xref: /freebsd/usr.bin/ktrace/ktrace.1 (revision 357378bbdedf24ce2b90e9bd831af4a9db3ec70a)
1.\" Copyright (c) 1990, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd June 10, 2024
29.Dt KTRACE 1
30.Os
31.Sh NAME
32.Nm ktrace
33.Nd enable kernel process tracing
34.Sh SYNOPSIS
35.Nm
36.Op Fl aCcdi
37.Op Fl f Ar trfile
38.Op Fl g Ar pgrp | Fl p Ar pid
39.Op Fl t Ar trstr
40.Nm
41.Op Fl adi
42.Op Fl f Ar trfile
43.Op Fl t Ar trstr
44.Ar command
45.Sh DESCRIPTION
46The
47.Nm
48utility enables kernel trace logging for the specified processes.
49Kernel trace data is logged to the file
50.Pa ktrace.out .
51The kernel operations that are traced include system calls
52.Pq see Xr intro 2 ,
53file system path lookups
54.Pq Xr namei 9 ,
55signal processing
56.Pq Xr sigaction 2 ,
57and
58.Tn I/O .
59.Pp
60Once tracing is enabled on a process, trace data will be logged until
61either the process exits or the trace point is cleared.
62A traced process can generate enormous amounts of log data quickly;
63It is strongly suggested that users memorize how to disable tracing before
64attempting to trace a process.
65The following command is sufficient to disable tracing on all user-owned
66processes, and, if executed by root, all processes:
67.Pp
68.Dl \&$ ktrace -C
69.Pp
70The trace file is not human readable; use
71.Xr kdump 1
72to decode it.
73.Pp
74The utility may be used only with a kernel that has been built with the
75.Dq KTRACE
76option in the kernel configuration file.
77.Pp
78The options are:
79.Bl -tag -width indent
80.It Fl a
81Append to the trace file instead of recreating it.
82.It Fl C
83Disable tracing on all user-owned processes, and, if executed by root, all
84processes in the system.
85.It Fl c
86Clear the specified trace points associated with the given file or processes.
87.It Fl d
88Descendants; perform the operation for all current children of the
89designated processes.
90See also the
91.Fl i
92option.
93.It Fl f Ar trfile
94Log trace records to
95.Ar trfile
96instead of
97.Pa ktrace.out .
98.It Fl g Ar pgid
99Enable (disable) tracing on all processes in the process group (only one
100.Fl g
101flag is permitted).
102.It Fl i
103Inherit; pass the trace flags to all future children of the designated
104processes.
105See also the
106.Fl d
107option.
108.It Fl p Ar pid
109Enable (disable) tracing on the indicated process id (only one
110.Fl p
111flag is permitted).
112.It Fl t Ar trstr
113Specify the list of trace points to enable or disable, one per letter.
114If an explicit list is not specified, the default set of trace points is used.
115.Pp
116The following trace points are supported:
117.Pp
118.Bl -tag -width flag -compact
119.It Cm c
120trace system calls
121.It Cm f
122trace page faults
123.It Cm i
124trace
125.Tn I/O
126.It Cm n
127trace
128.Xr namei 9
129translations
130.It Cm p
131trace capability check failures
132.It Cm s
133trace signal processing
134.It Cm t
135trace various structures
136.It Cm u
137userland traces generated by
138.Xr utrace 2
139.It Cm w
140context switches
141.It Cm y
142trace
143.Xr sysctl 3
144requests
145.It Cm +
146trace the default set of trace points -
147.Cm c , i , n , s , t , u , y
148.El
149.It Ar command
150Execute
151.Ar command
152with the specified trace flags.
153.El
154.Pp
155The
156.Fl p ,
157.Fl g ,
158and
159.Ar command
160options are mutually exclusive.
161.Sh CAPABILITY VIOLATION TRACING
162When the
163.Cm p
164trace point is specified,
165.Nm
166will record
167.Xr capsicum 4
168capability mode violations made by the traced process.
169Violations will be logged regardless of whether the process has actually
170entered capability mode.
171.Pp
172For developers that are interested in Capsicumizing their programs, the
173.Cm c , n , p
174trace points can help quickly identify any system calls and path lookups that
175are triggering violations.
176.Sh EXAMPLES
177Run "make", then trace it and any child processes:
178.Dl $ ktrace -i make
179.Pp
180Trace all kernel operations of process id 34:
181.Dl $ ktrace -p 34
182.Pp
183Trace all kernel operations of processes in process group 15 and
184pass the trace flags to all current and future children:
185.Dl $ ktrace -idg 15
186.Pp
187Disable all tracing of process 65:
188.Dl $ ktrace -cp 65
189.Pp
190Disable tracing signals on process 70 and all current children:
191.Dl $ ktrace -t s -cdp 70
192.Pp
193Enable tracing of
194.Tn I/O
195on process 67:
196.Dl $ ktrace -ti -p 67
197.Pp
198Disable all tracing to the file "tracedata":
199.Dl $ ktrace -c -f tracedata
200.Pp
201Disable tracing of all user-owned processes:
202.Dl $ ktrace -C
203.Sh SEE ALSO
204.Xr dtrace 1 ,
205.Xr kdump 1 ,
206.Xr truss 1 ,
207.Xr intro 2 ,
208.Xr ktrace 2 ,
209.Xr sigaction 2 ,
210.Xr utrace 2 ,
211.Xr capsicum 4 ,
212.Xr namei 9
213.Sh HISTORY
214The
215.Nm
216command appeared in
217.Bx 4.4 .
218.Sh BUGS
219Only works if
220.Ar trfile
221is a regular file.
222