Making Linux Kernel Functions Traceable with ftrace
The Linux kernel’s ftrace framework provides powerful mechanisms to dynamically trace kernel function execution. This allows for debugging, performance analysis, and gaining insights into the kernel’s internal workings. One key aspect of using ftrace is the ability to trace specific functions. This article guides you through the process of making a kernel function available to the function_graph tracer.
Understanding the Basics
Ftrace and Function Graph Tracing
Ftrace is a built-in tracing infrastructure within the Linux kernel. It enables dynamic tracing of various kernel events, including function calls, system calls, and interrupts. The function_graph tracer is a specialized ftrace variant designed to capture detailed information about function calls, including their entry and exit points, parameters, and return values. This provides a hierarchical view of function call relationships.
Kernel Function Visibility
Not all kernel functions are automatically visible to ftrace. For a function to be traced, it needs to be marked as “traceable”. This is achieved through the ftrace_entry and ftrace_exit macros. These macros instrument the function’s entry and exit points, capturing the necessary information for the function_graph tracer to process.
Making a Kernel Function Traceable
Let’s assume we have a kernel function named my_kernel_function that we want to make traceable using function_graph.
1. Include ftrace headers
#include
2. Instrument the function
static int my_kernel_function(int arg1, int arg2)
{
ftrace_entry(my_kernel_function);
// ... Function logic ...
ftrace_exit(my_kernel_function);
return 0;
}
In this example, we’ve used the ftrace_entry and ftrace_exit macros at the beginning and end of my_kernel_function, respectively.
3. Configure ftrace
To use the function_graph tracer and view the traced information, follow these steps:
- **Enable the
function_graphtracer:** You can use thetracecommand-line interface or modify the/sys/kernel/debug/tracing/current_tracerfile. - **Configure tracepoints:** To record data, you might need to specify tracepoints in
/sys/kernel/debug/tracing/events/function_graph/filter. This allows you to narrow down the tracing scope to specific functions or modules.
Example Usage
Here’s a basic example illustrating how to enable the function_graph tracer and view the trace output:
# echo function_graph > /sys/kernel/debug/tracing/current_tracer # echo 'my_kernel_function' > /sys/kernel/debug/tracing/events/function_graph/filter # echo 1 > /sys/kernel/debug/tracing/tracing_on
This will enable the function_graph tracer, filter tracing to include only my_kernel_function, and start the tracing process. You can then examine the trace output in /sys/kernel/debug/tracing/trace.
Important Considerations
- Overhead: Function tracing introduces performance overhead. Be mindful of its impact, especially when tracing frequently called functions.
- Tracing Granularity: You can choose to trace specific modules, functions, or even specific code paths within functions to control the scope of tracing.
- Kernel Version Compatibility: Ensure that your kernel version supports ftrace and the specific tracer you’re using. Refer to the Linux kernel documentation for detailed information.
Conclusion
By instrumenting kernel functions with ftrace_entry and ftrace_exit macros, you enable the function_graph tracer to capture valuable execution information. This allows for effective debugging, performance analysis, and a deeper understanding of the kernel’s behavior. Remember to use tracing wisely and be aware of the associated overhead.