Menu
What are the use-cases for using tracepoint events when kprobe events support for ftrace is available in Linux kernel? It seems everything that is possible to be done using 'tracepoint events' is possible using kprobe events, since one can set up a kprobe event to at the same point where tracepoint event is available.
Am I missing something?
241
kprobes (kernel probes) is Linux kernel mechanism for dynamic tracing. It allows you to insert breakpoint at almost any kernel function, invoke your handler and then continue executing. It works by runtime patching kernel image with so-called kernel probe/kprobe - see struct kprobe .
Kernel probes are a set of tools to collect Linux kernel debugging and performance information. Developers and system administrators usually use them either to debug the kernel, or to find system performance bottlenecks. The reported data can then be used to tune the system for better performance.
A kprobe can be inserted on virtually any instruction in the kernel. A return probe fires when a specified function returns. In the typical case, Kprobes-based instrumentation is packaged as a kernel module. The module's init function installs (“registers”) one or more probes, and the exit function unregisters them.
Uprobes are kind of like kprobes, except that instead of instrumenting a kernel function you're instrumenting userspace functions (like malloc).
Since kprobes trace arbitrary functions, tools relying on them may easily break from one Linux version to the next. For instance, the name of the function or one of its arguments can be changed, or the whole function might be removed. This sort of change happens frequently and can break kprobe-based tools.
Conversely, tracepoints are more stable. They should remain mostly the same and provide the same information. In addition, they are documented; you can find the type and location of information provided by tracepoints in /sys/kernel/debug/tracing:
# cat /sys/kernel/debug/tracing/events/skb/kfree_skb/format
name: kfree_skb
ID: 1122
format:
field:unsigned short common_type; offset:0; size:2; signed:0;
field:unsigned char common_flags; offset:2; size:1; signed:0;
field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
field:int common_pid; offset:4; size:4; signed:1;
field:void * skbaddr; offset:8; size:8; signed:0;
field:void * location; offset:16; size:8; signed:0;
field:unsigned short protocol; offset:24; size:2; signed:0;
print fmt: "skbaddr=%p protocol=%u location=%p", REC->skbaddr, REC->protocol, REC->location
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
