1 files changed, 190 insertions, 13 deletions
diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt
index 053037a1fe6d..6653017680dd 100644
--- a/Documentation/kprobes.txt
+++ b/Documentation/kprobes.txt
@@ -1,6 +1,7 @@
 Title   : Kernel Probes (Kprobes)
 Authors : Jim Keniston <jkenisto@us.ibm.com>
-        : Prasanna S Panchamukhi <prasanna@in.ibm.com>
+        : Prasanna S Panchamukhi <prasanna.panchamukhi@gmail.com>
+        : Masami Hiramatsu <mhiramat@redhat.com>
 CONTENTS
@@ -15,6 +16,7 @@ CONTENTS
 9. Jprobes Example
 10. Kretprobes Example
 Appendix A: The kprobes debugfs interface
+Appendix B: The kprobes sysctl interface
 1. Concepts: Kprobes, Jprobes, Return Probes
@@ -42,13 +44,13 @@ registration/unregistration of a group of *probes. These functions
 can speed up unregistration process when you have to unregister
 a lot of probes at once.
-The next three subsections explain how the different types of
+The next four subsections explain how the different types of
-probes work.  They explain certain things that you'll need to
+probes work and how jump optimization works.  They explain certain
-know in order to make the best use of Kprobes -- e.g., the
+things that you'll need to know in order to make the best use of
-difference between a pre_handler and a post_handler, and how
+Kprobes -- e.g., the difference between a pre_handler and
-to use the maxactive and nmissed fields of a kretprobe.  But
+a post_handler, and how to use the maxactive and nmissed fields of
-if you're in a hurry to start using Kprobes, you can skip ahead
+a kretprobe.  But if you're in a hurry to start using Kprobes, you
-to section 2.
+can skip ahead to section 2.
 1.1 How Does a Kprobe Work?
@@ -161,13 +163,123 @@ In case probed function is entered but there is no kretprobe_instance
 object available, then in addition to incrementing the nmissed count,
 the user entry_handler invocation is also skipped.
+1.4 How Does Jump Optimization Work?
+If your kernel is built with CONFIG_OPTPROBES=y (currently this flag
+is automatically set 'y' on x86/x86-64, non-preemptive kernel) and
+the "debug.kprobes_optimization" kernel parameter is set to 1 (see
+sysctl(8)), Kprobes tries to reduce probe-hit overhead by using a jump
+instruction instead of a breakpoint instruction at each probepoint.
+1.4.1 Init a Kprobe
+When a probe is registered, before attempting this optimization,
+Kprobes inserts an ordinary, breakpoint-based kprobe at the specified
+address. So, even if it's not possible to optimize this particular
+probepoint, there'll be a probe there.
+1.4.2 Safety Check
+Before optimizing a probe, Kprobes performs the following safety checks:
+- Kprobes verifies that the region that will be replaced by the jump
+instruction (the "optimized region") lies entirely within one function.
+(A jump instruction is multiple bytes, and so may overlay multiple
+instructions.)
+- Kprobes analyzes the entire function and verifies that there is no
+jump into the optimized region.  Specifically:
+  - the function contains no indirect jump;
+  - the function contains no instruction that causes an exception (since
+  the fixup code triggered by the exception could jump back into the
+  optimized region -- Kprobes checks the exception tables to verify this);
+  and
+  - there is no near jump to the optimized region (other than to the first
+  byte).
+- For each instruction in the optimized region, Kprobes verifies that
+the instruction can be executed out of line.
+1.4.3 Preparing Detour Buffer
+Next, Kprobes prepares a "detour" buffer, which contains the following
+instruction sequence:
+- code to push the CPU's registers (emulating a breakpoint trap)
+- a call to the trampoline code which calls user's probe handlers.
+- code to restore registers
+- the instructions from the optimized region
+- a jump back to the original execution path.
+1.4.4 Pre-optimization
+After preparing the detour buffer, Kprobes verifies that none of the
+following situations exist:
+- The probe has either a break_handler (i.e., it's a jprobe) or a
+post_handler.
