Highest Voted 'kprobe' Questions

2

votes

1 answer

eBPF tools - skb_network_header crashes in a BPF Kernel trace function

I am looking to trace ip_forward_finish. The intent is to trace latency of all TCP connections going through a linux based gateway router. Hence thought of tracing ip_forward_finish kernel function. And capture the time-stamp of SYN, SYN-ACK and…

ebpf kprobe

asked May 07 '20 at 01:43

Vignesh

21
1

2

votes

1 answer

How I can include the /kernel/sched/* into a BPF program?

I am trying to make a custom bpf program with bpftrace in Linux, according to the book BPF Performance Tools. I tried to include some files from the path linux/kernel/sched/sched.h. How can I include them? (not only the /include folder but also from…

linux linux-kernel bpf ebpf kprobe

asked Apr 12 '20 at 11:49

Panagiotis Papoulidis

21
3

2

votes

1 answer

sys/kernel/debug/krpobes/list empty

I'm trying to attach to a kprobe event for purposes of tooling, but I'm not too familiar with kprobe events. I've read that the list of registered kprobes are available in /sys/kernel/debug/kprobes/list however sudo less…

kernel trace kprobe

asked Mar 31 '20 at 19:19

byrnesj1

189
1
14

2

votes

0 answers

Can we trace all the Linux kernel functions using kprobes

I read the below regarding kprobes: Kprobes allows you to install pre-handlers and post-handlers for any kernel instruction as well as for function-entry and function-return handlers I am trying to register a kprobe for '_do_sys_open'…

c debugging linux-kernel trace kprobe

asked Jan 23 '20 at 03:40

md.jamal

4,067
8
45
108

2

votes

1 answer

kprobe_events fetch-args works for x86 but not arm64

I wanted to get do_sys_open filename argument as string. For this i added kprobe following kprobetrace.txt. A simple probe which gives filename as hex works for both x86/arm64. x86: echo 'p:myprobe do_sys_open filename_string=%si' >…

linux-kernel trace perf kprobe tracepoint

asked Apr 19 '19 at 12:48

Madhur Rawat

468
1
7
18

2

votes

1 answer

Why is a kretprobe on sys_futex called less often than a corresponding kprobe?

I am doing some tracing of various kernel functions and system calls, and establishing patterns between them which can be used for certain performance profiling. One thing that I noticed is that sometimes, even in my simple testing application which…

linux-kernel bpf ebpf kprobe bcc-bpf

asked Feb 07 '19 at 18:17

Ashley Davies

1,873
1
23
42

2

votes

1 answer

Can I block a new process execution using Kprobe?

Kprobe has a pre-handler function vaguely documented as followed: User's pre-handler (kp->pre_handler):: #include #include int pre_handler(struct kprobe *p, struct pt_regs *regs); Called with p…

linux security callback linux-kernel kprobe

asked Nov 24 '18 at 11:35

David Taub

734
1
7
27

2

votes

1 answer

Systemtap - Calling a syscall from kernel space

I'm trying to create a hard link, calling sys_link directly from a Systemtap Embedded C code. Basically, the code looks like: function sys_link:long(oldname, newname) %{ /* pure */ int error; mm_segment_t old_fs; old_fs = get_fs(); …

linux kernel system-calls systemtap kprobe

asked Jun 20 '18 at 08:31

Tavo

181
1
7

2

votes

1 answer

kprobe_events fetch arguments doesn't work on ARM

The following kprobe_based event example works well: $ echo 'p:myprobe do_sys_open' > /sys/kernel/debug/tracing/kprobe_events But, adding fetching arguments doesn't work: $ echo 'p:myprobe do_sys_open dfd=%ax filename=%dx flags=%cx mode=+4($stack)'…

linux-kernel raspberry-pi arm ftrace kprobe

asked May 10 '18 at 06:37

bestn

35
8

2

votes

0 answers

trace hard irqs in Linux

My experience with the Linux kernel is very minimal. I have just started to play around with it recently. I have been trying to trace the earliest time of arrival of a packet for my research purpose. I can do that at the device driver level by…

c linux-kernel perf kprobe jprobe

asked Apr 05 '18 at 11:45

cooshal

758
8
21

2

votes

1 answer

register_kprobe() returns EINVAL without additional memory on containing struct

I've written a kernel module (a character device) that registers new KProbes whenever I write to the module. I have a structure that contains struct kprobe. When I call register_kprobe(), it returns -EINVAL. But when I add a dummy character array to…

linux linux-kernel kernel-module kprobe

asked Sep 30 '17 at 01:23

Kenpachi

651
1
10
21

2

votes

2 answers

How to invoke any kernel function?

I know that Kprobes can be used to probe any kernel function. But after going through its documents I realise that it is mostly a kind of passive entity. It simply puts a probe in the middle of an execution sequence. But what if I want to invoke…

linux linux-kernel kprobe

asked Jan 24 '16 at 14:56

Utkal Sinha

1,021
1
6
24

2

votes

1 answer

Opening/Writing to a file from a Kprobe handler

I am writing a Linux kernel module using Kprobes to trace specific system calls, and I need to write to a file from within a KProbe handler (specifically, a Kretprobe). I know this is generally not advised, but I need to write the output to a very…

linux-kernel kernel-module kprobe

asked Jul 14 '15 at 12:41

Erin

51
2

2

votes

1 answer

register_kretprobe fails with a return value of -2

I have written a kretprobe to hook on to the randomize_stack_top() function mentioned in fs/binfmt_elf.c file. On loading the LKM with insmod the register_kretprobe() call fails with a return value of -2. How do I go about debugging/rectifying that…

linux-kernel kernel kernel-module kprobe

asked Jul 08 '15 at 12:42

bawejakunal

1,678
2
25
54

2

votes

1 answer

Get a function's return value in a kretprobe handler

I want to know if it is possible to hook a kretprobe on a kernel function and capture it's return value in the return handler of kretprobe.

linux-kernel kernel probe kprobe

asked Jul 08 '15 at 06:31

bawejakunal

1,678
2
25
54

Questions tagged [kprobe]