ftrace: trace kernel function calls

hacker_compFor those who have used strace for userspace development ftrace would be a familiar concept. ftrace is an internal tracing facility for the Linux kernel developed by Red Hat. It internally uses the kernel’s tracepoint mechanism and can track several characteristics of the running kernel. However, in this article we will concentrate on enabling it to trace the commonest one – function calls in the Linux kernel.

Setup

ftrace uses debugfs and if it’s not enabled you need to enable debugfs first. Ubuntu users are lucky to have everything ready out of the box. If your distro doesn’t have it enabled find the steps below:

  1. You must enable debugfs in the kernel. Set the following in your .config file:
    CONFIG_KPROBES_ON_FTRACE=y
    CONFIG_HAVE_DYNAMIC_FTRACE=y
  2. Once your kernel is up and running, add the following in your /etc/fstab:
     debugfs       /sys/kernel/debug          debugfs defaults        0       0

    OR, dynamically mount at runtime:

    # mount -t debugfs nodev /sys/kernel/debug
  3. All tracing related files would now be under /sys/kernel/debug/tracing.

Usage

There are several files under the directory. Let’s explore some of them.

Check which tracers are available:

# cat available_tracers 
blk mmiotrace function_graph wakeup_dl wakeup_rt wakeup function nop

Check the current tracer:

# cat current_tracer 
nop

Enable function tracing:

# echo function > current_tracer

Check if tracing is on already:

# cat tracing_on
1

In case it’s off, turn it on:

# echo 1 > tracing_on

Run through the kernel function calls:

# cat trace

Leave a Reply

Your email address will not be published. Required fields are marked *