Kprobes is a kernel debugging facility that allows us to dynamically break into almost any kernel function (except kprobe itself) to collect debugging and profiling information non-disruptively. Architectures can keep an array of blacklisted functions, which cannot be probed using Kprobes.

Because kprobes can be used to change a function's data and registers, it should only be used in development environments.

There are three types of probes:

• kprobes: This is the kernel probe, which can be inserted into any location with more than one kprobe added at a single location, if needed.
• jprobe: This is the jumper probe inserted at the entry point of a kernel function to provide access to its arguments. Only one jprobe may be added at a given location.
• kretprobe: This is the return probe and triggers on a function return. Also, only one kretprobe may be added to the same location.

They are packaged into a kernel module, with the init function registering the probes and the exit function unregistering them.

This recipe will explain how to use all types of dynamic probes.