+- Other instructions in the optimized region are probed.
+- The probe is disabled.
+In any of the above cases, Kprobes won't start optimizing the probe.
+Since these are temporary situations, Kprobes tries to start
+optimizing it again if the situation is changed.
+If the kprobe can be optimized, Kprobes enqueues the kprobe to an
+optimizing list, and kicks the kprobe-optimizer workqueue to optimize
+it.  If the to-be-optimized probepoint is hit before being optimized,
+Kprobes returns control to the original instruction path by setting
+the CPU's instruction pointer to the copied code in the detour buffer
+-- thus at least avoiding the single-step.
+1.4.5 Optimization
+The Kprobe-optimizer doesn't insert the jump instruction immediately;
+rather, it calls synchronize_sched() for safety first, because it's
+possible for a CPU to be interrupted in the middle of executing the
+optimized region(*).  As you know, synchronize_sched() can ensure
+that all interruptions that were active when synchronize_sched()
+was called are done, but only if CONFIG_PREEMPT=n.  So, this version
+of kprobe optimization supports only kernels with CONFIG_PREEMPT=n.(**)
+After that, the Kprobe-optimizer calls stop_machine() to replace
+the optimized region with a jump instruction to the detour buffer,
+using text_poke_smp().
+1.4.6 Unoptimization
+When an optimized kprobe is unregistered, disabled, or blocked by
+another kprobe, it will be unoptimized.  If this happens before
+the optimization is complete, the kprobe is just dequeued from the
+optimized list.  If the optimization has been done, the jump is
+replaced with the original code (except for an int3 breakpoint in
+the first byte) by using text_poke_smp().
+(*)Please imagine that the 2nd instruction is interrupted and then
+the optimizer replaces the 2nd instruction with the jump *address*
+while the interrupt handler is running. When the interrupt
+returns to original address, there is no valid instruction,
+and it causes an unexpected result.
+(**)This optimization-safety checking may be replaced with the
+stop-machine method that ksplice uses for supporting a CONFIG_PREEMPT=y
+kernel.
+NOTE for geeks:
+The jump optimization changes the kprobe's pre_handler behavior.
+Without optimization, the pre_handler can change the kernel's execution
+path by changing regs->ip and returning 1.  However, when the probe
+is optimized, that modification is ignored.  Thus, if you want to
+tweak the kernel's execution path, you need to suppress optimization,
+using one of the following techniques:
+- Specify an empty function for the kprobe's post_handler or break_handler.
+ or
+- Execute 'sysctl -w debug.kprobes_optimization=n'
 2. Architectures Supported
 Kprobes, jprobes, and return probes are implemented on the following
 architectures:
- i386
+- i386 (Supports jump optimization)
- x86_64 (AMD-64, EM64T)
+- x86_64 (AMD-64, EM64T) (Supports jump optimization)
 - ppc64
 - ia64 (Does not support probes on instruction slot1.)
 - sparc64 (Return probes not yet implemented.)
@@ -214,7 +326,7 @@ occurs during execution of kp->pre_handler or kp->post_handler,
 or during single-stepping of the probed instruction, Kprobes calls
 kp->fault_handler.  Any or all handlers can be NULL. If kp->flags
 is set KPROBE_FLAG_DISABLED, that kp will be registered but disabled,
-so, it's handlers aren't hit until calling enable_kprobe(kp).
+so, its handlers aren't hit until calling enable_kprobe(kp).
 NOTE:
 1. With the introduction of the "symbol_name" field to struct kprobe,
@@ -389,7 +501,10 @@ the probe which has been registered.
 Kprobes allows multiple probes at the same address.  Currently,
 however, there cannot be multiple jprobes on the same function at
-the same time.
+the same time.  Also, a probepoint for which there is a jprobe or
+a post_handler cannot be optimized.  So if you install a jprobe,
+or a kprobe with a post_handler, at an optimized probepoint, the
+probepoint will be unoptimized automatically.
 In general, you can install a probe anywhere in the kernel.
