• Hien Nguyen's avatar
    [PATCH] kprobes: function-return probes · b94cce92
    Hien Nguyen authored
    This patch adds function-return probes to kprobes for the i386
    architecture.  This enables you to establish a handler to be run when a
    function returns.
    
    1. API
    
    Two new functions are added to kprobes:
    
    	int register_kretprobe(struct kretprobe *rp);
    	void unregister_kretprobe(struct kretprobe *rp);
    
    2. Registration and unregistration
    
    2.1 Register
    
      To register a function-return probe, the user populates the following
      fields in a kretprobe object and calls register_kretprobe() with the
      kretprobe address as an argument:
    
      kp.addr - the function's address
    
      handler - this function is run after the ret instruction executes, but
      before control returns to the return address in the caller.
    
      maxactive - The maximum number of instances of the probed function that
      can be active concurrently.  For example, if the function is non-
      recursive and is called with a spinlock or mutex held, maxactive = 1
      should be enough.  If the function is non-recursive and can never
      relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
      be enough.  maxactive is used to determine how many kretprobe_instance
      objects to allocate for this particular probed function.  If maxactive <=
      0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
      NR_CPUS) else maxactive=NR_CPUS)
    
      For example:
    
        struct kretprobe rp;
        rp.kp.addr = /* entrypoint address */
        rp.handler = /*return probe handler */
        rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
        register_kretprobe(&rp);
    
      The following field may also be of interest:
    
      nmissed - Initialized to zero when the function-return probe is
      registered, and incremented every time the probed function is entered but
      there is no kretprobe_instance object available for establishing the
      function-return probe (i.e., because maxactive was set too low).
    
    2.2 Unregister
    
      To unregiter a function-return probe, the user calls
      unregister_kretprobe() with the same kretprobe object as registered
      previously.  If a probed function is running when the return probe is
      unregistered, the function will return as expected, but the handler won't
      be run.
    
    3. Limitations
    
    3.1 This patch supports only the i386 architecture, but patches for
        x86_64 and ppc64 are anticipated soon.
    
    3.2 Return probes operates by replacing the return address in the stack
        (or in a known register, such as the lr register for ppc).  This may
        cause __builtin_return_address(0), when invoked from the return-probed
        function, to return the address of the return-probes trampoline.
    
    3.3 This implementation uses the "Multiprobes at an address" feature in
        2.6.12-rc3-mm3.
    
    3.4 Due to a limitation in multi-probes, you cannot currently establish
        a return probe and a jprobe on the same function.  A patch to remove
        this limitation is being tested.
    
    This feature is required by SystemTap (http://sourceware.org/systemtap),
    and reflects ideas contributed by several SystemTap developers, including
    Will Cohen and Ananth Mavinakayanahalli.
    Signed-off-by: default avatarHien Nguyen <hien@us.ibm.com>
    Signed-off-by: default avatarPrasanna S Panchamukhi <prasanna@in.ibm.com>
    Signed-off-by: default avatarFrederik Deweerdt <frederik.deweerdt@laposte.net>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    b94cce92
kprobes.c 13.6 KB