Date: Sun, 22 Jan 2023 20:54:31 -0500 From: Martin Cracauer <cracauer@cons.org> To: freebsd-dtrace@freebsd.org Subject: DTrace - capturing two userspace strack frames on top of system call Message-ID: <Y83o15sbizWURbsr@cons.org>
next in thread | raw e-mail | index | archive | help
I want to capture the (userland) stack trace on top of the write(2)
system call. I seem to have some difficulty switching from kernel to
user mode here. For every write system call I want to print the
calling userlevel frames. I can't care whether they are individually
printed or counted.
Here is what I think should do it:
syscall::write*:entry /arg1/ { @traces[ustack()] = count(); }
However, I get one error each for each write call:
dtrace: error on enabled probe ID 2 (ID 56902:
syscall:freebsd:write:entry): invalid address (0x0) in action #2
This gives the same error:
syscall::write*:entry /arg1/ { ustack(); }
%%
If I use system stackframes it works, but of course it doesn't print
the calling frames:
syscall::write*:entry /arg1/ { @traces[stack()] = count(); }
dtrace: script 'stack-to-write.dtrace' matched 3 probes
dtrace: buffer size lowered to 2m
dtrace: aggregation size lowered to 2m
dtrace: pid 11790 has exited
kernel`handle_el0_sync+0x40
136
%%
Is what I am trying to do even possible? Can I mix kernel and
userlevel space like this?
Any other ideas? I could brute-force it with LD_PRELOAD overloading
of write(2), but dtrace would be more elegant.
Thanks in advance
Martin
--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Y83o15sbizWURbsr>