I want to count the malloc system call with Kprobe in fedora.
I know that malloc is not a system call and is implemented in user space, but I want to count malloc with kprobe if its possible.
What is the name of system call that I must give to Kprobe? For example for do_work:
kp.addr = (kprobe_opcode_t *) kallsyms_lookup_name("do_fork");
This is not possible with kprobes because, as you said, malloc is not a system call.
You can, however, use USDTs to trace userspace processes. The bcc tools contain an example with uobjnew. It traces object allocations in the given process:
$ ./uobjnew -h
usage: uobjnew.py [-h] [-l {java,ruby,c}] [-C TOP_COUNT] [-S TOP_SIZE] [-v]
pid [interval]
Summarize object allocations in high-level languages.
positional arguments:
pid process id to attach to
interval print every specified number of seconds
optional arguments:
-h, --help show this help message and exit
-l {java,ruby,c}, --language {java,ruby,c}
language to trace
-C TOP_COUNT, --top-count TOP_COUNT
number of most frequently allocated types to print
-S TOP_SIZE, --top-size TOP_SIZE
number of largest types by allocated bytes to print
-v, --verbose verbose mode: print the BPF program (for debugging
purposes)
examples:
./uobjnew -l java 145 # summarize Java allocations in process 145
./uobjnew -l c 2020 1 # grab malloc() sizes and print every second
./uobjnew -l ruby 6712 -C 10 # top 10 Ruby types by number of allocations
./uobjnew -l ruby 6712 -S 10 # top 10 Ruby types by total size