 In particular, you can probe interrupt handlers.  Known exceptions
@@ -453,6 +568,38 @@ reason, Kprobes doesn't support return probes (or kprobes or jprobes)
 on the x86_64 version of __switch_to(); the registration functions
 return -EINVAL.
+On x86/x86-64, since the Jump Optimization of Kprobes modifies
+instructions widely, there are some limitations to optimization. To
+explain it, we introduce some terminology. Imagine a 3-instruction
+sequence consisting of a two 2-byte instructions and one 3-byte
+instruction.
+        IA
+         |
+[-2][-1][0][1][2][3][4][5][6][7]
+        [ins1][ins2][  ins3 ]
+        [<-     DCR       ->]
+           [<- JTPR ->]
+ins1: 1st Instruction
+ins2: 2nd Instruction
+ins3: 3rd Instruction
+IA:  Insertion Address
+JTPR: Jump Target Prohibition Region
+DCR: Detoured Code Region
+The instructions in DCR are copied to the out-of-line buffer
+of the kprobe, because the bytes in DCR are replaced by
+a 5-byte jump instruction. So there are several limitations.
+a) The instructions in DCR must be relocatable.
+b) The instructions in DCR must not include a call instruction.
+c) JTPR must not be targeted by any jump or call instruction.
+d) DCR must not straddle the border betweeen functions.
+Anyway, these limitations are checked by the in-kernel instruction
+decoder, so you don't need to worry about that.
 6. Probe Overhead
 On a typical CPU in use in 2005, a kprobe hit takes 0.5 to 1.0
@@ -476,6 +623,19 @@ k = 0.49 usec; j = 0.76; r = 0.80; kr = 0.82; jr = 1.07
 ppc64: POWER5 (gr), 1656 MHz (SMT disabled, 1 virtual CPU per physical CPU)
 k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99
+6.1 Optimized Probe Overhead
+Typically, an optimized kprobe hit takes 0.07 to 0.1 microseconds to
+process. Here are sample overhead figures (in usec) for x86 architectures.
+k = unoptimized kprobe, b = boosted (single-step skipped), o = optimized kprobe,
+r = unoptimized kretprobe, rb = boosted kretprobe, ro = optimized kretprobe.
+i386: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips
+k = 0.80 usec; b = 0.33; o = 0.05; r = 1.10; rb = 0.61; ro = 0.33
+x86-64: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips
+k = 0.99 usec; b = 0.43; o = 0.06; r = 1.24; rb = 0.68; ro = 0.30
 7. TODO
 a. SystemTap (http://sourceware.org/systemtap): Provides a simplified
@@ -523,7 +683,8 @@ is also specified. Following columns show probe status. If the probe is on
 a virtual address that is no longer valid (module init sections, module
 virtual addresses that correspond to modules that've been unloaded),
 such probes are marked with [GONE]. If the probe is temporarily disabled,
-such probes are marked with [DISABLED].
+such probes are marked with [DISABLED]. If the probe is optimized, it is
+marked with [OPTIMIZED].
 /sys/kernel/debug/kprobes/enabled: Turn kprobes ON/OFF forcibly.
@@ -533,3 +694,19 @@ registered probes will be disarmed, till such time a "1" is echoed to this
 file. Note that this knob just disarms and arms all kprobes and doesn't
 change each probe's disabling state. This means that disabled kprobes (marked
 [DISABLED]) will be not enabled if you turn ON all kprobes by this knob.
+Appendix B: The kprobes sysctl interface
+/proc/sys/debug/kprobes-optimization: Turn kprobes optimization ON/OFF.
+When CONFIG_OPTPROBES=y, this sysctl interface appears and it provides
+a knob to globally and forcibly turn jump optimization (see section
+1.4) ON or OFF. By default, jump optimization is allowed (ON).
