commit 660f6a360be399f4ebdd6572a3d24afe54e9bb1c · tjh.dev/kernel

+195 -12

Documentation/kprobes.txt

··· 1 1 Title : Kernel Probes (Kprobes) 2 2 Authors : Jim Keniston <jkenisto@us.ibm.com> 3 - : Prasanna S Panchamukhi <prasanna@in.ibm.com> 3 + : Prasanna S Panchamukhi <prasanna.panchamukhi@gmail.com> 4 + : Masami Hiramatsu <mhiramat@redhat.com> 4 5 5 6 CONTENTS 6 7 ··· 16 15 9. Jprobes Example 17 16 10. Kretprobes Example 18 17 Appendix A: The kprobes debugfs interface 18 + Appendix B: The kprobes sysctl interface 19 19 20 20 1. Concepts: Kprobes, Jprobes, Return Probes 21 21 ··· 44 42 can speed up unregistration process when you have to unregister 45 43 a lot of probes at once. 46 44 47 - The next three subsections explain how the different types of 48 - probes work. They explain certain things that you'll need to 49 - know in order to make the best use of Kprobes -- e.g., the 50 - difference between a pre_handler and a post_handler, and how 51 - to use the maxactive and nmissed fields of a kretprobe. But 52 - if you're in a hurry to start using Kprobes, you can skip ahead 53 - to section 2. 45 + The next four subsections explain how the different types of 46 + probes work and how jump optimization works. They explain certain 47 + things that you'll need to know in order to make the best use of 48 + Kprobes -- e.g., the difference between a pre_handler and 49 + a post_handler, and how to use the maxactive and nmissed fields of 50 + a kretprobe. But if you're in a hurry to start using Kprobes, you 51 + can skip ahead to section 2. 54 52 55 53 1.1 How Does a Kprobe Work? 56 54 ··· 163 161 object available, then in addition to incrementing the nmissed count, 164 162 the user entry_handler invocation is also skipped. 165 163 164 + 1.4 How Does Jump Optimization Work? 165 + 166 + If you configured your kernel with CONFIG_OPTPROBES=y (currently 167 + this option is supported on x86/x86-64, non-preemptive kernel) and 168 + the "debug.kprobes_optimization" kernel parameter is set to 1 (see 169 + sysctl(8)), Kprobes tries to reduce probe-hit overhead by using a jump 170 + instruction instead of a breakpoint instruction at each probepoint. 171 + 172 + 1.4.1 Init a Kprobe 173 + 174 + When a probe is registered, before attempting this optimization, 175 + Kprobes inserts an ordinary, breakpoint-based kprobe at the specified 176 + address. So, even if it's not possible to optimize this particular 177 + probepoint, there'll be a probe there. 178 + 179 + 1.4.2 Safety Check 180 + 181 + Before optimizing a probe, Kprobes performs the following safety checks: 182 + 183 + - Kprobes verifies that the region that will be replaced by the jump 184 + instruction (the "optimized region") lies entirely within one function. 185 + (A jump instruction is multiple bytes, and so may overlay multiple 186 + instructions.) 187 + 188 + - Kprobes analyzes the entire function and verifies that there is no 189 + jump into the optimized region. Specifically: 190 + - the function contains no indirect jump; 191 + - the function contains no instruction that causes an exception (since 192 + the fixup code triggered by the exception could jump back into the 193 + optimized region -- Kprobes checks the exception tables to verify this); 194 + and 195 + - there is no near jump to the optimized region (other than to the first 196 + byte). 197 + 198 + - For each instruction in the optimized region, Kprobes verifies that 199 + the instruction can be executed out of line. 200 + 201 + 1.4.3 Preparing Detour Buffer 202 + 203 + Next, Kprobes prepares a "detour" buffer, which contains the following 204 + instruction sequence: 205 + - code to push the CPU's registers (emulating a breakpoint trap) 206 + - a call to the trampoline code which calls user's probe handlers. 207 + - code to restore registers 208 + - the instructions from the optimized region 209 + - a jump back to the original execution path. 210 + 211 + 1.4.4 Pre-optimization 212 + 213 + After preparing the detour buffer, Kprobes verifies that none of the 214 + following situations exist: 215 + - The probe has either a break_handler (i.e., it's a jprobe) or a 216 + post_handler. 