From: Nam Cao <namcaov@gmail.com>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: "Naveen N. Rao" <naveen.n.rao@linux.ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>,
"David S. Miller" <davem@davemloft.net>,
linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: Re: confused about kprobes
Date: Sun, 6 Aug 2023 16:28:08 +0200 [thread overview]
Message-ID: <ZM+t+EVXIlNbKZ3u@nam-dell> (raw)
In-Reply-To: <20230806213150.5571b4a7f4a0531fcb00f689@kernel.org>
On Sun, Aug 06, 2023 at 09:31:50PM +0900, Masami Hiramatsu wrote:
> Hi Nam,
>
> On Sun, 6 Aug 2023 13:18:28 +0200
> Nam Cao <namcaov@gmail.com> wrote:
>
> > Hello,
> >
> > I am struggling to understand how kprobes works. It would be very nice if someone
> > can spare the time to explain to me. I'm confused about this function in particular:
> >
> > /*
> > * Return an optimized kprobe whose optimizing code replaces
> > * instructions including 'addr' (exclude breakpoint).
> > */
> > static struct kprobe *get_optimized_kprobe(kprobe_opcode_t *addr)
> > {
> > int i;
> > struct kprobe *p = NULL;
> > struct optimized_kprobe *op;
> >
> > /* Don't check i == 0, since that is a breakpoint case. */
> > for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH / sizeof(kprobe_opcode_t); i++)
> > p = get_kprobe(addr - i);
> >
> > if (p && kprobe_optready(p)) {
> > op = container_of(p, struct optimized_kprobe, kp);
> > if (arch_within_optimized_kprobe(op, addr))
> > return p;
> > }
> >
> > return NULL;
> > }
> >
> > The document mentions something about optimizing by replacing trap instructions
> > with jump instructions, so I am assuming this function is part of that.
>
> Yes, you're right.
>
> > But I
> > fail to see what this function is trying to do exactly. The for loop seems to
> > call get_kprobe at addresses immediately before "addr". But what for? What are
> > at addresses before "addr"?
>
> This is for finding a jump optimized kprobe which will modify the instruction
> pointed by 'addr'. As you may know, on x86, the software-breakpoint
> instruction is 1 byte, but the jump will be 5 bytes. In that case, if we put
> something at instruction including 'addr', it will be ignored or it will break
> the jump instruction. So it is used for finding such optimized kprobe.
>
> For the kprobe, the jump optimization is optional and hidden from the user. We
> should prioritize adding kprobes at specified locations over optimization.
> Thus if we find such optimized kprobe, it must be unoptimized.
Thank you so much for the detailed answer, it is clear now.
Best regards,
Nam
prev parent reply other threads:[~2023-08-06 14:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-06 11:18 confused about kprobes Nam Cao
2023-08-06 12:31 ` Masami Hiramatsu
2023-08-06 14:28 ` Nam Cao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZM+t+EVXIlNbKZ3u@nam-dell \
--to=namcaov@gmail.com \
--cc=anil.s.keshavamurthy@intel.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=naveen.n.rao@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox