Commit 8861da31 authored by Jim Keniston's avatar Jim Keniston Committed by Linus Torvalds

[PATCH] kprobes: Update Documentation/kprobes.txt

Update Documentation/kprobes.txt to reflect Kprobes enhancements and other
recent developments.
Acked-by: default avatarAnanth Mavinakayanahalli <mananth@in.ibm.com>
Signed-off-by: default avatarJim Keniston <jkenisto@us.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 61b9a26a
...@@ -136,17 +136,20 @@ Kprobes, jprobes, and return probes are implemented on the following ...@@ -136,17 +136,20 @@ Kprobes, jprobes, and return probes are implemented on the following
architectures: architectures:
- i386 - i386
- x86_64 (AMD-64, E64MT) - x86_64 (AMD-64, EM64T)
- ppc64 - ppc64
- ia64 (Support for probes on certain instruction types is still in progress.) - ia64 (Does not support probes on instruction slot1.)
- sparc64 (Return probes not yet implemented.) - sparc64 (Return probes not yet implemented.)
3. Configuring Kprobes 3. Configuring Kprobes
When configuring the kernel using make menuconfig/xconfig/oldconfig, When configuring the kernel using make menuconfig/xconfig/oldconfig,
ensure that CONFIG_KPROBES is set to "y". Under "Kernel hacking", ensure that CONFIG_KPROBES is set to "y". Under "Instrumentation
look for "Kprobes". You may have to enable "Kernel debugging" Support", look for "Kprobes".
(CONFIG_DEBUG_KERNEL) before you can enable Kprobes.
So that you can load and unload Kprobes-based instrumentation modules,
make sure "Loadable module support" (CONFIG_MODULES) and "Module
unloading" (CONFIG_MODULE_UNLOAD) are set to "y".
You may also want to ensure that CONFIG_KALLSYMS and perhaps even You may also want to ensure that CONFIG_KALLSYMS and perhaps even
CONFIG_KALLSYMS_ALL are set to "y", since kallsyms_lookup_name() CONFIG_KALLSYMS_ALL are set to "y", since kallsyms_lookup_name()
...@@ -262,18 +265,18 @@ at any time after the probe has been registered. ...@@ -262,18 +265,18 @@ at any time after the probe has been registered.
5. Kprobes Features and Limitations 5. Kprobes Features and Limitations
As of Linux v2.6.12, Kprobes allows multiple probes at the same Kprobes allows multiple probes at the same address. Currently,
address. Currently, however, there cannot be multiple jprobes on however, there cannot be multiple jprobes on the same function at
the same function at the same time. the same time.
In general, you can install a probe anywhere in the kernel. In general, you can install a probe anywhere in the kernel.
In particular, you can probe interrupt handlers. Known exceptions In particular, you can probe interrupt handlers. Known exceptions
are discussed in this section. are discussed in this section.
For obvious reasons, it's a bad idea to install a probe in The register_*probe functions will return -EINVAL if you attempt
the code that implements Kprobes (mostly kernel/kprobes.c and to install a probe in the code that implements Kprobes (mostly
arch/*/kernel/kprobes.c). A patch in the v2.6.13 timeframe instructs kernel/kprobes.c and arch/*/kernel/kprobes.c, but also functions such
Kprobes to reject such requests. as do_page_fault and notifier_call_chain).
If you install a probe in an inline-able function, Kprobes makes If you install a probe in an inline-able function, Kprobes makes
no attempt to chase down all inline instances of the function and no attempt to chase down all inline instances of the function and
...@@ -290,18 +293,14 @@ from the accidental ones. Don't drink and probe. ...@@ -290,18 +293,14 @@ from the accidental ones. Don't drink and probe.
Kprobes makes no attempt to prevent probe handlers from stepping on Kprobes makes no attempt to prevent probe handlers from stepping on
each other -- e.g., probing printk() and then calling printk() from a each other -- e.g., probing printk() and then calling printk() from a
probe handler. As of Linux v2.6.12, if a probe handler hits a probe, probe handler. If a probe handler hits a probe, that second probe's
that second probe's handlers won't be run in that instance. handlers won't be run in that instance, and the kprobe.nmissed member
of the second probe will be incremented.
In Linux v2.6.12 and previous versions, Kprobes' data structures are
protected by a single lock that is held during probe registration and As of Linux v2.6.15-rc1, multiple handlers (or multiple instances of
unregistration and while handlers are run. Thus, no two handlers the same handler) may run concurrently on different CPUs.
can run simultaneously. To improve scalability on SMP systems,
this restriction will probably be removed soon, in which case Kprobes does not use mutexes or allocate memory except during
multiple handlers (or multiple instances of the same handler) may
run concurrently on different CPUs. Code your handlers accordingly.
Kprobes does not use semaphores or allocate memory except during
registration and unregistration. registration and unregistration.
Probe handlers are run with preemption disabled. Depending on the Probe handlers are run with preemption disabled. Depending on the
...@@ -316,11 +315,18 @@ address instead of the real return address for kretprobed functions. ...@@ -316,11 +315,18 @@ address instead of the real return address for kretprobed functions.
(As far as we can tell, __builtin_return_address() is used only (As far as we can tell, __builtin_return_address() is used only
for instrumentation and error reporting.) for instrumentation and error reporting.)
If the number of times a function is called does not match the If the number of times a function is called does not match the number
number of times it returns, registering a return probe on that of times it returns, registering a return probe on that function may
function may produce undesirable results. We have the do_exit() produce undesirable results. We have the do_exit() case covered.
and do_execve() cases covered. do_fork() is not an issue. We're do_execve() and do_fork() are not an issue. We're unaware of other
unaware of other specific cases where this could be a problem. specific cases where this could be a problem.
If, upon entry to or exit from a function, the CPU is running on
a stack other than that of the current task, registering a return
probe on that function may produce undesirable results. For this
reason, Kprobes doesn't support return probes (or kprobes or jprobes)
on the x86_64 version of __switch_to(); the registration functions
return -EINVAL.
6. Probe Overhead 6. Probe Overhead
...@@ -347,14 +353,12 @@ k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99 ...@@ -347,14 +353,12 @@ k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99
7. TODO 7. TODO
a. SystemTap (http://sourceware.org/systemtap): Work in progress a. SystemTap (http://sourceware.org/systemtap): Provides a simplified
to provide a simplified programming interface for probe-based programming interface for probe-based instrumentation. Try it out.
instrumentation. b. Kernel return probes for sparc64.
b. Improved SMP scalability: Currently, work is in progress to handle c. Support for other architectures.
multiple kprobes in parallel. d. User-space probes.
c. Kernel return probes for sparc64. e. Watchpoint probes (which fire on data references).
d. Support for other architectures.
e. User-space probes.
8. Kprobes Example 8. Kprobes Example
...@@ -411,8 +415,7 @@ int init_module(void) ...@@ -411,8 +415,7 @@ int init_module(void)
printk("Couldn't find %s to plant kprobe\n", "do_fork"); printk("Couldn't find %s to plant kprobe\n", "do_fork");
return -1; return -1;
} }
ret = register_kprobe(&kp); if ((ret = register_kprobe(&kp) < 0)) {
if (ret < 0) {
printk("register_kprobe failed, returned %d\n", ret); printk("register_kprobe failed, returned %d\n", ret);
return -1; return -1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment