Re: [PATCH 08/12] add trace events for each syscall entry/exit

From: Mathieu Desnoyers
Date: Tue Aug 25 2009 - 14:15:19 EST

* Jason Baron (jbaron@xxxxxxxxxx) wrote:
> On Tue, Aug 25, 2009 at 12:20:04PM -0400, Mathieu Desnoyers wrote:
> >
> > Uh ? kernel threads can invoke a system call. There are rare places
> > where kernel code actually invoke system calls. I don't see why we
> > should not deal with them.
> >
> > Moreover, the problem you face is more general: if we set the
> > TIF_SYSCALL_FTRACE flag of a standard thread right in the middle of its
> > system call, x86_64 will cause the syscall exit to execute by re-reading
> > the thread flags and run a syscall trace exit.
> >
> > We could simply initialize the "saved system calls id" number to
> > something like -1, so that if we happen to return from a syscall that
> > did not get its id recorded at syscall entry, we know it because it's
> > not initialized.
> >
> > We would need to carefully put back the -1 value after clearing the
> > thread flag when we stop tracing too (while still holding a mutex).
> >
> > Mathieu
> >
> why can't we have a syscall exit that is unmatched? we calculate
> the exit syscall number for the the pt_regs structure at exit, so we
> don't need to match it up with an entry to know which syscall it is.

Are we certain that it will still be on the pt_regs at system call
exit and not overwritten by the syscall return value ? For every arch ?


> thanks,
> -Jason

Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F BA06 3F25 A8FE 3BAE 9A68
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at