+If you echo "0" to this file or set "debug.kprobes_optimization" to
+0 via sysctl, all optimized probes will be unoptimized, and any new
+probes registered after that will not be optimized.  Note that this
+knob *changes* the optimized state. This means that optimized probes
+(marked [OPTIMIZED]) will be unoptimized ([OPTIMIZED] tag will be
+removed). If the knob is turned on, they will be optimized again.

diff --git a/Documentation/kprobes.txt b/Documentation/kprobes.txt index 053037a1fe6d..6653017680dd 100644 --- a/Documentation/kprobes.txt +++ b/Documentation/kprobes.txt
@@ -1,6 +1,7 @@
1	Title : Kernel Probes (Kprobes)	1	Title : Kernel Probes (Kprobes)
2	Authors : Jim Keniston <jkenisto@us.ibm.com>	2	Authors : Jim Keniston <jkenisto@us.ibm.com>
3	: Prasanna S Panchamukhi <prasanna@in.ibm.com>	3	: Prasanna S Panchamukhi <prasanna.panchamukhi@gmail.com>
		4	: Masami Hiramatsu <mhiramat@redhat.com>
4		5
5	CONTENTS	6	CONTENTS
6		7
@@ -15,6 +16,7 @@ CONTENTS
15	9. Jprobes Example	16	9. Jprobes Example
16	10. Kretprobes Example	17	10. Kretprobes Example
17	Appendix A: The kprobes debugfs interface	18	Appendix A: The kprobes debugfs interface
		19	Appendix B: The kprobes sysctl interface
18		20
19	1. Concepts: Kprobes, Jprobes, Return Probes	21	1. Concepts: Kprobes, Jprobes, Return Probes
20		22
@@ -42,13 +44,13 @@ registration/unregistration of a group of *probes. These functions
42	can speed up unregistration process when you have to unregister	44	can speed up unregistration process when you have to unregister
43	a lot of probes at once.	45	a lot of probes at once.
44		46
45	The next three subsections explain how the different types of	47	The next four subsections explain how the different types of
46	probes work. They explain certain things that you'll need to	48	probes work and how jump optimization works. They explain certain
47	know in order to make the best use of Kprobes -- e.g., the	49	things that you'll need to know in order to make the best use of
48	difference between a pre_handler and a post_handler, and how	50	Kprobes -- e.g., the difference between a pre_handler and
49	to use the maxactive and nmissed fields of a kretprobe. But	51	a post_handler, and how to use the maxactive and nmissed fields of
50	if you're in a hurry to start using Kprobes, you can skip ahead	52	a kretprobe. But if you're in a hurry to start using Kprobes, you
51	to section 2.	53	can skip ahead to section 2.
52		54
53	1.1 How Does a Kprobe Work?	55	1.1 How Does a Kprobe Work?
54		56
@@ -161,13 +163,123 @@ In case probed function is entered but there is no kretprobe_instance
161	object available, then in addition to incrementing the nmissed count,	163	object available, then in addition to incrementing the nmissed count,
162	the user entry_handler invocation is also skipped.	164	the user entry_handler invocation is also skipped.
163		165
		166	1.4 How Does Jump Optimization Work?
		167
		168	If your kernel is built with CONFIG_OPTPROBES=y (currently this flag
		169	is automatically set 'y' on x86/x86-64, non-preemptive kernel) and
		170	the "debug.kprobes_optimization" kernel parameter is set to 1 (see
		171	sysctl(8)), Kprobes tries to reduce probe-hit overhead by using a jump
		172	instruction instead of a breakpoint instruction at each probepoint.
		173
		174	1.4.1 Init a Kprobe
		175
		176	When a probe is registered, before attempting this optimization,
		177	Kprobes inserts an ordinary, breakpoint-based kprobe at the specified
		178	address. So, even if it's not possible to optimize this particular
		179	probepoint, there'll be a probe there.
		180
		181	1.4.2 Safety Check
		182
		183	Before optimizing a probe, Kprobes performs the following safety checks:
		184
		185	- Kprobes verifies that the region that will be replaced by the jump
		186	instruction (the "optimized region") lies entirely within one function.
		187	(A jump instruction is multiple bytes, and so may overlay multiple
		188	instructions.)
