From: Masami Hiramatsu (Google) <[email protected]>
Since the eprobe filter was defined based on the eprobe's trace event
itself, it doesn't work correctly. Use the original trace event of
the eprobe when making the filter so that the filter works correctly.
Without this fix:
# echo 'e syscalls/sys_enter_openat \
flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
# echo 1 > events/eprobes/sys_enter_openat/enable
[ 114.551550] event trace: Could not enable event sys_enter_openat
-bash: echo: write error: Invalid argument
With this fix:
# echo 'e syscalls/sys_enter_openat \
flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
# echo 1 > events/eprobes/sys_enter_openat/enable
# tail trace
cat-241 [000] ...1. 266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
cat-242 [000] ...1. 266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support")
Reported-by: Rafael Mendonca <[email protected]>
Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
---
kernel/trace/trace_eprobe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
index fe4833a7b7b3..1c3096ab2fe7 100644
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct trace_event_file *file)
INIT_LIST_HEAD(&trigger->list);
if (ep->filter_str) {
- ret = create_event_filter(file->tr, file->event_call,
+ ret = create_event_filter(file->tr, ep->event,
ep->filter_str, false, &filter);
if (ret)
goto error;
Hi Rafael,
Can you give me your Tested-by on this?
Thank you,
On Sat, 12 Nov 2022 14:41:04 +0900
"Masami Hiramatsu (Google)" <[email protected]> wrote:
> From: Masami Hiramatsu (Google) <[email protected]>
>
> Since the eprobe filter was defined based on the eprobe's trace event
> itself, it doesn't work correctly. Use the original trace event of
> the eprobe when making the filter so that the filter works correctly.
>
> Without this fix:
>
> # echo 'e syscalls/sys_enter_openat \
> flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> # echo 1 > events/eprobes/sys_enter_openat/enable
> [ 114.551550] event trace: Could not enable event sys_enter_openat
> -bash: echo: write error: Invalid argument
>
> With this fix:
> # echo 'e syscalls/sys_enter_openat \
> flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> # echo 1 > events/eprobes/sys_enter_openat/enable
> # tail trace
> cat-241 [000] ...1. 266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> cat-242 [000] ...1. 266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
>
> Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support")
> Reported-by: Rafael Mendonca <[email protected]>
> Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
> ---
> kernel/trace/trace_eprobe.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
> index fe4833a7b7b3..1c3096ab2fe7 100644
> --- a/kernel/trace/trace_eprobe.c
> +++ b/kernel/trace/trace_eprobe.c
> @@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct trace_event_file *file)
> INIT_LIST_HEAD(&trigger->list);
>
> if (ep->filter_str) {
> - ret = create_event_filter(file->tr, file->event_call,
> + ret = create_event_filter(file->tr, ep->event,
> ep->filter_str, false, &filter);
> if (ret)
> goto error;
>
--
Masami Hiramatsu (Google) <[email protected]>
On Sat, Nov 12, 2022 at 02:41:04PM +0900, Masami Hiramatsu (Google) wrote:
> From: Masami Hiramatsu (Google) <[email protected]>
>
> Since the eprobe filter was defined based on the eprobe's trace event
> itself, it doesn't work correctly. Use the original trace event of
> the eprobe when making the filter so that the filter works correctly.
>
> Without this fix:
>
> # echo 'e syscalls/sys_enter_openat \
> flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> # echo 1 > events/eprobes/sys_enter_openat/enable
> [ 114.551550] event trace: Could not enable event sys_enter_openat
> -bash: echo: write error: Invalid argument
>
> With this fix:
> # echo 'e syscalls/sys_enter_openat \
> flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> # echo 1 > events/eprobes/sys_enter_openat/enable
> # tail trace
> cat-241 [000] ...1. 266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> cat-242 [000] ...1. 266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
>
> Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support")
> Reported-by: Rafael Mendonca <[email protected]>
> Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
> ---
> kernel/trace/trace_eprobe.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Hi Masami,
Tested this on top of v6.1-rc5 and the event filtering seems to be
working fine now. Tested with multiple events and conditions. Thanks.
Tested-by: Rafael Mendonca <[email protected]>
>
> diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
> index fe4833a7b7b3..1c3096ab2fe7 100644
> --- a/kernel/trace/trace_eprobe.c
> +++ b/kernel/trace/trace_eprobe.c
> @@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct trace_event_file *file)
> INIT_LIST_HEAD(&trigger->list);
>
> if (ep->filter_str) {
> - ret = create_event_filter(file->tr, file->event_call,
> + ret = create_event_filter(file->tr, ep->event,
> ep->filter_str, false, &filter);
> if (ret)
> goto error;
>
On Mon, 14 Nov 2022 11:24:32 -0300
Rafael Mendonca <[email protected]> wrote:
> On Sat, Nov 12, 2022 at 02:41:04PM +0900, Masami Hiramatsu (Google) wrote:
> > From: Masami Hiramatsu (Google) <[email protected]>
> >
> > Since the eprobe filter was defined based on the eprobe's trace event
> > itself, it doesn't work correctly. Use the original trace event of
> > the eprobe when making the filter so that the filter works correctly.
> >
> > Without this fix:
> >
> > # echo 'e syscalls/sys_enter_openat \
> > flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> > # echo 1 > events/eprobes/sys_enter_openat/enable
> > [ 114.551550] event trace: Could not enable event sys_enter_openat
> > -bash: echo: write error: Invalid argument
> >
> > With this fix:
> > # echo 'e syscalls/sys_enter_openat \
> > flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
> > # echo 1 > events/eprobes/sys_enter_openat/enable
> > # tail trace
> > cat-241 [000] ...1. 266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> > cat-242 [000] ...1. 266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
> >
> > Fixes: 752be5c5c910 ("tracing/eprobe: Add eprobe filter support")
> > Reported-by: Rafael Mendonca <[email protected]>
> > Signed-off-by: Masami Hiramatsu (Google) <[email protected]>
> > ---
> > kernel/trace/trace_eprobe.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Hi Masami,
>
> Tested this on top of v6.1-rc5 and the event filtering seems to be
> working fine now. Tested with multiple events and conditions. Thanks.
>
> Tested-by: Rafael Mendonca <[email protected]>
Thanks a lot!
>
> >
> > diff --git a/kernel/trace/trace_eprobe.c b/kernel/trace/trace_eprobe.c
> > index fe4833a7b7b3..1c3096ab2fe7 100644
> > --- a/kernel/trace/trace_eprobe.c
> > +++ b/kernel/trace/trace_eprobe.c
> > @@ -643,7 +643,7 @@ new_eprobe_trigger(struct trace_eprobe *ep, struct trace_event_file *file)
> > INIT_LIST_HEAD(&trigger->list);
> >
> > if (ep->filter_str) {
> > - ret = create_event_filter(file->tr, file->event_call,
> > + ret = create_event_filter(file->tr, ep->event,
> > ep->filter_str, false, &filter);
> > if (ret)
> > goto error;
> >
--
Masami Hiramatsu (Google) <[email protected]>