| 1 | LTTng system call tracing |
| 2 | |
| 3 | 1) lttng-syscall-extractor |
| 4 | |
| 5 | You need to build a kernel with CONFIG_FTRACE_SYSCALLS=y and |
| 6 | CONFIG_KALLSYMS_ALL=y for extraction. Apply the linker patch to get your |
| 7 | kernel to keep the system call metadata after boot. Then build and load |
| 8 | the LTTng syscall extractor module. The module will fail to load (this |
| 9 | is expected). See the dmesg output for system call metadata. |
| 10 | |
| 11 | 2) Generate system call TRACE_EVENT(). |
| 12 | |
| 13 | Take the dmesg data and feed it to lttng-syscalls-generate-headers.sh from the |
| 14 | tools/syscalls directory. See the script header for usage example. It should be |
| 15 | run for both the integers and pointers types. |
| 16 | |
| 17 | After these are created, you just need to follow the new system call additions, |
| 18 | no need to regenerate the whole thing, since system calls are only appended to. |
| 19 | |
| 20 | 3) Override headers |
| 21 | |
| 22 | You need to provide override headers (even if they don't contain |
| 23 | overrides) for each architecture. Those are meant to contain manual |
| 24 | overrides for specific system calls for cases where the script do not |
| 25 | generate the correct typing for specific system calls. |
| 26 | |
| 27 | 4) Integrating the new architecture, updating architecture header |
| 28 | |
| 29 | Edit instrumentation/syscalls/syscalls_integers.h and |
| 30 | instrumentation/syscalls/syscalls_pointers.h. Add the new architecture (e.g. |
| 31 | CONFIG_X86_64) to the newly-generated headers (e.g. changing the current |
| 32 | x86-64-syscalls_<CLASS>.h into x86-64-syscalls_<CLASS>.h), then rebuild |
| 33 | lttng-modules. |