Current releases of the Linux 2.6 kernel have new features such as kprobes and jprobes to support reliability, availability, and serviceability (or RAS; see the sidebar of the same name for more information). Kprobes can intrude into a kernel function to apply a patch or extract debug information, and are useful additions to your debugging repertoire. You’ll find kprobes essential when investigating inexplicable behavior at a customer site, especially when you don’t have the option to reboot the system.
In this column, let’s learn how to use kprobes using a handful of examples. Next month, we’ll continue and look at other facets of Linux RAS, such as kexec and kdump.
Kprobes
Kprobes can save you the trouble of building and booting a debug kernel. Using kprobes, you can dynamically dump kernel data structures or insert code into a running kernel. You can for example, add a few printk() calls inside the Linux scheduler on-the-fly, without recompiling the kernel. In fact, you could even patch a bug on a Mars rover without rebooting it.
To insert a kprobe into a kernel function:
1.Turn on CONFIG_KPROBES during kernel configuration. Kprobes has recently moved from “Kernel Hacking” to “Instrumentation Support” in the kernel configuration menu.
2.Write a kernel module that registers a kprobe at the instruction of interest. You need to register a pre-handler that kprobes runs just before executing the probed instruction, and a post-handler that kprobes runs after executing…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
