Highest Voted 'tracepoint' Questions

4

votes

1 answer

Why are the first 8 bytes of cpumap_enqueue_ctx not accessible by bpf code?

Reading some ebpf examples which are attached to tracepoints I've noticed that every struct is build starting with a padding like this (from samples/bpf/xdp_redirect_cpu_kern.c) /* Tracepoint:…

c bpf ebpf tracepoint

asked Aug 28 '19 at 12:33

Maicake

1,046
10
34

3

votes

1 answer

How to print Java object's current value to console, instead of suspend thread while debug in the Eclipse?

Sometimes you need just to check how are some values in your application changing in time. Usually, you can use the log, but imagine that your application is on severs already and make the whole CI/CD cycle, just to add a few temporary log…

java eclipse debugging logging tracepoint

asked Dec 03 '20 at 13:07

foal

693
7
20

2

votes

1 answer

How to get bpftool to attach a program to a tracepoint?

I have the following simple eBPF program: #include "vmlinux.h" #include struct sys_enter_execve_ctx { unsigned short common_type; unsigned char common_flags; unsigned char common_preempt_count; int common_pid; int…

perf ebpf bpf tracepoint

asked Feb 26 '23 at 10:15

metaphysicalmarty

43
4

2

votes

0 answers

Using printk in tracepoint causes the system to freeze

I am learning tracepoint related knowledge of Linux, and I wrote a module, as shown below. #include #include #include #include #include #include…

c linux-kernel printk tracepoint

asked Feb 22 '21 at 19:32

noryeral

21
1

2

votes

1 answer

Listing and using custom Linux kernel tracepoints

I followed the tutorial at https://www.kernel.org/doc/Documentation/trace/tracepoints.txt to create a custom tracepoint in the kernel core (i.e. not in a loadable module). But, I don't see the tracepoint listed in the outputs of perf list or tplist…

linux linux-kernel perf bcc-bpf tracepoint

asked Sep 13 '20 at 17:47

fpkvdw

71
5

2

votes

1 answer

kprobe_events fetch-args works for x86 but not arm64

I wanted to get do_sys_open filename argument as string. For this i added kprobe following kprobetrace.txt. A simple probe which gives filename as hex works for both x86/arm64. x86: echo 'p:myprobe do_sys_open filename_string=%si' >…

linux-kernel trace perf kprobe tracepoint

asked Apr 19 '19 at 12:48

Madhur Rawat

468
1
7
18

2

votes

1 answer

Change format of syscall event trace output to ftrace

I enabled ftrace event tracing for sys_enter_openat syscall. The respective output format given at events/syscalls/sys_enter_openat/format is print fmt: "dfd: 0x%08lx, filename: 0x%08lx, flags: 0x%08lx, mode: 0x%08lx", ((unsigned long)(REC->dfd)),…

debugging linux-kernel system-calls ftrace tracepoint

asked Mar 31 '19 at 16:53

Madhur Rawat

468
1
7
18

2

votes

1 answer

Linux kernel tracepoint: Symbol undefined when connecting a probe function to tracepoint

I'm now practicing with Linux tracepoint. Basically, I'm trying to make a kernel module where a probe function is defined and connected to a tracepoint("trace_netif_receive_skb" in kernel source file dev.c) in Linux Kernel. When I compiled…

linux kernel undefined symbols tracepoint

asked Jan 16 '19 at 09:12

Terry Yu

21
1

1

vote

2 answers

eBPF vs non-eBPF tracepoint/kprobes

As per this document (amongst others): https://blogs.oracle.com/linux/post/taming-tracepoints-in-the-linux-kernel It is possible using both eBPF and other kernel-provided mechanisms to register callbacks for tracepoints or kprobes. It seems that…

linux-kernel ebpf kprobe tracepoint

asked Feb 07 '23 at 08:43

Mario

1,661
13
22

1

vote

1 answer

eBPF verifier: R1 is not a scalar

I have this eBPF code: struct sock_info { struct sockaddr addr; }; SEC("tracepoint/syscalls/sys_enter_accept4") int sys_enter_accept4(int fd, struct sockaddr *upeer_sockaddr, int *upeer_addrlen, int flags) { struct sock_info *iad =…

ebpf cilium tracepoint

asked Jan 31 '23 at 16:24

Mario

1,661
13
22

1

vote

0 answers

Why `events/syscalls/sys_enter` does not support string format as output?

I have a question about events/syscalls/sys_enter* trace point. Why does not events/syscalls/sys_enter* support string format? For example, in case of sys_enter_openat outputs the filename as hex, not string. $ cd /sys/kernel/debug/tracing $ cat…

linux-kernel system-calls trace ftrace tracepoint

asked Feb 17 '22 at 09:03

m-bat

579
4
9

1

vote

1 answer

Is there a way to increase the size of ebpf stack getting "error looks like the bpf stack limit of 512 bytes is exeeded",

Is there a way to increase the size of eBPF stack size? I am getting the Looks like the BPF stack limit of 512 bytes is exceeded. Please move large on stack variables into BPF per-cpu array map. error. Is there an eBPF helper function or command…

c linux ebpf bpf tracepoint

asked Jan 31 '22 at 08:19

user786

3,902
4
40
72

1

vote

1 answer

Where is the kernel symbol __tracepoint_module_load defined?

Where is the kernel symbol __tracepoint_module_load defined? I saw it once in /proc/kallsyms, but now I can't find it. bootlin.com/linux/ cannot find it, either.

c linux-kernel trace tracepoint

asked Dec 10 '19 at 04:50

George Robinson

1,500
9
21

0

votes

1 answer

Unable to read eBPF function argument correctly

I have a eBPF function that is attached to the page_fault_user tracepoint. struct trace_event_raw_x86_exceptions { struct trace_entry ent; long unsigned int address; long unsigned int ip; long unsigned int error_code; char…

exception kernel ebpf page-fault tracepoint

asked Jul 31 '23 at 12:27

WU ZHENWEI

36
4

0

votes

1 answer

tracepoint/syscalls/sys_enter_execve missing args

I use cilium-ebpf to write some simple monitoring programs. Currently I want to use tracepoint/syscalls/sys_enter_execve to get argv. but I am having problems with missing arguments. The following is an example of code that can be…

c ebpf kprobe cilium tracepoint

asked Jun 09 '23 at 08:15

HIHIA

1

Questions tagged [tracepoint]