Created attachment 469284 [details] fork.stp Description of problem: Tried to create an `strace -f' systemtap variant but I cannot. Version-Release number of selected component (if applicable): systemtap-1.3-3.fc13.x86_64 kernel-2.6.35.6-48.fc14.x86_64 How reproducible: Always. Steps to Reproduce: gcc -o /tmp/fork /tmp/fork.c -Wall -g stap /tmp/fork.stp -c /tmp/fork Actual results: <nothing> Expected results: NEVER HIT Additional info:
Component typo, sorry.
Created attachment 469285 [details] fork.c
Process forking at the kernel level doesn't have the same dual-return semantics that the userspace sees. However, all newly-forked threads go through schedule_tail on their way back to userspace, so that may be a better probe for you. There's even a "kprocess.start" probepoint already defined in the tapsets for this purpose. Also be aware that our syscall.fork is on the kernel's do_fork function, which covers vfork and clone too. So if you only want new processes, and not threads, you may need to do some filtering on the flags.
Thanks, it really works. Not sure if systemtap should not emulate the userland visible behavior but the functionality is there.