I am wanting to monitor what processes perform IO on a couple of files. Unfortunately there appears to be a big lack of ability to do this under Linux.
There’s inotify which I can use to watch the files and see when IN_OPEN and IN_ACCESS (read) events occur, but inotify doesn’t tell me who (PID) did them.
There’s debugfs which I can use to monitor the open operations (do_sys_open) but not the read events, so I can see who opens it, but not how often or how much they read.
Is there any way to join this all up, and get the info I want, or is Linux not currently capable of that level of tracing?
Update: SystemTap was a nice idea, but it needs a custom kernel. I need this to work on “stock” kernels ideally.