1 files changed, 42 insertions, 39 deletions
diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt
index 0ea5a0c6e827..2c3b1eae4280 100644
--- a/Documentation/kprobes.txt
+++ b/Documentation/kprobes.txt
@@ -136,17 +136,20 @@ Kprobes, jprobes, and return probes are implemented on the following
 architectures:
 - i386
- x86_64 (AMD-64, E64MT)
+- x86_64 (AMD-64, EM64T)
 - ppc64
- ia64 (Support for probes on certain instruction types is still in progress.)
+- ia64 (Does not support probes on instruction slot1.)
 - sparc64 (Return probes not yet implemented.)
 3. Configuring Kprobes
 When configuring the kernel using make menuconfig/xconfig/oldconfig,
-ensure that CONFIG_KPROBES is set to "y".  Under "Kernel hacking",
+ensure that CONFIG_KPROBES is set to "y".  Under "Instrumentation
-look for "Kprobes".  You may have to enable "Kernel debugging"
+Support", look for "Kprobes".
-(CONFIG_DEBUG_KERNEL) before you can enable Kprobes.
+So that you can load and unload Kprobes-based instrumentation modules,
+make sure "Loadable module support" (CONFIG_MODULES) and "Module
+unloading" (CONFIG_MODULE_UNLOAD) are set to "y".
 You may also want to ensure that CONFIG_KALLSYMS and perhaps even
 CONFIG_KALLSYMS_ALL are set to "y", since kallsyms_lookup_name()
@@ -262,18 +265,18 @@ at any time after the probe has been registered.
 5. Kprobes Features and Limitations
-As of Linux v2.6.12, Kprobes allows multiple probes at the same
+Kprobes allows multiple probes at the same address.  Currently,
-address.  Currently, however, there cannot be multiple jprobes on
+however, there cannot be multiple jprobes on the same function at
-the same function at the same time.
+the same time.
 In general, you can install a probe anywhere in the kernel.
 In particular, you can probe interrupt handlers.  Known exceptions
 are discussed in this section.
-For obvious reasons, it's a bad idea to install a probe in
+The register_*probe functions will return -EINVAL if you attempt
-the code that implements Kprobes (mostly kernel/kprobes.c and
+to install a probe in the code that implements Kprobes (mostly
-arch/*/kernel/kprobes.c).  A patch in the v2.6.13 timeframe instructs
+kernel/kprobes.c and arch/*/kernel/kprobes.c, but also functions such
-Kprobes to reject such requests.
+as do_page_fault and notifier_call_chain).
 If you install a probe in an inline-able function, Kprobes makes
 no attempt to chase down all inline instances of the function and
@@ -290,18 +293,14 @@ from the accidental ones.  Don't drink and probe.
 Kprobes makes no attempt to prevent probe handlers from stepping on
 each other -- e.g., probing printk() and then calling printk() from a
-probe handler.  As of Linux v2.6.12, if a probe handler hits a probe,
+probe handler.  If a probe handler hits a probe, that second probe's
-that second probe's handlers won't be run in that instance.
+handlers won't be run in that instance, and the kprobe.nmissed member
+of the second probe will be incremented.
-In Linux v2.6.12 and previous versions, Kprobes' data structures are
-protected by a single lock that is held during probe registration and
+As of Linux v2.6.15-rc1, multiple handlers (or multiple instances of
-unregistration and while handlers are run.  Thus, no two handlers
+the same handler) may run concurrently on different CPUs.
-can run simultaneously.  To improve scalability on SMP systems,
-this restriction will probably be removed soon, in which case
+Kprobes does not use mutexes or allocate memory except during
-multiple handlers (or multiple instances of the same handler) may
-run concurrently on different CPUs.  Code your handlers accordingly.
-Kprobes does not use semaphores or allocate memory except during
 registration and unregistration.
 Probe handlers are run with preemption disabled.  Depending on the
@@ -316,11 +315,18 @@ address instead of the real return address for kretprobed functions.
 (As far as we can tell, __builtin_return_address() is used only
 for instrumentation and error reporting.)
-If the number of times a function is called does not match the
+If the number of times a function is called does not match the number
-number of times it returns, registering a return probe on that
+of times it returns, registering a return probe on that function may
-function may produce undesirable results.  We have the do_exit()
+produce undesirable results.  We have the do_exit() case covered.
-and do_execve() cases covered.  do_fork() is not an issue.  We're
+do_execve() and do_fork() are not an issue.  We're unaware of other
-unaware of other specific cases where this could be a problem.
+specific cases where this could be a problem.