		189
		190	- Kprobes analyzes the entire function and verifies that there is no
		191	jump into the optimized region. Specifically:
		192	- the function contains no indirect jump;
		193	- the function contains no instruction that causes an exception (since
		194	the fixup code triggered by the exception could jump back into the
		195	optimized region -- Kprobes checks the exception tables to verify this);
		196	and
		197	- there is no near jump to the optimized region (other than to the first
		198	byte).
		199
		200	- For each instruction in the optimized region, Kprobes verifies that
		201	the instruction can be executed out of line.
		202
		203	1.4.3 Preparing Detour Buffer
		204
		205	Next, Kprobes prepares a "detour" buffer, which contains the following
		206	instruction sequence:
		207	- code to push the CPU's registers (emulating a breakpoint trap)
		208	- a call to the trampoline code which calls user's probe handlers.
		209	- code to restore registers
		210	- the instructions from the optimized region
		211	- a jump back to the original execution path.
		212
		213	1.4.4 Pre-optimization
		214
		215	After preparing the detour buffer, Kprobes verifies that none of the
		216	following situations exist:
		217	- The probe has either a break_handler (i.e., it's a jprobe) or a
		218	post_handler.
		219	- Other instructions in the optimized region are probed.
		220	- The probe is disabled.
		221	In any of the above cases, Kprobes won't start optimizing the probe.
		222	Since these are temporary situations, Kprobes tries to start
		223	optimizing it again if the situation is changed.
		224
		225	If the kprobe can be optimized, Kprobes enqueues the kprobe to an
		226	optimizing list, and kicks the kprobe-optimizer workqueue to optimize
		227	it. If the to-be-optimized probepoint is hit before being optimized,
		228	Kprobes returns control to the original instruction path by setting
		229	the CPU's instruction pointer to the copied code in the detour buffer
		230	-- thus at least avoiding the single-step.
		231
		232	1.4.5 Optimization
		233
		234	The Kprobe-optimizer doesn't insert the jump instruction immediately;
		235	rather, it calls synchronize_sched() for safety first, because it's
		236	possible for a CPU to be interrupted in the middle of executing the
		237	optimized region(*). As you know, synchronize_sched() can ensure
		238	that all interruptions that were active when synchronize_sched()
		239	was called are done, but only if CONFIG_PREEMPT=n. So, this version
		240	of kprobe optimization supports only kernels with CONFIG_PREEMPT=n.(**)
		241
		242	After that, the Kprobe-optimizer calls stop_machine() to replace
		243	the optimized region with a jump instruction to the detour buffer,
		244	using text_poke_smp().
		245
		246	1.4.6 Unoptimization
		247
		248	When an optimized kprobe is unregistered, disabled, or blocked by
		249	another kprobe, it will be unoptimized. If this happens before
		250	the optimization is complete, the kprobe is just dequeued from the
		251	optimized list. If the optimization has been done, the jump is
		252	replaced with the original code (except for an int3 breakpoint in
		253	the first byte) by using text_poke_smp().
		254
		255	(*)Please imagine that the 2nd instruction is interrupted and then
		256	the optimizer replaces the 2nd instruction with the jump address
		257	while the interrupt handler is running. When the interrupt
		258	returns to original address, there is no valid instruction,
		259	and it causes an unexpected result.
		260
		261	(**)This optimization-safety checking may be replaced with the
		262	stop-machine method that ksplice uses for supporting a CONFIG_PREEMPT=y
		263	kernel.
		264
		265	NOTE for geeks:
		266	The jump optimization changes the kprobe's pre_handler behavior.
		267	Without optimization, the pre_handler can change the kernel's execution
		268	path by changing regs->ip and returning 1. However, when the probe
		269	is optimized, that modification is ignored. Thus, if you want to
		270	tweak the kernel's execution path, you need to suppress optimization,
		271	using one of the following techniques:
		272	- Specify an empty function for the kprobe's post_handler or break_handler.
		273	or
		274	- Execute 'sysctl -w debug.kprobes_optimization=n'
		275
164	2. Architectures Supported	276	2. Architectures Supported
165		277
166	Kprobes, jprobes, and return probes are implemented on the following	278	Kprobes, jprobes, and return probes are implemented on the following
167	architectures:	279	architectures:
168		280
169	- i386	281	- i386 (Supports jump optimization)
170	- x86_64 (AMD-64, EM64T)	282	- x86_64 (AMD-64, EM64T) (Supports jump optimization)
171	- ppc64	283	- ppc64
172	- ia64 (Does not support probes on instruction slot1.)	284	- ia64 (Does not support probes on instruction slot1.)
173	- sparc64 (Return probes not yet implemented.)	285	- sparc64 (Return probes not yet implemented.)
@@ -214,7 +326,7 @@ occurs during execution of kp->pre_handler or kp->post_handler,
214	or during single-stepping of the probed instruction, Kprobes calls	326	or during single-stepping of the probed instruction, Kprobes calls
215	kp->fault_handler. Any or all handlers can be NULL. If kp->flags	327	kp->fault_handler. Any or all handlers can be NULL. If kp->flags
216	is set KPROBE_FLAG_DISABLED, that kp will be registered but disabled,	328	is set KPROBE_FLAG_DISABLED, that kp will be registered but disabled,
217	so, it's handlers aren't hit until calling enable_kprobe(kp).	329	so, its handlers aren't hit until calling enable_kprobe(kp).
218		330
219	NOTE:	331	NOTE:
220	1. With the introduction of the "symbol_name" field to struct kprobe,	332	1. With the introduction of the "symbol_name" field to struct kprobe,
@@ -389,7 +501,10 @@ the probe which has been registered.
389		501
390	Kprobes allows multiple probes at the same address. Currently,	502	Kprobes allows multiple probes at the same address. Currently,
391	however, there cannot be multiple jprobes on the same function at	503	however, there cannot be multiple jprobes on the same function at
392	the same time.	504	the same time. Also, a probepoint for which there is a jprobe or
		505	a post_handler cannot be optimized. So if you install a jprobe,
		506	or a kprobe with a post_handler, at an optimized probepoint, the
		507	probepoint will be unoptimized automatically.
393		508
394	In general, you can install a probe anywhere in the kernel.	509	In general, you can install a probe anywhere in the kernel.
395	In particular, you can probe interrupt handlers. Known exceptions	510	In particular, you can probe interrupt handlers. Known exceptions
@@ -453,6 +568,38 @@ reason, Kprobes doesn't support return probes (or kprobes or jprobes)
453	on the x86_64 version of __switch_to(); the registration functions	568	on the x86_64 version of __switch_to(); the registration functions
454	return -EINVAL.	569	return -EINVAL.
455		570
		571	On x86/x86-64, since the Jump Optimization of Kprobes modifies
		572	instructions widely, there are some limitations to optimization. To
		573	explain it, we introduce some terminology. Imagine a 3-instruction
		574	sequence consisting of a two 2-byte instructions and one 3-byte
		575	instruction.
		576
		577	IA
		578	\|
		579	[-2][-1][0][1][2][3][4][5][6][7]
		580	[ins1][ins2][ ins3 ]
		581	[<- DCR ->]
		582	[<- JTPR ->]
		583
		584	ins1: 1st Instruction
		585	ins2: 2nd Instruction
		586	ins3: 3rd Instruction
		587	IA: Insertion Address
		588	JTPR: Jump Target Prohibition Region
		589	DCR: Detoured Code Region
		590
		591	The instructions in DCR are copied to the out-of-line buffer
		592	of the kprobe, because the bytes in DCR are replaced by
		593	a 5-byte jump instruction. So there are several limitations.
		594
		595	a) The instructions in DCR must be relocatable.
		596	b) The instructions in DCR must not include a call instruction.
		597	c) JTPR must not be targeted by any jump or call instruction.
		598	d) DCR must not straddle the border betweeen functions.
