This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Documentation for the syscall tapsets?
- From: "Theodore Ts'o" <tytso at mit dot edu>
- To: systemtap at sourceware dot org
- Date: Tue, 08 Jul 2008 14:18:58 -0400
- Subject: Documentation for the syscall tapsets?
- Full-name: Theodore Ts'o
- Phone: (781) 391-3464
So I've been starting to play around with systemtap, and I started by
downloading the "disktop.stp" script. This displayed some interesting
data, including the fact that khelper/modprobe was getting run
frequently:
Tue Jul 8 18:03:53 2008 , Average: 10Kb/sec, Read: 51Kb, Write: 0Kb
UID PID PPID CMD DEVICE T BYTES
0 860 859 modprobe dm-0 R 14722
0 862 861 modprobe dm-0 R 14722
0 864 863 modprobe dm-0 R 14722
15806 8234 1 multiload-apple dm-0 R 7230
0 860 859 khelper dm-0 R 499
0 862 861 khelper dm-0 R 499
0 864 863 khelper dm-0 R 499
This caused me to be curious, and so I wanted to write a script that
would trap the execve system call, and print the arguments to
khelper/modprobe, so I could see what was going on.
I eventually did it via this simple script:
probe syscall.execve {
printf("%s\n", argstr);
}
But the only way I came up with it was by "cheating", and looking at the
tapset sources for syscall.stp in order to find out what magical
variables were set by the syscall.execve probe. Once I knew the answer,
I then started trying to go back to see where I had missed finding the
right answer in the documentation ---- and as far as I can tell, there
is no documentation for all/most of the systemcall probes --- what few
of them there are in man stapprobes and man stapprobes.*, but there is
nothing to define the probes for syscall, other than to "Read The
Source, Luke.
Am I missing something?
- Ted