Dumping kernel data structures with BPF
Dumping kernel data structures with BPF
[Kernel] Posted Apr 27, 2020 23:20 UTC (Mon) by corbet
For as long as operating systems have had kernels, there has been a need to extract information from data structures stored within those kernels. Over the years, a wide range of approaches have been taken to make that information available. In current times, it has become natural to reach for BPF as the tool of choice for a variety of problems, and getting information from kernel data structures is no exception. There are two patches in circulation that take rather different approaches to using BPF to dump information from kernel data structures to user space.