forked from taskset/kernel_debug_notes
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfind_who_frequently_settime
More file actions
28 lines (21 loc) · 1.13 KB
/
find_who_frequently_settime
File metadata and controls
28 lines (21 loc) · 1.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
问题:
message中Mar 29 17:35:54 localhost systemd: Time has been changed打印非常非常频繁
怎么找到是哪个进程在调用?
方法:
1,autitctl监控:
auditctl -a exit,always -S adjtimex -b64 -k XXX_adj
auditctl -a exit,always -S settimeofday -b64 -k XXX_set
---》没有效果。
考虑到是系统调用没有监控全,使用ftrace:
2,ftrace监控:
cd /sys/kernel/debug/tracing/events/syscalls
[root@localhost syscalls]# echo 1 > sys_enter_adjtimex/enable
[root@localhost syscalls]# echo 1 > sys_enter_clock_settime/enable
[root@localhost syscalls]# echo 1 > sys_enter_clock_adjtime/enable
[root@localhost syscalls]# echo 1 > sys_enter_settimeofday/enable
cd /sys/kernel/debug/tracing/
# watch -n 1 cat trace
ClockSynTaskEnt-15461 [005] .... 33864.664181: sys_clock_settime(which_clock: 0, tp: 7f12a1a72ae0)
ClockSynTaskEnt-15461 [005] .... 33884.671568: sys_clock_settime(which_clock: 0, tp: 7f12a1a72ae0)
ClockSynTaskEnt-15461 [005] .... 33904.679034: sys_clock_settime(which_clock: 0, tp: 7f12a1a72ae0)
---》观察到是 ClockSynTaskEnt-15461 进程在频繁调用sys_clock_settime 更改时间。