ldorau/test_kprobes.sh

## test_kprobes.sh
#!/bin/bash

# syscalls to be traced
SYSCALLS="futex poll epoll_wait select fork vfork clone exit execve mmap open close write read"

function print_with_spaces {
	local MAX=$1
	local STR=$2
	local L=$(($MAX - $(echo $STR | wc -c)))
	echo -n "$STR"
	printf ' %.0s' $(seq -s' ' $L)
}

# time of tracing in seconds
TIME=$1
if [ "$TIME" == "" ]; then
	echo "Usage: $(basename $0) <tracing-time[sec]>"
	echo
	echo "Will trace following syscalls: $SYSCALLS"
	exit 1
fi

SUDO="sudo /bin/sh -c"

# turn tracing off
$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"

echo "Disabling all current probes ..."
for probe in $(cat /sys/kernel/debug/tracing/kprobe_events | cut -d'/' -f2 | cut -d' ' -f1); do
	$SUDO "echo 0 > /sys/kernel/debug/tracing/events/kprobes/$probe/enable"
done

echo "Removing old probe points ..."
$SUDO "echo > /sys/kernel/debug/tracing/kprobe_events"

echo "Adding new probe points ..."
for probe in $SYSCALLS; do
	$SUDO "echo \"r:r_$probe sys_$probe $retval\" >> /sys/kernel/debug/tracing/kprobe_events"
	$SUDO "echo \"p:p_$probe sys_$probe\"         >> /sys/kernel/debug/tracing/kprobe_events"
done

echo "Enabling new probe points ..."
for probe in $SYSCALLS; do
	$SUDO "echo 1 > /sys/kernel/debug/tracing/events/kprobes/r_$probe/enable"
	$SUDO "echo 1 > /sys/kernel/debug/tracing/events/kprobes/p_$probe/enable"
done

echo "Clearing old trace log ..."
$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"
$SUDO "echo   > /sys/kernel/debug/tracing/trace"

echo
echo "Will trace using following kprobe_events:"
$SUDO "cat /sys/kernel/debug/tracing/kprobe_events"
echo

echo -n "Tracing for $TIME seconds ... "
$SUDO "echo 1 > /sys/kernel/debug/tracing/tracing_on"
sleep $TIME
$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"
echo "done"

echo -n "Saving trace log ... "
TRACE=$(mktemp)
$SUDO "cat /sys/kernel/debug/tracing/trace > $TRACE"
echo "done"
echo

echo "Results ($TIME sec):"
for probe in $SYSCALLS; do
	P=$(grep "p_${probe}" $TRACE | wc -l)
	R=$(grep "r_${probe}" $TRACE | wc -l)
	print_with_spaces 14 "$probe:"
	print_with_spaces 12  "p $P"
	print_with_spaces 12  "r $R"
	[ $R -ge $P ] && echo "(OK)" && continue
	echo "($((100*($P-$R)/$P))% did not return ($(($P-$R))))"
done

rm -f $TRACE
	#!/bin/bash

	# syscalls to be traced
	SYSCALLS="futex poll epoll_wait select fork vfork clone exit execve mmap open close write read"

	function print_with_spaces {
	local MAX=$1
	local STR=$2
	local L=$(($MAX - $(echo $STR \| wc -c)))
	echo -n "$STR"
	printf ' %.0s' $(seq -s' ' $L)
	}

	# time of tracing in seconds
	TIME=$1
	if [ "$TIME" == "" ]; then
	echo "Usage: $(basename $0) <tracing-time[sec]>"
	echo
	echo "Will trace following syscalls: $SYSCALLS"
	exit 1
	fi

	SUDO="sudo /bin/sh -c"

	# turn tracing off
	$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"

	echo "Disabling all current probes ..."
	for probe in $(cat /sys/kernel/debug/tracing/kprobe_events \| cut -d'/' -f2 \| cut -d' ' -f1); do
	$SUDO "echo 0 > /sys/kernel/debug/tracing/events/kprobes/$probe/enable"
	done

	echo "Removing old probe points ..."
	$SUDO "echo > /sys/kernel/debug/tracing/kprobe_events"

	echo "Adding new probe points ..."
	for probe in $SYSCALLS; do
	$SUDO "echo \"r:r_$probe sys_$probe $retval\" >> /sys/kernel/debug/tracing/kprobe_events"
	$SUDO "echo \"p:p_$probe sys_$probe\" >> /sys/kernel/debug/tracing/kprobe_events"
	done

	echo "Enabling new probe points ..."
	for probe in $SYSCALLS; do
	$SUDO "echo 1 > /sys/kernel/debug/tracing/events/kprobes/r_$probe/enable"
	$SUDO "echo 1 > /sys/kernel/debug/tracing/events/kprobes/p_$probe/enable"
	done

	echo "Clearing old trace log ..."
	$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"
	$SUDO "echo > /sys/kernel/debug/tracing/trace"

	echo
	echo "Will trace using following kprobe_events:"
	$SUDO "cat /sys/kernel/debug/tracing/kprobe_events"
	echo

	echo -n "Tracing for $TIME seconds ... "
	$SUDO "echo 1 > /sys/kernel/debug/tracing/tracing_on"
	sleep $TIME
	$SUDO "echo 0 > /sys/kernel/debug/tracing/tracing_on"
	echo "done"

	echo -n "Saving trace log ... "
	TRACE=$(mktemp)
	$SUDO "cat /sys/kernel/debug/tracing/trace > $TRACE"
	echo "done"
	echo

	echo "Results ($TIME sec):"
	for probe in $SYSCALLS; do
	P=$(grep "p_${probe}" $TRACE \| wc -l)
	R=$(grep "r_${probe}" $TRACE \| wc -l)
	print_with_spaces 14 "$probe:"
	print_with_spaces 12 "p $P"
	print_with_spaces 12 "r $R"
	[ $R -ge $P ] && echo "(OK)" && continue
	echo "($((100*($P-$R)/$P))% did not return ($(($P-$R))))"
	done

	rm -f $TRACE