Highest Voted 'kprobe' Questions

9

votes

1 answer

Are tracepoints redundant in Linux kernel after kprobes support for ftrace?

What are the use-cases for using tracepoint events when kprobe events support for ftrace is available in Linux kernel? It seems everything that is possible to be done using 'tracepoint events' is possible using kprobe events, since one can set up a…

linux-kernel ftrace kprobe

asked Aug 10 '17 at 15:50

gabhijit

3,345
2
23
36

4

votes

0 answers

Is kprobe available for all functions excluding those in /sys/kernel/debug/kprobes/blacklist?

I am using kprobe command to trace some kernel functions. The command I use is: kprobe "p:balance_pgdat" But getting following errors: ERROR: func balance_pgdat not in /sys/kernel/debug/tracing/available_filter_functions. Either it doesn't exist,…

linux kernel trace kprobe

asked Aug 21 '17 at 16:08

Chen Wei

392
2
12

4

votes

1 answer

Why does the kretprobe of the _do_fork() only return once?

When I write a small script with fork, the syscall returns twice processes (once per process): #include #include int main(int argc, char *argv[]) { int pid = fork(); if (pid == 0) { // child } else if (pid…

c linux kernel systemtap kprobe

asked Apr 07 '17 at 12:04

Georg Schölly

124,188
49
220
267

4

votes

1 answer

What is the role of undefined exception handler (__und_svc) in kprobes?

I tried to convert the kprobe as loadable kernel module. I am able to run the samples available in samples/kprobes/ folder from kernel tree. If we configure kprobes in kernel(CONFIG_KPROBES), then svc_entry macro will be expanded with 64 bytes in…

linux-kernel arm armv7 systemtap kprobe

asked Dec 13 '13 at 06:00

Jeyaram

9,158
7
41
63

3

votes

0 answers

Syscall argument in kprobe with wrong value libbpf

I'm trying to use libbpf to trace calls to the kill syscall. Here is my eBPF program: SEC("kprobe/__x64_sys_kill") int BPF_KPROBE(__x64_sys_kill, pid_t pid, int sig) { bpf_printk("Pid = %i\n", pid); return 0; } But for some reason, when I…

linux linux-kernel ebpf kprobe

asked Aug 06 '21 at 00:04

Skallwar

73
2
5

3

votes

1 answer

ebpf: intercepting function calls

I am reading about kprobes BPF program type, and am wondering if it is possible to not just intercept a function call for tracing purposes or collect some low-level information (registers, stack etc.), but substitute a call and execute instead of…

linux-kernel system-calls bpf kprobe ebpf

asked Mar 16 '18 at 11:15

Mark

6,052
8
61
129

3

votes

1 answer

Why do kprobes disable preemption and when is it safe to reenable it?

According to the docs, kprobes disable preemption: Probe handlers are run with preemption disabled. Depending on the architecture and optimization state, handlers may also run with interrupts disabled (e.g., kretprobe handlers and optimized…

linux kernel preemption kprobe

asked Feb 02 '18 at 15:30

Georg Schölly

124,188
49
220
267

3

votes

2 answers

Removing stack dependency from Assembly Code

Im trying to remove the stack dependency from the following code. void myfunction(struct kprobe *p, struct pt_regs *regs) { register void *rregs asm("r1") = regs; register void *rfn asm("lr") = p->ainsn.insn_fn; __asm__…

c assembly arm inline-assembly kprobe

asked Nov 27 '13 at 08:42

Jeyaram

9,158
7
41
63

3

votes

1 answer

Kernel probe not inserted for system_call function

I can use kprobe mechanism to attach handlers using following example code: #include #include #include #include #include #include #include…

linux linux-kernel kprobe

asked Nov 18 '13 at 09:49

Nykakin

8,657
2
29
42

3

votes

0 answers

instert kprobes at each system call

how a kernel probe can be inserted at each system call point? I need to track all syscalls made by a program.I managed to instrument some routines, but not the actual syscall. thaks

linux linux-kernel linux-device-driver kprobe

asked Apr 04 '13 at 21:03

Giuseppe Pes

7,772
3
52
90

3

votes

1 answer

Getting args from kprobe not finding regs->rdi x86_64

I'm writing a kernel module under Scientific Linux 6.3 x86_64 and I'm looking to use kprobes. In this module, I need access to the first argument of a function on return, so jprobes are out. I found this very helpful post: Getting function arguments…

linux kernel kprobe

asked Jan 08 '13 at 18:24

zje

3,824
4
25
31

2

votes

1 answer

Kprobe BPF programs execution order

Is there a reliable way to explicitly specify BPF kprobe programs execution order (without kretprobes). For example, when I name programs like kprobe___1 and kprobe___2 I get an execution order like kprobe___2 -> kprobe___1,…

linux linux-kernel ebpf bpf kprobe

asked Apr 13 '23 at 12:02

Tim

25
2

2

votes

0 answers

Linux KProbe in Raspberry PI

I am trying to use kprobes on Raspberry pi and and trying to store get the file struct from in the post handler of k_probe using the register struct pt_regs. I can't seem to figure out what register to fetch it from. In x86 it's ax so using below…

linux linux-kernel driver raspberry-pi4 kprobe

asked Mar 11 '22 at 23:44

peterbrown

23
5

2

votes

1 answer

which kprobe hooks can I attach eBPF programs to?

I am learning about eBPF and I understand that I can attach my eBPF programs to kprobes, uprobes, tracepoints and more. I see that there is a list of for tracepoints under /sys/kernel/debug/tracing/events/ where I can attach eBPF programs to.…

ebpf kprobe

asked May 30 '21 at 22:37

user3267989

299
3
18

2

votes

0 answers

How does Linux uprobe handle breakpoint?

From what I understand, on x86, uprobe places an int3 instruction at the user specified location, and handles that exception when it is hit, somewhat similar to kprobe in that regard. What I do not understand, it how the do_int3() execption handler…

c exception linux-kernel trace kprobe

asked Jul 14 '20 at 01:46

QnA

1,035
10
25

Questions tagged [kprobe]