/usr/share/systemtap/tapset/linux/kprocess.stp is in systemtap-common 2.3-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 | // kernel process tapset
// Copyright (C) 2006 Intel Corporation.
//
// This file is part of systemtap, and is free software. You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.
// <tapsetdescription>
// This family of probe points is used to probe process-related activities.
// </tapsetdescription>
function _IS_ERR:long(ptr:long) %{ /* pure */
STAP_RETVALUE = IS_ERR((const void *)(long)STAP_ARG_ptr);
%}
/**
* probe kprocess.create - Fires whenever a new process or thread is successfully created
* @new_pid: The PID of the newly created process
* @new_tid: The TID of the newly created task
*
* Context:
* Parent of the created process.
*
* Fires whenever a new process is successfully created, either as a result of
* fork (or one of its syscall variants), or a new kernel thread.
*/
probe kprocess.create = kernel.function("copy_process").return {
task = $return
if (_IS_ERR(task)) next
new_pid = task_pid(task)
new_tid = task_tid(task)
}
/**
* probe kprocess.start - Starting new process
*
* Context:
* Newly created process.
*
* Fires immediately before a new process begins execution.
*
*/
probe kprocess.start = kernel.function("schedule_tail") { }
/**
* probe kprocess.exec - Attempt to exec to a new program
* @filename: The path to the new executable
*
* Context:
* The caller of exec.
*
* Fires whenever a process attempts to exec to a new program.
*/
probe kprocess.exec =
kernel.function("do_execve"),
kernel.function("compat_do_execve") ?
{
filename = kernel_string($filename)
}
/**
* probe kprocess.exec_complete - Return from exec to a new program
* @errno: The error number resulting from the exec
* @success: A boolean indicating whether the exec was successful
*
* Context:
* On success, the context of the new executable.
* On failure, remains in the context of the caller.
*
* Fires at the completion of an exec call.
*/
probe kprocess.exec_complete =
kernel.function("do_execve").return,
kernel.function("compat_do_execve").return ?
{
errno = $return
success = (errno >= 0)
}
/**
* probe kprocess.exit - Exit from process
* @code: The exit code of the process
*
* Context:
* The process which is terminating.
*
* Fires when a process terminates. This will always be followed by a
* kprocess.release, though the latter may be delayed if the process waits in a
* zombie state.
*/
probe kprocess.exit = kernel.function("do_exit") {
code = $code
}
/**
* probe kprocess.release - Process released
* @task: A task handle to the process being released
* @released_pid: PID of the process being released
* @released_tid: TID of the task being released
* @pid: Same as @released_pid for compatibility (deprecated)
*
* Context:
* The context of the parent, if it wanted notification of this process'
* termination, else the context of the process itself.
*
* Fires when a process is released from the kernel. This always follows a
* kprocess.exit, though it may be delayed somewhat if the process waits in a
* zombie state.
*/
probe kprocess.release = kernel.function("release_task") {
task = $p
%(systemtap_v <= "1.7" %?
pid = task_pid($p)
%)
released_pid = task_pid($p)
released_tid = task_tid($p)
}
|