+If, upon entry to or exit from a function, the CPU is running on
+a stack other than that of the current task, registering a return
+probe on that function may produce undesirable results.  For this
+reason, Kprobes doesn't support return probes (or kprobes or jprobes)
+on the x86_64 version of __switch_to(); the registration functions
+return -EINVAL.
 6. Probe Overhead
@@ -347,14 +353,12 @@ k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99
 7. TODO
-a. SystemTap (http://sourceware.org/systemtap): Work in progress
+a. SystemTap (http://sourceware.org/systemtap): Provides a simplified
-to provide a simplified programming interface for probe-based
+programming interface for probe-based instrumentation.  Try it out.
-instrumentation.
+b. Kernel return probes for sparc64.
-b. Improved SMP scalability: Currently, work is in progress to handle
+c. Support for other architectures.
-multiple kprobes in parallel.
+d. User-space probes.
-c. Kernel return probes for sparc64.
+e. Watchpoint probes (which fire on data references).
-d. Support for other architectures.
-e. User-space probes.
 8. Kprobes Example
@@ -411,8 +415,7 @@ int init_module(void)
                printk("Couldn't find %s to plant kprobe\n", "do_fork");
                return -1;
        }
-        ret = register_kprobe(&kp);
+        if ((ret = register_kprobe(&kp) < 0)) {
-        if (ret < 0) {
                printk("register_kprobe failed, returned %d\n", ret);
                return -1;
        }

diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt index 0ea5a0c6e827..2c3b1eae4280 100644 --- a/Documentation/kprobes.txt +++ b/Documentation/kprobes.txt
@@ -136,17 +136,20 @@ Kprobes, jprobes, and return probes are implemented on the following
136	architectures:	136	architectures:
137		137
138	- i386	138	- i386
139	- x86_64 (AMD-64, E64MT)	139	- x86_64 (AMD-64, EM64T)
140	- ppc64	140	- ppc64
141	- ia64 (Support for probes on certain instruction types is still in progress.)	141	- ia64 (Does not support probes on instruction slot1.)
142	- sparc64 (Return probes not yet implemented.)	142	- sparc64 (Return probes not yet implemented.)
143		143
144	3. Configuring Kprobes	144	3. Configuring Kprobes
145		145
146	When configuring the kernel using make menuconfig/xconfig/oldconfig,	146	When configuring the kernel using make menuconfig/xconfig/oldconfig,
147	ensure that CONFIG_KPROBES is set to "y". Under "Kernel hacking",	147	ensure that CONFIG_KPROBES is set to "y". Under "Instrumentation
148	look for "Kprobes". You may have to enable "Kernel debugging"	148	Support", look for "Kprobes".
149	(CONFIG_DEBUG_KERNEL) before you can enable Kprobes.	149
		150	So that you can load and unload Kprobes-based instrumentation modules,
		151	make sure "Loadable module support" (CONFIG_MODULES) and "Module
		152	unloading" (CONFIG_MODULE_UNLOAD) are set to "y".
150		153
151	You may also want to ensure that CONFIG_KALLSYMS and perhaps even	154	You may also want to ensure that CONFIG_KALLSYMS and perhaps even
152	CONFIG_KALLSYMS_ALL are set to "y", since kallsyms_lookup_name()	155	CONFIG_KALLSYMS_ALL are set to "y", since kallsyms_lookup_name()
@@ -262,18 +265,18 @@ at any time after the probe has been registered.
262		265
263	5. Kprobes Features and Limitations	266	5. Kprobes Features and Limitations
264		267
265	As of Linux v2.6.12, Kprobes allows multiple probes at the same	268	Kprobes allows multiple probes at the same address. Currently,
266	address. Currently, however, there cannot be multiple jprobes on	269	however, there cannot be multiple jprobes on the same function at
267	the same function at the same time.	270	the same time.
268		271
269	In general, you can install a probe anywhere in the kernel.	272	In general, you can install a probe anywhere in the kernel.
270	In particular, you can probe interrupt handlers. Known exceptions	273	In particular, you can probe interrupt handlers. Known exceptions
271	are discussed in this section.	274	are discussed in this section.
