Any chance to introduce Ftrace in the syscall chapter (or elsewhere) in this book?

[nickchen120235]

In the syscall chapter, syscall hooking is introduced, so I think it may be a good opportunity to go a step deeper to talk about Ftrace and hooking, and maybe kernel live patching.

I can provide some introductory text and sample code for syscall hooking if anyone is interested.

[jserv]

@nickchen120235, I am writing another ebook about Linux CPU scheduler in which Ftrace was covered. I can send the draft for your reference. If you would like to contribute, please make a rough list.

[nickchen120235]

If you would like to contribute, please make a rough list.

Sure I would like to write this portion of the book.

Since Ftrace will also be covered in the aforementioned book, in lkmpg only function-hooking-related stuff will be (roughly) introduced, i.e. more of an introduction to hooking using Ftrace rather than a deep-dive into it. It'll be a section after the sys_call_table example (or just something like "Another technique we can utilize to control the flow of execution of a syscall is Ftrace. ").

Currently I'm think of dividing the section into three parts:

1. Introduction to Ftrace
2. How function hooking works in Ftrace and its relationship to kernel live patching
3. The sys_open(at) example rewritten using Ftrace

The length of content won't be more than a section.

[nickchen120235]

The planned content is similar to this, of course the kprobe part will be omitted and the rest will be revised.

[jserv]

The planned content is similar to this, of course the kprobe part will be omitted and the rest will be revised.

It looks great. I like the sequence diagram for illustrating Ftace. Please send pull requests for introducing Ftrace in LKMPG.