This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: kprobes problem

Frank Ch. Eigler wrote:
On Sat, Mar 12, 2005 at 02:09:16AM +0000, Baruch Even wrote:
I've extracted with a script the offset of the ret instruction but when hitting the probe the kernel oopses. 

Are you sure you didn't make an off-by-one error?  You could find the
vmlinux executable and disassemble (with objdump) the routine in
question, to find the ret address.

I've verified it again and there is no off-by-one error, my calculation of the offset for the kprobe matches that of the objdump on vmlinux.

The ret code is at:
c0386cbb:       5d                      pop    %ebp
c0386cbc:       c3                      ret

If I put the kprobe at cbc it crashes, if I put it in cbb it works. I can try to automate that, but that complicates my logic and I don't understand the reason for the problem.

Is it impossible to put a kprobe on a ret instruction?

If I move the trap a few instructions earlier to a point where there is an instruction with more than one byte[1], everything works. [...]
[1] int $0x03 is two bytes, ret is one byte.

Ah, but "int 3" is also 0xCC, one byte, designed that way on purpose.

I thought it might be be from my quick search in the vmlinux code I only found the two byte instruction. I probably should have looked at the kprobes code :-)

Baruch

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]