepoint can be "on" (a probe is |
| 16 | connected to it) or "off" (no probe is attached). When a tracepoint is |
| 17 | "off" it has no effect, except for adding a tiny time penalty |
| 18 | (checking a condition for a branch) and space penalty (adding a few |
| 19 | bytes for the function call at the end of the instrumented function |
| 20 | and adds a data structure in a separate section). When a tracepoint |
| 21 | is "on", the function you provide is called each time the tracepoint |
| 22 | is executed, in the execution context of the caller. When the function |
| 23 | provided ends its execution, it returns to the caller (continuing from |
| 24 | the tracepoint site). |
| 25 | |
| 26 | You can put tracepoints at important locations in the code. They are |
| 27 | lightweight hooks that can pass an arbitrary number of parameters, |
| 28 | which prototypes are described in a tracepoint declaration placed in a |
| 29 | header file. |
| 30 | |
| 31 | They can be used for tracing and performance accounting. |
| 32 | |
| 33 | |
| 34 | * Usage |
| 35 | |
| 36 | Two elements are required for tracepoints : |
| 37 | |
| 38 | - A tracepoint definition, placed in a header file. |
| 39 | - The tracepoint statement, in C code. |
| 40 | |
| 41 | In order to use tracepoints, you should include linux/tracepoint.h. |
| 42 | |
| 43 | In include/trace/events/subsys.h : |
| 44 | |
| 45 | #undef TRACE_SYSTEM |
| 46 | #define TRACE_SYSTEM subsys |
| 47 | |
| 48 | #if !defined(_TRACE_SUBSYS_H) || defined(TRACE_HEADER_MULTI_READ) |
| 49 | #define _TRACE_SUBSYS_H |
| 50 | |
| 51 | #include <linux/tracepoint.h> |
| 52 | |
| 53 | DECLARE_TRACE(subsys_eventname, |
| 54 | TP_PROTO(int firstarg, struct task_struct *p), |
| 55 | TP_ARGS(firstarg, p)); |
| 56 | |
| 57 | #endif /* _TRACE_SUBSYS_H */ |
| 58 | |
| 59 | /* This part must be outside protection */ |
| 60 | #include <trace/define_trace.h> |
| 61 | |
| 62 | In subsys/file.c (where the tracing statement must be added) : |
| 63 | |
| 64 | #include <trace/events/subsys.h> |
| 65 | |
| 66 | #define CREATE_TRACE_POINTS |
| 67 | DEFINE_TRACE(subsys_eventname); |
| 68 | |
| 69 | void somefct(void) |
| 70 | { |
| 71 | ... |
| 72 | trace_subsys_eventname(arg, task); |
| 73 | ... |
| 74 | } |
| 75 | |
| 76 | Where : |
| 77 | - subsys_eventname is an identifier unique to your event |
| 78 | - subsys is the name of your subsystem. |
| 79 | - eventname is the name of the event to trace. |
| 80 | |
| 81 | - TP_PROTO(int firstarg, struct task_struct *p) is the prototype of the |
| 82 | function called by this tracepoint. |
| 83 | |
| 84 | - TP_ARGS(firstarg, p) are the parameters names, same as found in the |
| 85 | prototype. |
| 86 | |
| 87 | - if you use the header in multiple source files, #define CREATE_TRACE_POINTS |
| 88 | should appear only in one source file. |
| 89 | |
| 90 | Connecting a function (probe) to a tracepoint is done by providing a |
| 91 | probe (function to call) for the specific tracepoint through |
| 92 | register_trace_subsys_eventname(). Removing a probe is done through |
| 93 | unregister_trace_subsys_eventname(); it will remove the probe. |
| 94 | |
| 95 | tracepoint_synchronize_unregister() must be called before the end of |
| 96 | the module exit function to make sure there is no caller left using |
| 97 | the probe. This, and the fact that preemption is disabled around the |
| 98 | probe call, make sure that probe removal and module unload are safe. |
| 99 | |
| 100 | The tracepoint mechanism supports inserting multiple instances of the |
| 101 | same tracepoint, but a single definition must be made of a given |
| 102 | tracepoint name over all the kernel to make sure no type conflict will |
| 103 | occur. Name mangling of the tracepoints is done using the prototypes |
| 104 | to make sure typing is correct. Verification of probe type correctness |
| 105 | is done at the registration site by the compiler. Tracepoints can be |
| 106 | put in inline functions, inlined static functions, and unrolled loops |
| 107 | as well as regular functions. |
| 108 | |
| 109 | The naming scheme "subsys_event" is suggested here as a convention |
| 110 | intended to limit collisions. Tracepoint names are global to the |
| 111 | kernel: they are considered as being the same whether they are in the |
| 112 | core kernel image or in modules. |
| 113 | |
| 114 | If the tracepoint has to be used in kernel modules, an |
| 115 | EXPORT_TRACEPOINT_SYMBOL_GPL() or EXPORT_TRACEPOINT_SYMBOL() can be |
| 116 | used to export the defined tracepoints. |
| 117 | |
| 118 | If you need to do a bit of work for a tracepoint parameter, and |
| 119 | that work is only used for the tracepoint, that work can be encapsulated |
| 120 | within an if statement with the following: |
| 121 | |
| 122 | if (trace_foo_bar_enabled()) { |
| 123 | int i; |
| 124 | int tot = 0; |
| 125 | |
| 126 | for (i = 0; i < count; i++) |
| 127 | tot += calculate_nuggets(); |
| 128 | |
| 129 | trace_foo_bar(tot); |
| 130 | } |
| 131 | |
| 132 | All trace_<tracepoint>() calls have a matching trace_<tracepoint>_enabled() |
| 133 | function defined that returns true if the tracepoint is enabled and |
| 134 | false otherwise. The trace_<tracepoint>() should always be within the |
| 135 | block of the if (trace_<tracepoint>_enabled()) to prevent races between |
| 136 | the tracepoint being enabled and the check being seen. |
| 137 | |
| 138 | The advantage of using the trace_<tracepoint>_enabled() is that it uses |
| 139 | the static_key of the tracepoint to allow the if statement to be implemented |
| 140 | with jump labels and avoid conditional branches. |
| 141 | |
| 142 | Note: The convenience macro TRACE_EVENT provides an alternative way to |
| 143 | define tracepoints. Check http://lwn.net/Articles/379903, |
| 144 | http://lwn.net/Articles/381064 and http://lwn.net/Articles/383362 |
| 145 | for a series of articles with more details. |