Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any chance to introduce Ftrace in the syscall chapter (or elsewhere) in this book? #175

Open
nickchen120235 opened this issue Oct 24, 2022 · 4 comments · May be fixed by #180
Open

Any chance to introduce Ftrace in the syscall chapter (or elsewhere) in this book? #175

nickchen120235 opened this issue Oct 24, 2022 · 4 comments · May be fixed by #180

Comments

@nickchen120235
Copy link

nickchen120235 commented Oct 24, 2022
edited

In the syscall chapter, syscall hooking is introduced, so I think it may be a good opportunity to go a step deeper to talk about Ftrace and hooking, and maybe kernel live patching.

I can provide some introductory text and sample code for syscall hooking if anyone is interested.
@nickchen120235 nickchen120235 changed the title Any chance to inytoduce Ftrace in the syscall chapter (or elsewhere in this book)? Any chance to introduce Ftrace in the syscall chapter (or elsewhere in this book)? Oct 24, 2022
@nickchen120235 nickchen120235 changed the title Any chance to introduce Ftrace in the syscall chapter (or elsewhere in this book)? Any chance to introduce Ftrace in the syscall chapter (or elsewhere) in this book? Oct 24, 2022
@jserv
Copy link
Contributor

jserv commented Oct 24, 2022

@nickchen120235, I am writing another ebook about Linux CPU scheduler in which Ftrace was covered. I can send the draft for your reference. If you would like to contribute, please make a rough list.

@nickchen120235
Copy link
Author

nickchen120235 commented Oct 24, 2022
edited

If you would like to contribute, please make a rough list.

Sure I would like to write this portion of the book.

Since Ftrace will also be covered in the aforementioned book, in lkmpg only function-hooking-related stuff will be (roughly) introduced, i.e. more of an introduction to hooking using Ftrace rather than a deep-dive into it. It'll be a section after the sys_call_table example (or just something like "Another technique we can utilize to control the flow of execution of a syscall is Ftrace. ").

Currently I'm think of dividing the section into three parts:

  1. Introduction to Ftrace
  2. How function hooking works in Ftrace and its relationship to kernel live patching
  3. The sys_open(at) example rewritten using Ftrace

The length of content won't be more than a section.

@nickchen120235
Copy link
Author

The planned content is similar to this, of course the kprobe part will be omitted and the rest will be revised.

@jserv
Copy link
Contributor

jserv commented Nov 20, 2022

The planned content is similar to this, of course the kprobe part will be omitted and the rest will be revised.

It looks great. I like the sequence diagram for illustrating Ftace. Please send pull requests for introducing Ftrace in LKMPG.

@nickchen120235 nickchen120235 linked a pull request Nov 21, 2022 that will close this issue
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: Introduce Ftrace in the syscall section nickchen120235/lkmpg
2 participants
@jserv @nickchen120235