This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
Re: Kprobes document
- From: Ananth N Mavinakayanahalli <ananth at in dot ibm dot com>
- To: Jim Keniston <jkenisto at us dot ibm dot com>
- Cc: SystemTAP <systemtap at sources dot redhat dot com>, Brad Peters <bpeters at us dot ibm dot com>, Carl Love <cel at us dot ibm dot com>, Darren Hart <dvhltc at us dot ibm dot com>
- Date: Tue, 28 Jun 2005 13:47:55 -0400
- Subject: Re: Kprobes document
- References: <1119977016.2815.17.camel@dyn9047018079.beaverton.ibm.com>
- Reply-to: ananth at in dot ibm dot com
On Tue, Jun 28, 2005 at 09:43:36AM -0700, Jim Keniston wrote:
Hi Jim,
Minor nit - there isn't a consistency in "Kprobe" and "kprobe". Some
more comments below. Please make structural changes as necessary ...
<snip>
> 1. Concepts: Kprobes, Jprobes, Return Probes
>
> Kprobes enables you to dynamically break into any kernel routine and
> collect debugging and performance information non-disruptively. You
> can trap at almost any kernel code address, specifying a handler
> routine to be invoked when the breakpoint is hit.
.. and a handler after the probed instruction is executed.
>
> There are currently three types of probes: kprobes, jprobes, and
> kretprobes (also called return probes). A kprobe can be inserted
> on virtually any instruction in the kernel. A jprobe is inserted at
> the entry to a kernel function, and provides convenient access to the
> function's arguments. A return probe fires when a specified function
> returns.
<snip>
> 1.1 How Does a Kprobe Work?
>
> When a kprobe is registered, Kprobes makes a copy of the probed
> instruction and replaces the first byte(s) of the probed instruction
> with a breakpoint instruction (e.g., int3 on i386 and x86_64).
>
> When a CPU hits the breakpoint instruction, a trap occurs, the CPU's
> registers are saved, and control passes to Kprobes. Kprobes executes
- control passes to the exception handler. The handler code has a
notifier hook with which kprobes would have registered. Also, kprobes
infrastructure registers with the notifier mechanism with the highest
"priority" so it is the first to be notified, in cases where other
debuggers co-exist and share the notifier.
> the "pre_handler" associated with the kprobe, passing the handler
> the addresses of the kprobe struct and the saved registers.
<snip>
> 1.2 How Does a Jprobe Work?
>
> A jprobe is implemented using a kprobe that is placed on a function's
> entry point. It employs a simple mirroring principle to allow seamless
> access to the probed function's arguments. The jprobe handler routine
> should have the same prototype (arg list) as the function being probed,
(of course, with a different "name" :-)
> and must always end by calling the Kprobes function jprobe_return().
>
<snip>
> 5. Kprobes Features and Limitations
>
> As of Linux v2.6.12, Kprobes allows multiple concurrent probes at the
Hmm.. concurrent is a bit misleading here. "colocated" would be better?
> same address. Currently, however, there cannot be multiple jprobes
> on the same function at the same time.
Ananth