The translator should not allow probes within "__exit" functions that are linked into vmlinux. See this thread: http://sources.redhat.com/ml/systemtap/2006-q2/msg00000.html
Functions with the "__kprobes" decorator should also not be allowed, whether in vmlinux or in a module.
Sometime probe in function with __init prefix should be disabled in kprobe kernel part. And there should be different return value when failing in register_kprobe, sometimes systemtap can continue to register other probepoints by return value from register_kprobe even if it fails to register current kprobe.
Added patch to block __exit probes in tapsets.cxx r1.125 I don't know how to detect __kprobes sections at compile time, so I will open another bug on this aspect.
Please confirm that ".exit." alone is sufficient, that "has_kernel" is not also required. Module-level .exit. functions should probably be probable.
(In reply to comment #4) > Please confirm that ".exit." alone is sufficient, that "has_kernel" is not also > required. Module-level .exit. functions should probably be probable. The phrase "should probably be probable" is quite confusing -- perhaps you mean "probeable"? ;) Care should be taken with has_kernel, as that only indicates that the probepoint is kernel.xxx. A probe on module("kernel").xxx is an equivalent alias. I tried a probe on a module __exit function, and while the probe was placed successfully, it was quite worthless. Kprobes increases the usage count of probed modules, so they are effectively pinned in place and cannot be rmmod'ed. I suppose that CONFIG_MODULE_FORCE_UNLOAD could be used to get around this, but this is dangerous and would probably break kprobes. Thus, I don't see any point to allowing probes on module __exit functions.