目前kprobe不支持单个字符的输出显示方式,下面的patch给kprobe增加了一种%c的数据显示方式:
diff --git a/Documentation/trace/kprobetrace.rst b/Documentation/trace/kprobetrace.rst
index b175d88f3..5d0cc4afe 100644
--- a/Documentation/trace/kprobetrace.rst
+++ b/Documentation/trace/kprobetrace.rst
@@ -58,8 +58,8 @@ Synopsis of kprobe_events
NAME=FETCHARG : Set NAME as the argument name of FETCHARG.
FETCHARG:TYPE : Set TYPE as the type of FETCHARG. Currently, basic types
(u8/u16/u32/u64/s8/s16/s32/s64), hexadecimal types
- (x8/x16/x32/x64), "string", "ustring" and bitfield
- are supported.
+ (x8/x16/x32/x64), character type(c8), "string", "ustring"
+ and bitfield are supported.
(\*1) only for the probe on function entry (offs == 0).
(\*2) only for return probe.
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index 80863c650..afd2ab568 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -38,6 +38,7 @@ int PRINT_TYPE_FUNC_NAME(tname)(struct trace_seq *s, void *data, void *ent)\
} \
const char PRINT_TYPE_FMT_NAME(tname)[] = fmt;
+DEFINE_BASIC_PRINT_TYPE_FUNC(c8, u8, "%c")
DEFINE_BASIC_PRINT_TYPE_FUNC(u8, u8, "%u")
DEFINE_BASIC_PRINT_TYPE_FUNC(u16, u16, "%u")
DEFINE_BASIC_PRINT_TYPE_FUNC(u32, u32, "%u")
@@ -81,6 +82,7 @@ static const struct fetch_type probe_fetch_types[] = {
__ASSIGN_FETCH_TYPE("ustring", string, string, sizeof(u32), 1,
"__data_loc char[]"),
/* Basic types */
+ ASSIGN_FETCH_TYPE(c8, u8, 0),
ASSIGN_FETCH_TYPE(u8, u8, 0),
ASSIGN_FETCH_TYPE(u16, u16, 0),
ASSIGN_FETCH_TYPE(u32, u32, 0),
下面是使用方法:
echo 'p:test_bpf1 test_bpf_dump name=+0(+8($arg1)):string name_c8=+0(+8($arg1)):c8 name_c8_array=+0(+8($arg1)):c8[6]' > kprobe_events
下面是trace输出:
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
bash-431 [003] ..... 1616.184892: test_bpf1: (test_bpf_dump+0x0/0x65) name="bpf1" name_c8=b name_c8_array={b,p,f,1,,}