Using dynamic kernel tracing
Kprobes is a kernel debugging facility that allows us to dynamically break into almost any kernel function (except kprobe itself) to collect debugging and profiling information non-disruptively. Architectures can keep an array of blacklisted functions, which cannot be probed using Kprobes.
Because kprobes can be used to change a function's data and registers, it should only be used in development environments.
There are three types of probes:
kprobes: This is the kernel probe, which can be inserted into any location with more than one kprobe added at a single location, if needed.jprobe: This is the jumper probe inserted at the entry point of a kernel function to provide access to its arguments. Only onejprobemay be added at a given location.kretprobe: This is the return probe and triggers on a function return. Also, only onekretprobemay be added to the same location.
They are packaged into a kernel module, with the init function registering the probes and the...
