little output from './execsnoop' with do_execve()

[pyKun]

I found running execsnoop has quite different results with do_execve() and stub_execve().

There is an example in Fedora with Kernel 3.11 and stub_execve(),:
'bash -x' results: http://paste.ubuntu.com/8431228/
'cat /sys/kernel/debug/tracing/trace_pipe' http://paste.ubuntu.com/8431209/.

And Fedora with 3.16 and do_execve():
'bash -x' http://paste.ubuntu.com/8431251/
'cat /sys/kernel/debug/tracing/trace_pipe' http://paste.ubuntu.com/8431253/

We could find a process with name starts with 'neutron-openvsw...' has execsnoop_stub_execve output from 'trace_pipe' but another not. In both of tests, that process has 'sched_process_fork' output. I don't know the develop history of stub_execve and do_execve and have to guess that are there any function call format changes between those, different limitations, or something else...

[pyKun]

I found sys_execve() could be used in both 3.11 and 3.16 and I'm trying to understand the relationship with those three execve()...

[g2p]

Does #14 work for you?

[pyKun]

@g2p answer you at #14

[scotte]

Can be closed per #14?