Kprobes: Difference between revisions

No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[[File:Osseu-commonality.png|thumb|right|Linux tracing systems]]
Kprobes use the breakpoint mechanism to dynamically instrument Linux kernel code. Two types exist: <i>kprobes</i> can be attached to all but a few blacklisted instruction ranges in a running kernel, while <i>kretprobes</i> are attached to a function and run when it returns. This instrumentation can be packaged as a kernel module (using the <tt>register_probe</tt> and <tt>unregister_probe</tt> kernel API, as done by SystemTap), manipulated via debugfs (as done by ftrace), configured using the [[perf]] tool, or implemented as a <tt>BPF_PROG_TYPE_KPROBE</tt>-type [[eBPF]] program.
Kprobes use the breakpoint mechanism to dynamically instrument Linux kernel code. Two types exist: <i>kprobes</i> can be attached to all but a few blacklisted instruction ranges in a running kernel, while <i>kretprobes</i> are attached to a function and run when it returns. This instrumentation can be packaged as a kernel module (using the <tt>register_probe</tt> and <tt>unregister_probe</tt> kernel API, as done by SystemTap), manipulated via debugfs (as done by ftrace), configured using the [[perf]] tool, or implemented as a <tt>BPF_PROG_TYPE_KPROBE</tt>-type [[eBPF]] program.


Line 84: Line 86:
==Further reading==
==Further reading==
* LWN's [https://lwn.net/Articles/132196/ Introduction to Kprobes], 2005-04-18
* LWN's [https://lwn.net/Articles/132196/ Introduction to Kprobes], 2005-04-18
==See also==
* [[perf]]
* [[eBPF]]