272		275
273	For obvious reasons, it's a bad idea to install a probe in	276	The register_*probe functions will return -EINVAL if you attempt
274	the code that implements Kprobes (mostly kernel/kprobes.c and	277	to install a probe in the code that implements Kprobes (mostly
275	arch/*/kernel/kprobes.c). A patch in the v2.6.13 timeframe instructs	278	kernel/kprobes.c and arch/*/kernel/kprobes.c, but also functions such
276	Kprobes to reject such requests.	279	as do_page_fault and notifier_call_chain).
277		280
278	If you install a probe in an inline-able function, Kprobes makes	281	If you install a probe in an inline-able function, Kprobes makes
279	no attempt to chase down all inline instances of the function and	282	no attempt to chase down all inline instances of the function and
@@ -290,18 +293,14 @@ from the accidental ones. Don't drink and probe.
290		293
291	Kprobes makes no attempt to prevent probe handlers from stepping on	294	Kprobes makes no attempt to prevent probe handlers from stepping on
292	each other -- e.g., probing printk() and then calling printk() from a	295	each other -- e.g., probing printk() and then calling printk() from a
293	probe handler. As of Linux v2.6.12, if a probe handler hits a probe,	296	probe handler. If a probe handler hits a probe, that second probe's
294	that second probe's handlers won't be run in that instance.	297	handlers won't be run in that instance, and the kprobe.nmissed member
295		298	of the second probe will be incremented.
296	In Linux v2.6.12 and previous versions, Kprobes' data structures are	299
297	protected by a single lock that is held during probe registration and	300	As of Linux v2.6.15-rc1, multiple handlers (or multiple instances of
298	unregistration and while handlers are run. Thus, no two handlers	301	the same handler) may run concurrently on different CPUs.
299	can run simultaneously. To improve scalability on SMP systems,	302
300	this restriction will probably be removed soon, in which case	303	Kprobes does not use mutexes or allocate memory except during
301	multiple handlers (or multiple instances of the same handler) may
302	run concurrently on different CPUs. Code your handlers accordingly.
303
304	Kprobes does not use semaphores or allocate memory except during
305	registration and unregistration.	304	registration and unregistration.
306		305
307	Probe handlers are run with preemption disabled. Depending on the	306	Probe handlers are run with preemption disabled. Depending on the
@@ -316,11 +315,18 @@ address instead of the real return address for kretprobed functions.
316	(As far as we can tell, __builtin_return_address() is used only	315	(As far as we can tell, __builtin_return_address() is used only
317	for instrumentation and error reporting.)	316	for instrumentation and error reporting.)
318		317
319	If the number of times a function is called does not match the	318	If the number of times a function is called does not match the number
320	number of times it returns, registering a return probe on that	319	of times it returns, registering a return probe on that function may
321	function may produce undesirable results. We have the do_exit()	320	produce undesirable results. We have the do_exit() case covered.
322	and do_execve() cases covered. do_fork() is not an issue. We're	321	do_execve() and do_fork() are not an issue. We're unaware of other
323	unaware of other specific cases where this could be a problem.	322	specific cases where this could be a problem.
		323
		324	If, upon entry to or exit from a function, the CPU is running on
		325	a stack other than that of the current task, registering a return
		326	probe on that function may produce undesirable results. For this
		327	reason, Kprobes doesn't support return probes (or kprobes or jprobes)
		328	on the x86_64 version of __switch_to(); the registration functions
		329	return -EINVAL.
324		330
325	6. Probe Overhead	331	6. Probe Overhead
326		332
@@ -347,14 +353,12 @@ k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99
347		353
348	7. TODO	354	7. TODO
349		355
350	a. SystemTap (http://sourceware.org/systemtap): Work in progress	356	a. SystemTap (http://sourceware.org/systemtap): Provides a simplified
351	to provide a simplified programming interface for probe-based	357	programming interface for probe-based instrumentation. Try it out.
352	instrumentation.	358	b. Kernel return probes for sparc64.
353	b. Improved SMP scalability: Currently, work is in progress to handle	359	c. Support for other architectures.
354	multiple kprobes in parallel.	360	d. User-space probes.
355	c. Kernel return probes for sparc64.	361	e. Watchpoint probes (which fire on data references).
356	d. Support for other architectures.
357	e. User-space probes.
358		362
359	8. Kprobes Example	363	8. Kprobes Example
360		364
@@ -411,8 +415,7 @@ int init_module(void)
411	printk("Couldn't find %s to plant kprobe\n", "do_fork");	415	printk("Couldn't find %s to plant kprobe\n", "do_fork");
412	return -1;	416	return -1;
413	}	417	}
414	ret = register_kprobe(&kp);	418	if ((ret = register_kprobe(&kp) < 0)) {
415	if (ret < 0) {
416	printk("register_kprobe failed, returned %d\n", ret);	419	printk("register_kprobe failed, returned %d\n", ret);
417	return -1;	420	return -1;
418	}	421	}