Bug #658
closedKernel event name shadowing can break syscall tracing
0%
Description
The kernel domain currently operates under the restriction that an event (as identified by its name alone) can only be assigned once. This can lead to event name shadowing: if you use a known kernel tracepoint name (such as sched_switch, for example) to label a kernel event of a different type (--probe or --function), you will not be able to enable or disable the kernel tracepoint, nor will you be able to assign it to any channel, even with the --all option. Fair enough.
The situation is considerably worse with the system call names, however: if you use any system call name (e.g. sys_open, sys_sched_yield, etc.), including the LTTng-reserved names sys_unknown and exit_syscall for a --probe or --function event, you will no longer be able to enable system call tracing for that session, for any channel ('lttng enable-event -k --syscall --all' will yield the “Events: Enable kernel event failed” error message). (Interestingly, sys_enter is okay to use)
Aside: The reverse is not as bad. If you enable system calls, you can no longer use any system call name for --probe or --function events. The only thing bad about this is the rather uninformative error message (“Events: Enable kernel event failed” again).
I'm not sure how this 'bug' should be dealt with. Clearly, checking the user's proposed name against the existing system call names (nearly 300 of them) would be too expensive an operation. A cheap fix would be to ban the --probe or --function events from using names matching either exit_syscall or sys_*.
Using the lttng 2.3.0 suite.