Are tracepoints redundant in Linux kernel after kprobes support for ftrace?

前端 未结 1 1067
一整个雨季
一整个雨季 2021-01-05 08:58

What are the use-cases for using tracepoint events when kprobe events support for ftrace is available in Linux kernel? It seems everything that is possible to be done using

相关标签:
1条回答
  • 2021-01-05 09:44

    Since kprobes trace arbitrary functions, tools relying on them may easily break from one Linux version to the next. For instance, the name of the function or one of its arguments can be changed, or the whole function might be removed. This sort of change happens frequently and can break kprobe-based tools.

    Conversely, tracepoints are more stable. They should remain mostly the same and provide the same information. In addition, they are documented; you can find the type and location of information provided by tracepoints in /sys/kernel/debug/tracing:

    # cat /sys/kernel/debug/tracing/events/skb/kfree_skb/format 
    name: kfree_skb
    ID: 1122
    format:
        field:unsigned short common_type;   offset:0;   size:2; signed:0;
        field:unsigned char common_flags;   offset:2;   size:1; signed:0;
        field:unsigned char common_preempt_count;   offset:3;   size:1; signed:0;
        field:int common_pid;   offset:4;   size:4; signed:1;
    
        field:void * skbaddr;   offset:8;   size:8; signed:0;
        field:void * location;  offset:16;  size:8; signed:0;
        field:unsigned short protocol;  offset:24;  size:2; signed:0;
    
    print fmt: "skbaddr=%p protocol=%u location=%p", REC->skbaddr, REC->protocol, REC->location
    
    0 讨论(0)
提交回复
热议问题