Inspect values of arguments of kernel functions

[rerrabolu]

I am wondering if it is possible to log the values of input and output arguments of a kernel function. For example a kernel module Foo.ko has a few functions. Can we trace these functions by logging the values of input / output arguments, return value, etc. It is possible that the input / output arguments are complex i.e. are structs.

If this is possible, even if getting is a bit complicated, I would like to see an example. My intent to learn BPF is educational.

[chenhengqi]

https://github.com/iovisor/bcc/blob/master/tools/opensnoop.py

This great tool is all you need to getting started.

[rerrabolu]

That was a quick response. I will look into it. I am hoping the example code will fit my needs as described below. Could you comment on my requirement.

In my case, I have functions from a kernel module which show up as kprobes. Many of these functions have input / output arguments that are structures. The definitions of these structures are not exported i.e. they are not in include/... directory for use by other kernel modules or kernel core.

e.g. int foo_create_buffer(struct foo_dom dom, struct foo_req req, int size);

I would like to know if I can log calls to this function including values of dom, req and size that are used to call it. Also I want to know the return value.

Regards, Ramesh

On Wed, Apr 7, 2021 at 10:48 PM Hengqi Chen @.***> wrote:

https://github.com/iovisor/bcc/blob/master/tools/opensnoop.py

This great tool is all you need to getting started.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/iovisor/bcc/issues/3359#issuecomment-815424586, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB35RLMBPVDGVJEULTCB3LTTHURRZANCNFSM42R6UHEQ .

[netedwardwu]

https://github.com/iovisor/bcc/blob/master/tools/argdist_example.txt#L123 Please check the whole content of the example. FYI