user_events.rst (7008B)
1========================================= 2user_events: User-based Event Tracing 3========================================= 4 5:Author: Beau Belgrave 6 7Overview 8-------- 9User based trace events allow user processes to create events and trace data 10that can be viewed via existing tools, such as ftrace and perf. 11To enable this feature, build your kernel with CONFIG_USER_EVENTS=y. 12 13Programs can view status of the events via 14/sys/kernel/debug/tracing/user_events_status and can both register and write 15data out via /sys/kernel/debug/tracing/user_events_data. 16 17Programs can also use /sys/kernel/debug/tracing/dynamic_events to register and 18delete user based events via the u: prefix. The format of the command to 19dynamic_events is the same as the ioctl with the u: prefix applied. 20 21Typically programs will register a set of events that they wish to expose to 22tools that can read trace_events (such as ftrace and perf). The registration 23process gives back two ints to the program for each event. The first int is the 24status index. This index describes which byte in the 25/sys/kernel/debug/tracing/user_events_status file represents this event. The 26second int is the write index. This index describes the data when a write() or 27writev() is called on the /sys/kernel/debug/tracing/user_events_data file. 28 29The structures referenced in this document are contained with the 30/include/uap/linux/user_events.h file in the source tree. 31 32**NOTE:** *Both user_events_status and user_events_data are under the tracefs 33filesystem and may be mounted at different paths than above.* 34 35Registering 36----------- 37Registering within a user process is done via ioctl() out to the 38/sys/kernel/debug/tracing/user_events_data file. The command to issue is 39DIAG_IOCSREG. 40 41This command takes a struct user_reg as an argument:: 42 43 struct user_reg { 44 u32 size; 45 u64 name_args; 46 u32 status_index; 47 u32 write_index; 48 }; 49 50The struct user_reg requires two inputs, the first is the size of the structure 51to ensure forward and backward compatibility. The second is the command string 52to issue for registering. Upon success two outputs are set, the status index 53and the write index. 54 55User based events show up under tracefs like any other event under the 56subsystem named "user_events". This means tools that wish to attach to the 57events need to use /sys/kernel/debug/tracing/events/user_events/[name]/enable 58or perf record -e user_events:[name] when attaching/recording. 59 60**NOTE:** *The write_index returned is only valid for the FD that was used* 61 62Command Format 63^^^^^^^^^^^^^^ 64The command string format is as follows:: 65 66 name[:FLAG1[,FLAG2...]] [Field1[;Field2...]] 67 68Supported Flags 69^^^^^^^^^^^^^^^ 70None yet 71 72Field Format 73^^^^^^^^^^^^ 74:: 75 76 type name [size] 77 78Basic types are supported (__data_loc, u32, u64, int, char, char[20], etc). 79User programs are encouraged to use clearly sized types like u32. 80 81**NOTE:** *Long is not supported since size can vary between user and kernel.* 82 83The size is only valid for types that start with a struct prefix. 84This allows user programs to describe custom structs out to tools, if required. 85 86For example, a struct in C that looks like this:: 87 88 struct mytype { 89 char data[20]; 90 }; 91 92Would be represented by the following field:: 93 94 struct mytype myname 20 95 96Deleting 97----------- 98Deleting an event from within a user process is done via ioctl() out to the 99/sys/kernel/debug/tracing/user_events_data file. The command to issue is 100DIAG_IOCSDEL. 101 102This command only requires a single string specifying the event to delete by 103its name. Delete will only succeed if there are no references left to the 104event (in both user and kernel space). User programs should use a separate file 105to request deletes than the one used for registration due to this. 106 107Status 108------ 109When tools attach/record user based events the status of the event is updated 110in realtime. This allows user programs to only incur the cost of the write() or 111writev() calls when something is actively attached to the event. 112 113User programs call mmap() on /sys/kernel/debug/tracing/user_events_status to 114check the status for each event that is registered. The byte to check in the 115file is given back after the register ioctl() via user_reg.status_index. 116Currently the size of user_events_status is a single page, however, custom 117kernel configurations can change this size to allow more user based events. In 118all cases the size of the file is a multiple of a page size. 119 120For example, if the register ioctl() gives back a status_index of 3 you would 121check byte 3 of the returned mmap data to see if anything is attached to that 122event. 123 124Administrators can easily check the status of all registered events by reading 125the user_events_status file directly via a terminal. The output is as follows:: 126 127 Byte:Name [# Comments] 128 ... 129 130 Active: ActiveCount 131 Busy: BusyCount 132 Max: MaxCount 133 134For example, on a system that has a single event the output looks like this:: 135 136 1:test 137 138 Active: 1 139 Busy: 0 140 Max: 4096 141 142If a user enables the user event via ftrace, the output would change to this:: 143 144 1:test # Used by ftrace 145 146 Active: 1 147 Busy: 1 148 Max: 4096 149 150**NOTE:** *A status index of 0 will never be returned. This allows user 151programs to have an index that can be used on error cases.* 152 153Status Bits 154^^^^^^^^^^^ 155The byte being checked will be non-zero if anything is attached. Programs can 156check specific bits in the byte to see what mechanism has been attached. 157 158The following values are defined to aid in checking what has been attached: 159 160**EVENT_STATUS_FTRACE** - Bit set if ftrace has been attached (Bit 0). 161 162**EVENT_STATUS_PERF** - Bit set if perf has been attached (Bit 1). 163 164Writing Data 165------------ 166After registering an event the same fd that was used to register can be used 167to write an entry for that event. The write_index returned must be at the start 168of the data, then the remaining data is treated as the payload of the event. 169 170For example, if write_index returned was 1 and I wanted to write out an int 171payload of the event. Then the data would have to be 8 bytes (2 ints) in size, 172with the first 4 bytes being equal to 1 and the last 4 bytes being equal to the 173value I want as the payload. 174 175In memory this would look like this:: 176 177 int index; 178 int payload; 179 180User programs might have well known structs that they wish to use to emit out 181as payloads. In those cases writev() can be used, with the first vector being 182the index and the following vector(s) being the actual event payload. 183 184For example, if I have a struct like this:: 185 186 struct payload { 187 int src; 188 int dst; 189 int flags; 190 }; 191 192It's advised for user programs to do the following:: 193 194 struct iovec io[2]; 195 struct payload e; 196 197 io[0].iov_base = &write_index; 198 io[0].iov_len = sizeof(write_index); 199 io[1].iov_base = &e; 200 io[1].iov_len = sizeof(e); 201 202 writev(fd, (const struct iovec*)io, 2); 203 204**NOTE:** *The write_index is not emitted out into the trace being recorded.* 205 206Example Code 207------------ 208See sample code in samples/user_events.