Currently, I am trying to trace Logical Block Address (LBA) access per process. I am aware of biosnoop.py that probes "blk_start_request". With the program I try to intercept I only get to see kworkers.
Two ideas to resolve this problem:
- Find out what process the kworker has its current task from. This seems rather complicated to do in ebpf (if possible at all).
- Probe another function in the kernel where the LBA can be intercepted or obtained in any way. I tried looking around in the virtual file system but did not find anything useful. Any recommendations?
