How Can I Count malloc in linux kernel with kprobe

2019-06-04 08:12发布

问题:

I want to count the malloc system call with Kprobe in fedora. I know that malloc is not a system call and is implemented in user space, but I want to count malloc with kprobe if its possible.

What is the name of system call that I must give to Kprobe? For example for do_work:

kp.addr = (kprobe_opcode_t *) kallsyms_lookup_name("do_fork");

回答1:

This is not possible with kprobes because, as you said, malloc is not a system call.

You can, however, use USDTs to trace userspace processes. The bcc tools contain an example with uobjnew. It traces object allocations in the given process:

$ ./uobjnew -h
usage: uobjnew.py [-h] [-l {java,ruby,c}] [-C TOP_COUNT] [-S TOP_SIZE] [-v]
                  pid [interval]

Summarize object allocations in high-level languages.

positional arguments:
  pid                   process id to attach to
  interval              print every specified number of seconds

optional arguments:
  -h, --help            show this help message and exit
  -l {java,ruby,c}, --language {java,ruby,c}
                        language to trace
  -C TOP_COUNT, --top-count TOP_COUNT
                        number of most frequently allocated types to print
  -S TOP_SIZE, --top-size TOP_SIZE
                        number of largest types by allocated bytes to print
  -v, --verbose         verbose mode: print the BPF program (for debugging
                        purposes)

examples:
    ./uobjnew -l java 145         # summarize Java allocations in process 145
    ./uobjnew -l c 2020 1         # grab malloc() sizes and print every second
    ./uobjnew -l ruby 6712 -C 10  # top 10 Ruby types by number of allocations
    ./uobjnew -l ruby 6712 -S 10 # top 10 Ruby types by total size