[PATCH bpf-next 0/3] tools: ksnoop: tracing kernel function entry/return with argument/return value display

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Recent functionality added to libbpf [1] enables typed display of kernel
data structures; here that functionality is exploited to provide a
simple example of how a tracer can support deep argument/return value
inspection.  The intent is to provide a demonstration of these features
to help facilitate tracer adoption, while also providing a tool which
can be useful for kernel debugging.

Changes since RFC [2]:

- In the RFC version, kernel data structures were string-ified in
  BPF program context vi bpf_snprintf_btf(); Alexei pointed out that
  it would be better to dump memory to userspace and let the
  interpretation happen there.  btf_dump__dump_type_data() in libbpf
  now supports this (Alexei, patch 1)
- Added the "stack mode" specification where we trace a specific set
  of functions being called in order (though not necessarily directly).
  This mode of tracing is useful when debugging issues with a specific
  stack signature.

[1] https://lore.kernel.org/bpf/1626362126-27775-1-git-send-email-alan.maguire@xxxxxxxxxx/
[2] https://lore.kernel.org/bpf/1609773991-10509-1-git-send-email-alan.maguire@xxxxxxxxxx/

Alan Maguire (3):
  tools: ksnoop: kernel argument/return value tracing/display using BTF
  tools: ksnoop: document ksnoop tracing of entry/return with value
    display
  tools: ksnoop: add .gitignore

 tools/bpf/Makefile                        |  20 +-
 tools/bpf/ksnoop/.gitignore               |   1 +
 tools/bpf/ksnoop/Documentation/Makefile   |  58 ++
 tools/bpf/ksnoop/Documentation/ksnoop.rst | 173 ++++++
 tools/bpf/ksnoop/Makefile                 | 107 ++++
 tools/bpf/ksnoop/ksnoop.bpf.c             | 391 +++++++++++++
 tools/bpf/ksnoop/ksnoop.c                 | 890 ++++++++++++++++++++++++++++++
 tools/bpf/ksnoop/ksnoop.h                 | 103 ++++
 8 files changed, 1738 insertions(+), 5 deletions(-)
 create mode 100644 tools/bpf/ksnoop/.gitignore
 create mode 100644 tools/bpf/ksnoop/Documentation/Makefile
 create mode 100644 tools/bpf/ksnoop/Documentation/ksnoop.rst
 create mode 100644 tools/bpf/ksnoop/Makefile
 create mode 100644 tools/bpf/ksnoop/ksnoop.bpf.c
 create mode 100644 tools/bpf/ksnoop/ksnoop.c
 create mode 100644 tools/bpf/ksnoop/ksnoop.h

-- 
1.8.3.1
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux