This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
RE: wrong calculation of kprobe.addr?
- From: Guang Lei Li <liguangl at cn dot ibm dot com>
- To: systemtap at sources dot redhat dot com
- Cc: hien at us dot ibm dot com, roland at redhat dot com, bibo dot mao at intel dot com
- Date: Fri, 18 Nov 2005 17:16:42 +0800
- Subject: RE: wrong calculation of kprobe.addr?
>Bibo,mao ---->
> About kprobe probe point it is function prologue end point, and
> about kprobe return point it is function entry point. You can use
> "objdump -DS" command get function assembly and c source mixed file.
> And then you can compare this two different probe point.
>
> >Guanglei --->
> >From dumpedFile
> >c02402e0 <elv_next_request>:
> >c02402e0: push %edi
> >c02402e1: push %esi
> >c02402e2: mov %eax,%esi
> >c02402e4: push %ebx
> >c02402e5: sub $0xc,%esp
> >c02402e8: jmp c0240309 <elv_next_request+0x29>
> >c02402ea: lea 0x0(%esi),%esi
> >c02402f0: orl $0x2000,0x8(%ebx)
> >c02402f7: mov %edi,%ecx
> >
The function prologue should be before 0xc02402e8. But you see that
systemtap use 0xc02402f0 as the function prologue end point, which I think
is wrong.
I wrote a kernel module to register kprobe handler directly. I set the
kprobe.addr=0xc02402f0, then the kprobe handler will never be executed. If
I set the kprobe.addr to 0xc02402e8, 0xc02402e5, 0xc02402e2 etc( between
c02402e0 and c02402e8), the kprobe handler will be executed.
It seems that systemTap use elfutils to calculate the function prologue
end point, so is it a bug of elfutils?