LTTng » LTTng-modules

The current syscalls extractor in instrumentation/syscalls/lttng-syscalls-extractor is a bit tedious to use. A user needs to patch his kernel with the patch found in the same dir, build the kernel, run the kernel on his target, build a kernel module, modprobe and the finally dump the syscalls table.

It is feasible to eliminate the need to patch the kernel and build a custom kernel module. By building the kernel with CONFIG_FTRACE_SYSCALLS, the syscalls metadata are put in a ELF section named "syscalls_metadata". We can thus use already available tools such as extract-vmlinux¹ and readelf to get our syscall table.

./extract-vmlinux /boot/vmlinuz-linux > kernel && readelf -p .syscalls_metadata kernel

The remaining scripts would need to be adapted to fit with the output of readelf.

[1] - https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/plain/scripts/extract-vmlinux