System information
Kernel Probes 87
Kernel Probes
6
Kernel probes are a set of tools to collect Linux kernel debugging and performance
information. Developers and system administrators usually use them either to debug
the kernel, or to find system performance bottlenecks. The reported data can then be
used to tune the system for better performance.
You can insert these probes into any kernel routine, and specify a handler to be in-
voked after a particular break-point is hit. The main advantage of kernel probes is
that you no longer need to rebuild the kernel and reboot the system after you make
changes in a probe.
To use kernel probes, you typically need to write or obtain a specific kernel module.
Such module includes both the init and the exit function. The init function (such as
register_kprobe()) registers one or more probes, while the exit function un-
registers them. The registration function defines where the probe will be inserted and
which handler will be called after the probe is hit. To register or unregister a group of
probes at one time, you can use relevant register_<probe_type>probes()
or unregister_<probe_type>probes() functions.
Debugging and status messages are typically reported with the printk kernel
routine. printk is a kernel-space equivalent of a user-space printf routine.
For more information on printk, see Logging kernel messages [http://
www.win.tue.nl/~aeb/linux/lk/lk-2.html#ss2.8]. Normally, you
can view these messages by inspecting /var/log/messages or /var/log/
syslog. For more information on log files, see Chapter4, Analyzing and Managing
System Log Files (page61).