Kernel

🕵️ Intro The Linux Test Project is a joint project started years ago by SGI, OSDL and Bull developed and now maintained by IBM, Cisco, Fujitsu, SUSE, Red Hat, Oracle and many others. The project goal is to deliver tests to the open source community that validate the reliability, robustness, and stability of Linux. In these days I’m having a journey on the project so with this article I want to show step by step how to setup the project, how tests are actually written and give you a quick and dirty guide to write your first one....

In the last post we introduced the BCC framework to interface Python code with eBPF facility. Now we are ready to make one step further! #!/usr/bin/python3 import bcc bpf = bcc.BPF(text=""" #include <uapi/linux/ptrace.h> int trace_malloc(struct pt_regs *ctx, size_t size) { bpf_trace_printk("size=%d\\n",size); return 0; };""") bpf.attach_uprobe(name="c",sym="malloc",fn_name="trace_malloc") while 1: (task, pid, cpu, flags, ts, msg) = bpf.trace_fields() print(f"task={task}\tmsg={msg}") This code is a little more complex, but still quite easy: first of all we use bcc to attach an “user space probe” instead of a kernel probe, and the function being observed will be libc’s malloc....

eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. Basically any user can write code for a virtual machine that can interact with the kernel data structure and functions. bcc is an high-level helper interface to eBPF (another is bpftrace). To use it, start by following installation guide , but if you have a recent Debian system, it’s just a matter of installing some packages:...