1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
/*
* Linux DTrace
* Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
* Licensed under the Universal Permissive License v 1.0 as shown at
* http://oss.oracle.com/licenses/upl.
*/
#!/usr/sbin/dtrace -qs
/*
* SYNOPSIS
* sudo ./150provider_fbt.d
*
* DESCRIPTION
* Function boundary tracing (fbt) can be used to trace the
* beginning and end of just about any function in the kernel.
* As such, it is very powerful.
*
* That said, there are some challenges:
*
* - One must know the kernel fairly well. There may
* be tens of thousands of functions available to trace.
*
* - Functions that can be traced will vary from one
* kernel build to another. For example, a function
* might be inlined in a kernel build, making that
* function not traceable in that build.
*
* Also, there are both:
*
* - an fbt provider, which supports typed probe arguments
* (seen with "dtrace -lvP fbt")
*
* - a rawfbt provider, whose probe arguments are not typed
* nor specially ordered; traceable functions include
* compiler-generated optimized variants of functions,
* named <func>.<suffix>.
*/
/* probe on entry to kernel function ksys_write() */
fbt::ksys_write:entry
{
printf("write %d bytes to fd %d\n", args[2], args[0]);
}
/* do the same thing with a rawfbt probe, so the args are not typed */
rawfbt::ksys_write:entry
{
printf("write %d bytes to fd %d\n", arg2, arg0);
}
fbt::ksys_write:return
{
exit(0);
}
|