217 + - Other instructions in the optimized region are probed. 218 + - The probe is disabled. 219 + In any of the above cases, Kprobes won't start optimizing the probe. 220 + Since these are temporary situations, Kprobes tries to start 221 + optimizing it again if the situation is changed. 222 + 223 + If the kprobe can be optimized, Kprobes enqueues the kprobe to an 224 + optimizing list, and kicks the kprobe-optimizer workqueue to optimize 225 + it. If the to-be-optimized probepoint is hit before being optimized, 226 + Kprobes returns control to the original instruction path by setting 227 + the CPU's instruction pointer to the copied code in the detour buffer 228 + -- thus at least avoiding the single-step. 229 + 230 + 1.4.5 Optimization 231 + 232 + The Kprobe-optimizer doesn't insert the jump instruction immediately; 233 + rather, it calls synchronize_sched() for safety first, because it's 234 + possible for a CPU to be interrupted in the middle of executing the 235 + optimized region(*). As you know, synchronize_sched() can ensure 236 + that all interruptions that were active when synchronize_sched() 237 + was called are done, but only if CONFIG_PREEMPT=n. So, this version 238 + of kprobe optimization supports only kernels with CONFIG_PREEMPT=n.(**) 239 + 240 + After that, the Kprobe-optimizer calls stop_machine() to replace 241 + the optimized region with a jump instruction to the detour buffer, 242 + using text_poke_smp(). 243 + 244 + 1.4.6 Unoptimization 245 + 246 + When an optimized kprobe is unregistered, disabled, or blocked by 247 + another kprobe, it will be unoptimized. If this happens before 248 + the optimization is complete, the kprobe is just dequeued from the 249 + optimized list. If the optimization has been done, the jump is 250 + replaced with the original code (except for an int3 breakpoint in 251 + the first byte) by using text_poke_smp(). 252 + 253 + (*)Please imagine that the 2nd instruction is interrupted and then 254 + the optimizer replaces the 2nd instruction with the jump *address* 255 + while the interrupt handler is running. When the interrupt 256 + returns to original address, there is no valid instruction, 257 + and it causes an unexpected result. 258 + 259 + (**)This optimization-safety checking may be replaced with the 260 + stop-machine method that ksplice uses for supporting a CONFIG_PREEMPT=y 261 + kernel. 262 + 263 + NOTE for geeks: 264 + The jump optimization changes the kprobe's pre_handler behavior. 265 + Without optimization, the pre_handler can change the kernel's execution 266 + path by changing regs->ip and returning 1. However, when the probe 267 + is optimized, that modification is ignored. Thus, if you want to 268 + tweak the kernel's execution path, you need to suppress optimization, 269 + using one of the following techniques: 270 + - Specify an empty function for the kprobe's post_handler or break_handler. 271 + or 272 + - Config CONFIG_OPTPROBES=n. 273 + or 274 + - Execute 'sysctl -w debug.kprobes_optimization=n' 275 + 166 276 2. Architectures Supported 167 277 168 278 Kprobes, jprobes, and return probes are implemented on the following 169 279 architectures: 170 280 171 - - i386 172 - - x86_64 (AMD-64, EM64T) 281 + - i386 (Supports jump optimization) 282 + - x86_64 (AMD-64, EM64T) (Supports jump optimization) 173 283 - ppc64 174 284 - ia64 (Does not support probes on instruction slot1.) 175 285 - sparc64 (Return probes not yet implemented.) ··· 306 192 it useful to "Compile the kernel with debug info" (CONFIG_DEBUG_INFO), 307 193 so you can use "objdump -d -l vmlinux" to see the source-to-object 308 194 code mapping. 195 + 196 + If you want to reduce probing overhead, set "Kprobes jump optimization 197 + support" (CONFIG_OPTPROBES) to "y". You can find this option under the 198 + "Kprobes" line. 309 199 310 200 4. API Reference 311 201 ··· 507 389 508 390 Kprobes allows multiple probes at the same address. Currently, 509 391 however, there cannot be multiple jprobes on the same function at 510 - the same time. 392 + the same time. Also, a probepoint for which there is a jprobe or 393 + a post_handler cannot be optimized. So if you install a jprobe, 394 + or a kprobe with a post_handler, at an optimized probepoint, the 395 + probepoint will be unoptimized automatically. 