search

iovisor / ply

Dynamic Tracing in Linux
GNU General Public License v2.0
969 stars 90 forks source link

Error returned when some examples are tried #52

Closed Apitronix closed 4 years ago

Apitronix commented 4 years ago

Hi there !

I have a problem with ply. When I try to execute some of your README examples, I have an error code returned :

apitronix@cuillere: ~/Documents/Sources/PLY $ sudo ply 'kretprobe:SyS_read { @["size"] = quantize(retval); }'
ERR:-22
apitronix@cuillere: ~/Documents/Sources/PLY $ sudo ply 'kprobe:SyS_read / arg2 > 1024 / { @[pid] = quantize(arg2); }'
ERR:-2
apitronix@cuillere: ~/Documents/Sources/PLY $ sudo ply 'kprobe:SyS_* { @[caller] = count(); }'
ERR:-22
apitronix@cuillere: ~/Documents/Sources/PLY $ sudo ply 'kprobe:SyS_* { @[comm, pid] = count(); }'
ERR:-22

I think this problem is similar to the issue #7 , but I'm not sure. So I tried the Brendan's solution:

apitronix@cuillere: ~/Documents/Sources/PLY $ ./autogen.sh        # This is fine
apitronix@cuillere: ~/Documents/Sources/PLY $ ./configure --with-kerneldir=/usr/linux
# This option don't exist anymore, then I'm not sure to use it right...
apitronix@cuillere: ~/Documents/Sources/PLY $ make        # This is fine
apitronix@cuillere: ~/Documents/Sources/PLY $ sudo make install        # This is fine too

Some additional information about the system:

OS version:
Linux cuillere 5.3.11-100.fc29.x86_64 #1 SMP Tue Nov 12 20:41:25 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Ply version:
ply 7978c1a (linux-version:328459~5.3.11)
wkz commented 4 years ago

This is the problem with putting examples in the README which reference internal kernel functions, sometimes they change :sweat_smile:

You'll have to look in /proc/kallsyms to find out what the corresponding functions are called now. I quick look on my own system (also 5.3.x) indicates that syscall are now prefixed with __x64_sys_. So, for example, to trace all syscalls you can run a script like this:

ply 'k:__x64_sys_!(perf_event_open) { @[caller] = count(); }'

perf_event_open is not allowed to be traced, so it must be excluded.

I'll leave this issue open until I've had time to put better examples in the README.

Thank you for reporting this.

Apitronix commented 4 years ago

Arf... You're right ! :-) Thanks !