This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
Re: kprobes problem
- From: Richard J Moore <richardj_moore at uk dot ibm dot com>
- To: William Cohen <wcohen at redhat dot com>
- Cc: Baruch Even <baruch at ev-en dot org>, maneesh at in dot ibm dot com, prasanna at in dot ibm dot com, systemtap at sources dot redhat dot com, varap at us dot ibm dot com
- Date: Mon, 14 Mar 2005 16:59:46 +0000
- Subject: Re: kprobes problem
- Sensitivity:
I was certainly intended to. As I mentioned before there is specific code
to deal with call, jmp etc. Probing INT should be OK, though I don't think
a probe on INT3 works. Need to check.
- -
Richard J Moore
IBM Advanced Linux Response Team - Linux Technology Centre
MOBEX: 264807; Mobile (+44) (0)7739-875237
Office: (+44) (0)1962-817072
William Cohen
<wcohen@redhat.
com> To
Sent by: prasanna@in.ibm.com
systemtap-owner cc
@sources.redhat Baruch Even <baruch@ev-en.org>,
.com systemtap@sources.redhat.com,
maneesh@in.ibm.com, varap@us.ibm.com
bcc
14/03/2005
16:53 Subject
Re: kprobes problem
Prasanna S Panchamukhi wrote:
> Hi Baruch,
>
> Thanks for pointing it out.
> Yes, kprobes could not handle probes on ret/lret instruction.
> The instruction pointer modification in case of ret/lret
> instrcution is not required.
> The below patch should fix the problem. This patch is for i386
> achitecture and soon will be ported to other architectures.
>
> Please let me know if you have any issues.
Are there any other instruction that will cause a control flow change?
e.g. "int" and "IRET" instructions? There are certainly places "int" is
used in the kernel. Does the kprobes code account for all the control
flow instructions?
-Wil
>
> Thanks
> Prasanna
>
>
> Kprobes could not handle the insertion of a probe on a ret/lret
instruction.
> This patch fixes the above bug by avoiding adjustment of instruction
pointer,
>
> Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
>
>
> ---
>
> linux-2.6.11-rc5-prasanna/arch/i386/kernel/kprobes.c | 8 ++++++++
> 1 files changed, 8 insertions(+)
>
> diff -puN arch/i386/kernel/kprobes.c~kprobes-ret-address-fix
arch/i386/kernel/kprobes.c
> --- linux-2.6.11-rc5/arch/i386/kernel/kprobes.c~kprobes-ret-address-fix
2005-03-14 21:27:34.000000000 +0530
> +++ linux-2.6.11-rc5-prasanna/arch/i386/kernel/kprobes.c
2005-03-14 21:48:39.000000000 +0530
> @@ -208,6 +208,14 @@ static void resume_execution(struct kpro
> *tos &= ~(TF_MASK | IF_MASK);
> *tos |= kprobe_old_eflags;
> break;
> + case 0xc3: /* ret/lret */
> + case 0xcb:
> + case 0xc2:
> + case 0xca:
> + regs->eflags &= ~TF_MASK;
> + /* eip is already adjusted, no more changes
required*/
> + return;
> + break;
> case 0xe8: /* call relative - Fix return
addr */
> *tos = orig_eip + (*tos - copy_eip);
> break;
>
> _