-
**What should ebpf do?**
eBPF should expose some general purpose functions for creating kernel tracepoints with bpf
**Why should ebpf do this?**
The abstraction is powerful and requires minimal c…
-
`struct pt_regs` contains a copy of registers from user-space at the moment of syscall entry. For each architecture (x86, arm, risc-v) it has very different fields, named after register names (e.g. `a…
-
### What reproduces the bug? Provide code if possible.
```
$ sudo ./build/src/bpftrace -e 'BEGIN { print(($1, $2)) }' 34
Attaching 1 probe...
(34, 0)
^C
```
We should probably warn when s…
-
GCC can do optimizations and rename functions in the kernel (see [stackoverflow question](https://stackoverflow.com/a/18914402)).
* amd64:
```
$ cat /proc/kallsyms | fgrep do_wakeup
ffffffffa2…
-
My ubuntu kernel:Linux ubuntu 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
The following error occurred when I ran sudo python3 hello_world.py
…
-
1. I do make sure it have this API in my device with Android14 OS
```shell
adb shell cat /proc/kallsyms | grep sched_setattr
ffffffea122f7908 T sched_setattr
ffffffea122f846c T sched_setattr_noche…
oraSC updated
4 months ago
-
Kernel function inlining has caused a lot of trouble for tracing in the past (e.g., #703, #1667, #2252, #2373, #3913, #4638, just to name a few)
I posted a proof of concept at https://github.com/io…
-
Hello
I just noticed that the args->filename parameter contains an empty string when using the open syscall. To be clear, I am specifically referring to the open syscall and not openat.
I wrote …
-
This issue aims to track the research activity of investigating hook points in various open-source software (OSS) for kprobe and uprobe.
We will identify key hook points in each OSS.
-
nettrace version: v1.2.6.
cpu:loongarch
kernel:4.19 version
# ./nettrace -p icmp --debug
DEBUG: command: mount | grep debugfs, status:0
DEBUG: command: cat /sys/kernel/debug/tracing/events/skb/…