		599
		600	Anyway, these limitations are checked by the in-kernel instruction
		601	decoder, so you don't need to worry about that.
		602
456	6. Probe Overhead	603	6. Probe Overhead
457		604
458	On a typical CPU in use in 2005, a kprobe hit takes 0.5 to 1.0	605	On a typical CPU in use in 2005, a kprobe hit takes 0.5 to 1.0
@@ -476,6 +623,19 @@ k = 0.49 usec; j = 0.76; r = 0.80; kr = 0.82; jr = 1.07
476	ppc64: POWER5 (gr), 1656 MHz (SMT disabled, 1 virtual CPU per physical CPU)	623	ppc64: POWER5 (gr), 1656 MHz (SMT disabled, 1 virtual CPU per physical CPU)
477	k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99	624	k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99
478		625
		626	6.1 Optimized Probe Overhead
		627
		628	Typically, an optimized kprobe hit takes 0.07 to 0.1 microseconds to
		629	process. Here are sample overhead figures (in usec) for x86 architectures.
		630	k = unoptimized kprobe, b = boosted (single-step skipped), o = optimized kprobe,
		631	r = unoptimized kretprobe, rb = boosted kretprobe, ro = optimized kretprobe.
		632
		633	i386: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips
		634	k = 0.80 usec; b = 0.33; o = 0.05; r = 1.10; rb = 0.61; ro = 0.33
		635
		636	x86-64: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips
		637	k = 0.99 usec; b = 0.43; o = 0.06; r = 1.24; rb = 0.68; ro = 0.30
		638
479	7. TODO	639	7. TODO
480		640
481	a. SystemTap (http://sourceware.org/systemtap): Provides a simplified	641	a. SystemTap (http://sourceware.org/systemtap): Provides a simplified
@@ -523,7 +683,8 @@ is also specified. Following columns show probe status. If the probe is on
523	a virtual address that is no longer valid (module init sections, module	683	a virtual address that is no longer valid (module init sections, module
524	virtual addresses that correspond to modules that've been unloaded),	684	virtual addresses that correspond to modules that've been unloaded),
525	such probes are marked with [GONE]. If the probe is temporarily disabled,	685	such probes are marked with [GONE]. If the probe is temporarily disabled,
526	such probes are marked with [DISABLED].	686	such probes are marked with [DISABLED]. If the probe is optimized, it is
		687	marked with [OPTIMIZED].
527		688
528	/sys/kernel/debug/kprobes/enabled: Turn kprobes ON/OFF forcibly.	689	/sys/kernel/debug/kprobes/enabled: Turn kprobes ON/OFF forcibly.
529		690
@@ -533,3 +694,19 @@ registered probes will be disarmed, till such time a "1" is echoed to this
533	file. Note that this knob just disarms and arms all kprobes and doesn't	694	file. Note that this knob just disarms and arms all kprobes and doesn't
534	change each probe's disabling state. This means that disabled kprobes (marked	695	change each probe's disabling state. This means that disabled kprobes (marked
535	[DISABLED]) will be not enabled if you turn ON all kprobes by this knob.	696	[DISABLED]) will be not enabled if you turn ON all kprobes by this knob.
		697
		698
		699	Appendix B: The kprobes sysctl interface
		700
		701	/proc/sys/debug/kprobes-optimization: Turn kprobes optimization ON/OFF.
		702
		703	When CONFIG_OPTPROBES=y, this sysctl interface appears and it provides
		704	a knob to globally and forcibly turn jump optimization (see section
		705	1.4) ON or OFF. By default, jump optimization is allowed (ON).
		706	If you echo "0" to this file or set "debug.kprobes_optimization" to
		707	0 via sysctl, all optimized probes will be unoptimized, and any new
		708	probes registered after that will not be optimized. Note that this
		709	knob changes the optimized state. This means that optimized probes
		710	(marked [OPTIMIZED]) will be unoptimized ([OPTIMIZED] tag will be
		711	removed). If the knob is turned on, they will be optimized again.
		712