From nobody Mon Jan 23 01:54:31 2023 X-Original-To: freebsd-dtrace@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P0Y7Y4vGTz316hZ for ; Mon, 23 Jan 2023 01:54:33 +0000 (UTC) (envelope-from cracauer@cons.org) Received: from koef.zs64.net (koef.zs64.net [IPv6:2a00:14b0:4200:32e0::1e6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4P0Y7X5qQzz3Myx for ; Mon, 23 Jan 2023 01:54:32 +0000 (UTC) (envelope-from cracauer@cons.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of cracauer@cons.org designates 2a00:14b0:4200:32e0::1e6 as permitted sender) smtp.mailfrom=cracauer@cons.org; dmarc=none Received: from koef.zs64.net (koef.zs64.net [212.12.50.230]) by 0ons.org (8.16.1/8.15.2) with ESMTP id 30N1sVKc096136 for ; Mon, 23 Jan 2023 01:54:31 GMT (envelope-from cracauer@koef.zs64.net) Received: (from cracauer@localhost) by koef.zs64.net (8.16.1/8.15.2/Submit) id 30N1sVcl096135 for freebsd-dtrace@freebsd.org; Sun, 22 Jan 2023 20:54:31 -0500 (EST) (envelope-from cracauer) Date: Sun, 22 Jan 2023 20:54:31 -0500 From: Martin Cracauer To: freebsd-dtrace@freebsd.org Subject: DTrace - capturing two userspace strack frames on top of system call Message-ID: List-Id: A discussion list for developers working on DTrace in FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-dtrace List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-dtrace@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_SPF_ALLOW(-0.20)[+ip6:2a00:14b0:4200:32e0::1e6:c]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-dtrace@freebsd.org]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[cons.org]; ASN(0.00)[asn:13135, ipnet:2a00:14b0::/32, country:DE]; RCVD_COUNT_THREE(0.00)[3]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[cracauer]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-dtrace@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4P0Y7X5qQzz3Myx X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N I want to capture the (userland) stack trace on top of the write(2) system call. I seem to have some difficulty switching from kernel to user mode here. For every write system call I want to print the calling userlevel frames. I can't care whether they are individually printed or counted. Here is what I think should do it: syscall::write*:entry /arg1/ { @traces[ustack()] = count(); } However, I get one error each for each write call: dtrace: error on enabled probe ID 2 (ID 56902: syscall:freebsd:write:entry): invalid address (0x0) in action #2 This gives the same error: syscall::write*:entry /arg1/ { ustack(); } %% If I use system stackframes it works, but of course it doesn't print the calling frames: syscall::write*:entry /arg1/ { @traces[stack()] = count(); } dtrace: script 'stack-to-write.dtrace' matched 3 probes dtrace: buffer size lowered to 2m dtrace: aggregation size lowered to 2m dtrace: pid 11790 has exited kernel`handle_el0_sync+0x40 136 %% Is what I am trying to do even possible? Can I mix kernel and userlevel space like this? Any other ideas? I could brute-force it with LD_PRELOAD overloading of write(2), but dtrace would be more elegant. Thanks in advance Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer http://www.cons.org/cracauer/