djfrost373 at gmail.com
Sat Sep 24 07:33:48 EDT 2016
Im trying to get a handle on how the Trace meta data collection works - i
can roughly get a grasp of what the SYSCALL_METADA macro does but there are
a few curious compiler flags that I've never used before, and think i need
some help understanding their implications.
Ive been looking in vim include/linux/syscalls.h and look at the
macros SYSCALL_TRACE_ENTER_EVENT SYSCALL_TRACE_EXIT_EVENT SYSCALL_METADATA
and these macros create some data structures, but don't seem to call any
functions to make any use of them, so I'm assuming that these macros set up
some data structures used by something else.
They all end with an assignment that has a compiler directive
like __attribute__((section("xxxxxx"))) for example, SYSCALL_METADATA ends
static struct syscall_metadata __used \
*__p_syscall_meta_##sname = &__syscall_meta_##sname;
This data structure has been been placed into a special section in the
kernel called "__syscalls_metadata" Is this a heap kind of area somewhere ?
i assume that something is watching this area for changes (or being signal
somehow) so it will see these changes in data ?
the macros SYSCALL_TRACE_ENTER_EVENT have similar attributes on their
assignment that put the data into "_ftrace_events".
I suppose trying to follow logically through the code has now put me into a
bit of a dead end - can anyone point me to the documentation / code that
reads this data so i can complete the chain execution ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Kernelnewbies