* confused about kprobes
@ 2023-08-06 11:18 Nam Cao
2023-08-06 12:31 ` Masami Hiramatsu
0 siblings, 1 reply; 3+ messages in thread
From: Nam Cao @ 2023-08-06 11:18 UTC (permalink / raw)
To: Naveen N. Rao, Anil S Keshavamurthy, David S. Miller,
Masami Hiramatsu
Cc: linux-kernel, linux-trace-kernel
Hello,
I am struggling to understand how kprobes works. It would be very nice if someone
can spare the time to explain to me. I'm confused about this function in particular:
/*
* Return an optimized kprobe whose optimizing code replaces
* instructions including 'addr' (exclude breakpoint).
*/
static struct kprobe *get_optimized_kprobe(kprobe_opcode_t *addr)
{
int i;
struct kprobe *p = NULL;
struct optimized_kprobe *op;
/* Don't check i == 0, since that is a breakpoint case. */
for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH / sizeof(kprobe_opcode_t); i++)
p = get_kprobe(addr - i);
if (p && kprobe_optready(p)) {
op = container_of(p, struct optimized_kprobe, kp);
if (arch_within_optimized_kprobe(op, addr))
return p;
}
return NULL;
}
The document mentions something about optimizing by replacing trap instructions
with jump instructions, so I am assuming this function is part of that. But I
fail to see what this function is trying to do exactly. The for loop seems to
call get_kprobe at addresses immediately before "addr". But what for? What are
at addresses before "addr"?
Can someone be so kind to give me a line-by-line explanation of this function?
Thanks!
Nam
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: confused about kprobes 2023-08-06 11:18 confused about kprobes Nam Cao @ 2023-08-06 12:31 ` Masami Hiramatsu 2023-08-06 14:28 ` Nam Cao 0 siblings, 1 reply; 3+ messages in thread From: Masami Hiramatsu @ 2023-08-06 12:31 UTC (permalink / raw) To: Nam Cao Cc: Naveen N. Rao, Anil S Keshavamurthy, David S. Miller, linux-kernel, linux-trace-kernel Hi Nam, On Sun, 6 Aug 2023 13:18:28 +0200 Nam Cao <namcaov@gmail.com> wrote: > Hello, > > I am struggling to understand how kprobes works. It would be very nice if someone > can spare the time to explain to me. I'm confused about this function in particular: > > /* > * Return an optimized kprobe whose optimizing code replaces > * instructions including 'addr' (exclude breakpoint). > */ > static struct kprobe *get_optimized_kprobe(kprobe_opcode_t *addr) > { > int i; > struct kprobe *p = NULL; > struct optimized_kprobe *op; > > /* Don't check i == 0, since that is a breakpoint case. */ > for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH / sizeof(kprobe_opcode_t); i++) > p = get_kprobe(addr - i); > > if (p && kprobe_optready(p)) { > op = container_of(p, struct optimized_kprobe, kp); > if (arch_within_optimized_kprobe(op, addr)) > return p; > } > > return NULL; > } > > The document mentions something about optimizing by replacing trap instructions > with jump instructions, so I am assuming this function is part of that. Yes, you're right. > But I > fail to see what this function is trying to do exactly. The for loop seems to > call get_kprobe at addresses immediately before "addr". But what for? What are > at addresses before "addr"? This is for finding a jump optimized kprobe which will modify the instruction pointed by 'addr'. As you may know, on x86, the software-breakpoint instruction is 1 byte, but the jump will be 5 bytes. In that case, if we put something at instruction including 'addr', it will be ignored or it will break the jump instruction. So it is used for finding such optimized kprobe. For the kprobe, the jump optimization is optional and hidden from the user. We should prioritize adding kprobes at specified locations over optimization. Thus if we find such optimized kprobe, it must be unoptimized. > > Can someone be so kind to give me a line-by-line explanation of this function? > /* Don't check i == 0, since that is a breakpoint case. */ > for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH / sizeof(kprobe_opcode_t); i++) > p = get_kprobe(addr - i); This tries to find any kprobe before the given addr whcih is possible to be optimized. > > if (p && kprobe_optready(p)) { If there is a kprobe and that is ready for optimizing (including optimized) > op = container_of(p, struct optimized_kprobe, kp); convert the kprobe to optimized-kprobe and, > if (arch_within_optimized_kprobe(op, addr)) check whether the optimized kprobe jump modification area is including 'addr'. > return p; If so, return the found kprobe. > } Thank you, > > Thanks! > > Nam -- Masami Hiramatsu (Google) <mhiramat@kernel.org> ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: confused about kprobes 2023-08-06 12:31 ` Masami Hiramatsu @ 2023-08-06 14:28 ` Nam Cao 0 siblings, 0 replies; 3+ messages in thread From: Nam Cao @ 2023-08-06 14:28 UTC (permalink / raw) To: Masami Hiramatsu Cc: Naveen N. Rao, Anil S Keshavamurthy, David S. Miller, linux-kernel, linux-trace-kernel On Sun, Aug 06, 2023 at 09:31:50PM +0900, Masami Hiramatsu wrote: > Hi Nam, > > On Sun, 6 Aug 2023 13:18:28 +0200 > Nam Cao <namcaov@gmail.com> wrote: > > > Hello, > > > > I am struggling to understand how kprobes works. It would be very nice if someone > > can spare the time to explain to me. I'm confused about this function in particular: > > > > /* > > * Return an optimized kprobe whose optimizing code replaces > > * instructions including 'addr' (exclude breakpoint). > > */ > > static struct kprobe *get_optimized_kprobe(kprobe_opcode_t *addr) > > { > > int i; > > struct kprobe *p = NULL; > > struct optimized_kprobe *op; > > > > /* Don't check i == 0, since that is a breakpoint case. */ > > for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH / sizeof(kprobe_opcode_t); i++) > > p = get_kprobe(addr - i); > > > > if (p && kprobe_optready(p)) { > > op = container_of(p, struct optimized_kprobe, kp); > > if (arch_within_optimized_kprobe(op, addr)) > > return p; > > } > > > > return NULL; > > } > > > > The document mentions something about optimizing by replacing trap instructions > > with jump instructions, so I am assuming this function is part of that. > > Yes, you're right. > > > But I > > fail to see what this function is trying to do exactly. The for loop seems to > > call get_kprobe at addresses immediately before "addr". But what for? What are > > at addresses before "addr"? > > This is for finding a jump optimized kprobe which will modify the instruction > pointed by 'addr'. As you may know, on x86, the software-breakpoint > instruction is 1 byte, but the jump will be 5 bytes. In that case, if we put > something at instruction including 'addr', it will be ignored or it will break > the jump instruction. So it is used for finding such optimized kprobe. > > For the kprobe, the jump optimization is optional and hidden from the user. We > should prioritize adding kprobes at specified locations over optimization. > Thus if we find such optimized kprobe, it must be unoptimized. Thank you so much for the detailed answer, it is clear now. Best regards, Nam ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-08-06 14:28 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-08-06 11:18 confused about kprobes Nam Cao 2023-08-06 12:31 ` Masami Hiramatsu 2023-08-06 14:28 ` Nam Cao
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox