我有一个关于events/syscalls/sys_enter*跟踪点的问题。为什么不events/syscalls/sys_enter*支持字符串格式?例如,如果sys_enter_openat输出filename为十六进制,而不是字符串。
$ cd /sys/kernel/debug/tracing
$ cat events/syscalls/sys_enter_openat/format
name: sys_enter_openat
ID: 623
format:
field:unsigned short common_type; offset:0; size:2; signed:0;
field:unsigned char common_flags; offset:2; size:1; signed:0;
field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
field:int common_pid; offset:4; size:4; signed:1;
field:int __syscall_nr; offset:8; size:4; signed:1;
field:int dfd; offset:16; size:8; signed:0;
field:const char * filename; offset:24; size:8; signed:0;
field:int flags; offset:32; size:8; signed:0;
field:umode_t mode; offset:40; size:8; signed:0;
print fmt: "dfd: 0x%08lx, filename: 0x%08lx, flags: 0x%08lx, mode: 0x%08lx", ((unsigned long)(REC->dfd)), ((unsigned long)(REC->filename)), ((unsigned long)(REC->flags)), ((unsigned long)(REC->mode))
我知道我可以使用 kprobe 将文件名作为字符串获取,但我不知道为什么默认情况下sys_enter_openat不使用%s输出格式,如下所示。
print fmt: "dfd: 0x%08lx, filename: %s, ...
跟踪器是否有任何限制不能取消引用指针?(如果是cat events/sched/sched_switch/format,格式用于%s输出字符串。)