f9-kernel icon indicating copy to clipboard operation
f9-kernel copied to clipboard
verified publisher icon f9micro

Improve Kprobe with symbol table to provide real dynamic tracing

Open louisom opened this issue 9 years ago • 1 comments

At this moment, f9-kernel Kprobe approach was using function address in kernel, we can saw it at kernel/sampling-kdb.c for the example.

Compare to Linux kernel Kprobe, it was using symbol name for user space program to insert the kprobe into kernel:

struct kprobe kp = {
    .symbol_name    = "_do_fork",
};

After reviewing, f9-kernel already provide the infrastructure ksym for this approach, we can take time and improve Kprobe for real dynamic tracing in user space.

louisom avatar Oct 12 '16 13:10 louisom

Hello, Has any work been done in this area - perhaps on one of the forks? Thank you.

ab1aw avatar Mar 07 '19 15:03 ab1aw