How to know the code flow of a driver module?

When I want to do this, I use the ftrace framework. Start by mounting the special file system:

mount -t tracefs nodev /sys/kernel/tracing

(as root; you should become root for all this, you’ll be doing everything as root anyway, and it’s easier to have a root shell than to use sudo).

Then change to that directory:

cd /sys/kernel/tracing

It contains a basic README which provides a short summary. To explore function calls, I use the function graph tracer, function_graph in available_tracers. Identify the functions you’re interested in, for example ath9k_htc_tx, and set them up

echo ath9k_htc_tx > set_graph_function

You can append other functions, make sure to use >> after the first function. You can see the configured functions with

cat set_graph_function

When you write to set_graph_function, the function is checked against the running kernel; if the function can’t be found, the write will fail, so you’ll know straight away if you’ll end up not tracing anything.

Once the functions are set up, enable the tracer:

echo function_graph > current_tracer

then watch the trace file. To disable the tracer again,

echo nop > current_tracer

or flip tracing_on by writing 0 or 1 to it (0 to disable tracing, 1 to re-enable it).