SystemTap - filter own syscalls (system-wide trace)

Question

I want to write simple strace-like script using SystemTap. Main goal is to catch only some system calls (like open, close, read, write etc.) for all processes in system. (Can't do that with strace because strace'ing whole system is equal to instant system freeze).

For now it goes like this:

#!/usr/bin/env stap

probe syscall.* 
{
    printf("PID: %d\tNAME: %s\tARGSTR: %s\n",pid(), name, argstr);
}

The problem starts when I want to save output to file. Stap script is constantly finding itself writing to file so it's never ending loop.

I think the solution would be something like this:

    #!/usr/bin/env stap

    probe syscall.* 
    {
        if(pid() != myOwnPid())    
        printf("PID: %d\tNAME: %s\tARGSTR: %s\n",pid(), name, argstr);
    }

But I don't know any function giving pid of running stap script.

Have you considered filtering on filename rather than PID? – kasperd Dec 20 '15 at 14:33 — kasperd, Dec 20 '15 at 14:33

score 2 · Answer 1 · edited Sep 13 '16 at 22:54

2

perf trace -a -e open,close,read,write

It will filter its own calls, use -o output to save the output, just like with strace.

perf trace -h

To see how to filter some pids (xterm, X.org, ssh, etc.) and how to specify just a group of cpus, pids, mix it with tracepoints, page faults, get callchains from any event, etc.

edited Sep 13 '16 at 22:54

techraf

4,243
8
29
44

answered Sep 13 '16 at 15:09

Arnaldo Carvalho de Melo

21
2

score 0 · Accepted Answer · answered Dec 20 '15 at 14:27

0

If you wish to exclude systemtap's own userspace stapio/staprun processes from the strace, use stp_pid():

if (pid() != stp_pid())
    printf("...")

SystemTap - filter own syscalls (system-wide trace)

2 Answers2