tracepoint, vfs, sched: Add exec() tracepoint

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Added a minimal exec tracepoint. Exec is an important major event
in the life of a task, like fork(), clone() or exit(), all of
which we already trace.

[ We also do scheduling re-balancing during exec() - so it's useful
from a scheduler instrumentation POV as well. ]

If you want to watch a task start up, when it gets exec'ed is a good place
to start. With the addition of this tracepoint, exec's can be monitored
and better picture of general system activity can be obtained. This
tracepoint will also enable better process life tracking, allowing you to
answer questions like "what process keeps starting up binary X?".

This tracepoint can also be useful in ftrace filtering and trigger
conditions: i.e. starting or stopping filtering when exec is called.

Signed-off-by: David Smith <dsmith@redhat.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/4F314D19.7030504@redhat.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>

authored by

David Smith and committed by

Ingo Molnar 14 years ago 4ff16c25 034d150a

+33 -3

2 changed files

expand all

exec.c

include

trace

events

sched.h

+6 -3

fs/exec.c

··· 63 63 #include <trace/events/task.h> 64 64 #include "internal.h" 65 65 66 + #include <trace/events/sched.h> 67 + 66 68 int core_uses_pid; 67 69 char core_pattern[CORENAME_MAX_SIZE] = "core"; 68 70 unsigned int core_pipe_limit; ··· 1403 1401 */ 1404 1402 bprm->recursion_depth = depth; 1405 1403 if (retval >= 0) { 1406 - if (depth == 0) 1407 - ptrace_event(PTRACE_EVENT_EXEC, 1408 - old_pid); 1404 + if (depth == 0) { 1405 + trace_sched_process_exec(current, old_pid, bprm); 1406 + ptrace_event(PTRACE_EVENT_EXEC, old_pid); 1407 + } 1409 1408 put_binfmt(fmt); 1410 1409 allow_write_access(bprm->file); 1411 1410 if (bprm->file)

+27

include/trace/events/sched.h

··· 6 6 7 7 #include <linux/sched.h> 8 8 #include <linux/tracepoint.h> 9 + #include <linux/binfmts.h> 9 10 10 11 /* 11 12 * Tracepoint for calling kthread_stop, performed to end a kthread: ··· 274 273 TP_printk("comm=%s pid=%d child_comm=%s child_pid=%d", 275 274 __entry->parent_comm, __entry->parent_pid, 276 275 __entry->child_comm, __entry->child_pid) 276 + ); 277 + 278 + /* 279 + * Tracepoint for exec: 280 + */ 281 + TRACE_EVENT(sched_process_exec, 282 + 283 + TP_PROTO(struct task_struct *p, pid_t old_pid, 284 + struct linux_binprm *bprm), 285 + 286 + TP_ARGS(p, old_pid, bprm), 287 + 288 + TP_STRUCT__entry( 289 + __string( filename, bprm->filename ) 290 + __field( pid_t, pid ) 291 + __field( pid_t, old_pid ) 292 + ), 293 + 294 + TP_fast_assign( 295 + __assign_str(filename, bprm->filename); 296 + __entry->pid = p->pid; 297 + __entry->old_pid = p->pid; 298 + ), 299 + 300 + TP_printk("filename=%s pid=%d old_pid=%d", __get_str(filename), 301 + __entry->pid, __entry->old_pid) 277 302 ); 278 303 279 304 /*