Ftrace kernel hooks, more than just tracing

Session information has not yet been published for this event.

50 Minute Talk
Scheduled: Wednesday, October 15, 2014 from 11:15am – 12:05pm in Room 2

One Line Summary

The audience is aimed at developers. You do not need to be a kernel developer to enjoy this talk. Just someone that enjoys the art of programming and the crazy ideas that are performed to overcome such obstacles. Live code modification is not trivial, and now the new features of allocating code on the fly makes it even more radical. This is not a trivial task; it requires understanding how the CPU pipeline works as well as all states that the kernel can be in.


The function hook facility of ftrace is what makes ftrace stand out from other kernel tracers. The ability of live modification of the kernel to convert a nop into a ftrace callback has revolutionized tracing inside the kernel. Because it is dynamic, ftrace gives you the ability to chose what functions are to be traced, as well as tracing all functions within the kernel. This talk is not about tracing though, it is about what is coming in the future and the hurdles that needs to overcome and how it will be done. The ftrace function hooks allows for “hijacking” of a function. That is, when the function is called, the hook can intercept the call and divert it to call another function. Live patching such as kgraft and kpatch were built on this facility. To use these new features of ftrace, more must be done. This talk will go over how the hooks work and what more needs to be done.

Presentation Materials



  • Tmp

    Steven Rostedt

    Red Hat


    Steven Rostedt has been working with the Linux kernel since 2001. He currently works for Red Hat working in their Messaging Real-time Grid (MRG) division. He created and maintains Ftrace, the official Linux kernel tracer, and is the current real-time kernel stable maintainer.