511 396 512 397 In general, you can install a probe anywhere in the kernel. 513 398 In particular, you can probe interrupt handlers. Known exceptions ··· 574 453 on the x86_64 version of __switch_to(); the registration functions 575 454 return -EINVAL. 576 455 456 + On x86/x86-64, since the Jump Optimization of Kprobes modifies 457 + instructions widely, there are some limitations to optimization. To 458 + explain it, we introduce some terminology. Imagine a 3-instruction 459 + sequence consisting of a two 2-byte instructions and one 3-byte 460 + instruction. 461 + 462 + IA 463 + | 464 + [-2][-1][0][1][2][3][4][5][6][7] 465 + [ins1][ins2][ ins3 ] 466 + [<- DCR ->] 467 + [<- JTPR ->] 468 + 469 + ins1: 1st Instruction 470 + ins2: 2nd Instruction 471 + ins3: 3rd Instruction 472 + IA: Insertion Address 473 + JTPR: Jump Target Prohibition Region 474 + DCR: Detoured Code Region 475 + 476 + The instructions in DCR are copied to the out-of-line buffer 477 + of the kprobe, because the bytes in DCR are replaced by 478 + a 5-byte jump instruction. So there are several limitations. 479 + 480 + a) The instructions in DCR must be relocatable. 481 + b) The instructions in DCR must not include a call instruction. 482 + c) JTPR must not be targeted by any jump or call instruction. 483 + d) DCR must not straddle the border betweeen functions. 484 + 485 + Anyway, these limitations are checked by the in-kernel instruction 486 + decoder, so you don't need to worry about that. 487 + 577 488 6. Probe Overhead 578 489 579 490 On a typical CPU in use in 2005, a kprobe hit takes 0.5 to 1.0 ··· 628 475 629 476 ppc64: POWER5 (gr), 1656 MHz (SMT disabled, 1 virtual CPU per physical CPU) 630 477 k = 0.77 usec; j = 1.31; r = 1.26; kr = 1.45; jr = 1.99 478 + 479 + 6.1 Optimized Probe Overhead 480 + 481 + Typically, an optimized kprobe hit takes 0.07 to 0.1 microseconds to 482 + process. Here are sample overhead figures (in usec) for x86 architectures. 483 + k = unoptimized kprobe, b = boosted (single-step skipped), o = optimized kprobe, 484 + r = unoptimized kretprobe, rb = boosted kretprobe, ro = optimized kretprobe. 485 + 486 + i386: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips 487 + k = 0.80 usec; b = 0.33; o = 0.05; r = 1.10; rb = 0.61; ro = 0.33 488 + 489 + x86-64: Intel(R) Xeon(R) E5410, 2.33GHz, 4656.90 bogomips 490 + k = 0.99 usec; b = 0.43; o = 0.06; r = 1.24; rb = 0.68; ro = 0.30 631 491 632 492 7. TODO 633 493 ··· 689 523 a virtual address that is no longer valid (module init sections, module 690 524 virtual addresses that correspond to modules that've been unloaded), 691 525 such probes are marked with [GONE]. If the probe is temporarily disabled, 692 - such probes are marked with [DISABLED]. 526 + such probes are marked with [DISABLED]. If the probe is optimized, it is 527 + marked with [OPTIMIZED]. 693 528 694 529 /sys/kernel/debug/kprobes/enabled: Turn kprobes ON/OFF forcibly. 695 530 ··· 700 533 file. Note that this knob just disarms and arms all kprobes and doesn't 701 534 change each probe's disabling state. This means that disabled kprobes (marked 702 535 [DISABLED]) will be not enabled if you turn ON all kprobes by this knob. 536 + 537 + 538 + Appendix B: The kprobes sysctl interface 539 + 540 + /proc/sys/debug/kprobes-optimization: Turn kprobes optimization ON/OFF. 541 + 542 + When CONFIG_OPTPROBES=y, this sysctl interface appears and it provides 543 + a knob to globally and forcibly turn jump optimization (see section 544 + 1.4) ON or OFF. By default, jump optimization is allowed (ON). 545 + If you echo "0" to this file or set "debug.kprobes_optimization" to 546 + 0 via sysctl, all optimized probes will be unoptimized, and any new 547 + probes registered after that will not be optimized. Note that this 548 + knob *changes* the optimized state. This means that optimized probes 549 + (marked [OPTIMIZED]) will be unoptimized ([OPTIMIZED] tag will be 550 + removed). If the knob is turned on, they will be optimized again. 551 +

+13

arch/Kconfig

··· 41 41 for kernel debugging, non-intrusive instrumentation and testing. 42 42 If in doubt, say "N". 43 43 44 + config OPTPROBES 45 + bool "Kprobes jump optimization support (EXPERIMENTAL)" 46 + default y 47 + depends on KPROBES 48 + depends on !PREEMPT 49 + depends on HAVE_OPTPROBES 50 + select KALLSYMS_ALL 51 + help 52 + This option will allow kprobes to optimize breakpoint to 53 + a jump for reducing its overhead. 54 + 44 55 config HAVE_EFFICIENT_UNALIGNED_ACCESS 45 56 bool 46 57 help ··· 94 83 config HAVE_KRETPROBES 95 84 bool 96 85 86 + config HAVE_OPTPROBES 87 + bool 97 88 # 98 89 # An arch should select this if it provides all these things: 99 90 #

+1

arch/x86/Kconfig

··· 31 31 select ARCH_WANT_FRAME_POINTERS 32 32 select HAVE_DMA_ATTRS 33 33 select HAVE_KRETPROBES 34 + select HAVE_OPTPROBES 34 35 select HAVE_FTRACE_MCOUNT_RECORD 35 36 select HAVE_DYNAMIC_FTRACE 36 37 select HAVE_FUNCTION_TRACER

+3 -1

arch/x86/include/asm/alternative.h

··· 165 165 * invalid instruction possible) or if the instructions are changed from a 166 166 * consistent state to another consistent state atomically. 167 167 * More care must be taken when modifying code in the SMP case because of 168 - * Intel's errata. 168 + * Intel's errata. text_poke_smp() takes care that errata, but still 169 + * doesn't support NMI/MCE handler code modifying. 169 170 * On the local CPU you need to be protected again NMI or MCE handlers seeing an 170 171 * inconsistent instruction while you patch. 171 172 */ 172 173 extern void *text_poke(void *addr, const void *opcode, size_t len); 174 + extern void *text_poke_smp(void *addr, const void *opcode, size_t len); 173 175 174 176 #endif /* _ASM_X86_ALTERNATIVE_H */

+30 -1

arch/x86/include/asm/kprobes.h

··· 32 32 33 33 typedef u8 kprobe_opcode_t; 34 34 #define BREAKPOINT_INSTRUCTION 0xcc 35 - #define RELATIVEJUMP_INSTRUCTION 0xe9 35 + #define RELATIVEJUMP_OPCODE 0xe9 36 + #define RELATIVEJUMP_SIZE 5 37 + #define RELATIVECALL_OPCODE 0xe8 38 + #define RELATIVE_ADDR_SIZE 4 36 39 #define MAX_INSN_SIZE 16 37 40 #define MAX_STACK_SIZE 64 38 41 #define MIN_STACK_SIZE(ADDR) \ ··· 46 43 THREAD_SIZE - (unsigned long)(ADDR))) 47 44 48 45 #define flush_insn_slot(p) do { } while (0) 46 + 47 + /* optinsn template addresses */ 48 + extern kprobe_opcode_t optprobe_template_entry; 49 + extern kprobe_opcode_t optprobe_template_val; 50 + extern kprobe_opcode_t optprobe_template_call; 51 + extern kprobe_opcode_t optprobe_template_end; 52 + #define MAX_OPTIMIZED_LENGTH (MAX_INSN_SIZE + RELATIVE_ADDR_SIZE) 53 + #define MAX_OPTINSN_SIZE \ 54 + (((unsigned long)&optprobe_template_end - \ 55 + (unsigned long)&optprobe_template_entry) + \ 56 + MAX_OPTIMIZED_LENGTH + RELATIVEJUMP_SIZE) 49 57 50 58 extern const int kretprobe_blacklist_size; 51 59 ··· 77 63 */ 78 64 int boostable; 79 65 }; 66 + 67 + struct arch_optimized_insn { 68 + /* copy of the original instructions */ 69 + kprobe_opcode_t copied_insn[RELATIVE_ADDR_SIZE]; 70 + /* detour code buffer */ 71 + kprobe_opcode_t *insn; 72 + /* the size of instructions copied to detour code buffer */ 73 + size_t size; 74 + }; 75 + 76 + /* Return true (!0) if optinsn is prepared for optimization. */ 77 + static inline int arch_prepared_optinsn(struct arch_optimized_insn *optinsn) 78 + { 79 + return optinsn->size; 80 + } 80 81 81 82 struct prev_kprobe { 82 83 struct kprobe *kp;

+60

arch/x86/kernel/alternative.c

··· 7 7 #include <linux/mm.h> 8 8 #include <linux/vmalloc.h> 9 9 #include <linux/memory.h> 10 + #include <linux/stop_machine.h> 10 11 #include <asm/alternative.h> 11 12 #include <asm/sections.h> 12 13 #include <asm/pgtable.h> ··· 573 572 local_irq_restore(flags); 574 573 return addr; 575 574 } 575 + 576 + /* 577 + * Cross-modifying kernel text with stop_machine(). 578 + * This code originally comes from immediate value. 579 + */ 580 + static atomic_t stop_machine_first; 581 + static int wrote_text; 582 + 583 + struct text_poke_params { 584 + void *addr; 585 + const void *opcode; 586 + size_t len; 587 + }; 588 + 589 + static int __kprobes stop_machine_text_poke(void *data) 590 + { 591 + struct text_poke_params *tpp = data; 592 + 593 + if (atomic_dec_and_test(&stop_machine_first)) { 594 + text_poke(tpp->addr, tpp->opcode, tpp->len); 595 + smp_wmb(); /* Make sure other cpus see that this has run */ 596 + wrote_text = 1; 597 + } else { 598 + while (!wrote_text) 599 + cpu_relax(); 600 + smp_mb(); /* Load wrote_text before following execution */ 601 + } 602 + 603 + flush_icache_range((unsigned long)tpp->addr, 604 + (unsigned long)tpp->addr + tpp->len); 605 + return 0; 606 + } 607 + 608 + /** 609 + * text_poke_smp - Update instructions on a live kernel on SMP 610 + * @addr: address to modify 611 + * @opcode: source of the copy 612 + * @len: length to copy 613 + * 614 + * Modify multi-byte instruction by using stop_machine() on SMP. This allows 615 + * user to poke/set multi-byte text on SMP. Only non-NMI/MCE code modifying 616 + * should be allowed, since stop_machine() does _not_ protect code against 617 + * NMI and MCE. 618 + * 619 + * Note: Must be called under get_online_cpus() and text_mutex. 620 + */ 621 + void *__kprobes text_poke_smp(void *addr, const void *opcode, size_t len) 622 + { 623 + struct text_poke_params tpp; 624 + 625 + tpp.addr = addr; 626 + tpp.opcode = opcode; 627 + tpp.len = len; 628 + atomic_set(&stop_machine_first, 1); 629 + wrote_text = 0; 630 + stop_machine(stop_machine_text_poke, (void *)&tpp, NULL); 631 + return addr; 632 + } 633 +

+504 -105

arch/x86/kernel/kprobes.c

··· 49 49 #include <linux/module.h> 50 50 #include <linux/kdebug.h> 51 51 #include <linux/kallsyms.h> 52 + #include <linux/ftrace.h> 52 53 53 54 #include <asm/cacheflush.h> 54 55 #include <asm/desc.h> ··· 107 106 }; 108 107 const int kretprobe_blacklist_size = ARRAY_SIZE(kretprobe_blacklist); 109 108 110 - /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/ 111 - static void __kprobes set_jmp_op(void *from, void *to) 109 + static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) 112 110 { 113 - struct __arch_jmp_op { 114 - char op; 111 + struct __arch_relative_insn { 112 + u8 op; 115 113 s32 raddr; 116 - } __attribute__((packed)) * jop; 117 - jop = (struct __arch_jmp_op *)from; 118 - jop->raddr = (s32)((long)(to) - ((long)(from) + 5)); 119 - jop->op = RELATIVEJUMP_INSTRUCTION; 114 + } __attribute__((packed)) *insn; 115 + 116 + insn = (struct __arch_relative_insn *)from; 117 + insn->raddr = (s32)((long)(to) - ((long)(from) + 5)); 118 + insn->op = op; 119 + } 120 + 121 + /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/ 122 + static void __kprobes synthesize_reljump(void *from, void *to) 123 + { 124 + __synthesize_relative_insn(from, to, RELATIVEJUMP_OPCODE); 120 125 } 121 126 122 127 /* ··· 209 202 /* 210 203 * Basically, kp->ainsn.insn has an original instruction. 211 204 * However, RIP-relative instruction can not do single-stepping 212 - * at different place, fix_riprel() tweaks the displacement of 205 + * at different place, __copy_instruction() tweaks the displacement of 213 206 * that instruction. In that case, we can't recover the instruction 214 207 * from the kp->ainsn.insn. 215 208 * ··· 291 284 } 292 285 293 286 /* 294 - * Adjust the displacement if the instruction uses the %rip-relative 295 - * addressing mode. 287 + * Copy an instruction and adjust the displacement if the instruction 288 + * uses the %rip-relative addressing mode. 296 289 * If it does, Return the address of the 32-bit displacement word. 297 290 * If not, return null. 298 291 * Only applicable to 64-bit x86. 299 292 */ 300 - static void __kprobes fix_riprel(struct kprobe *p) 293 + static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) 301 294 { 302 - #ifdef CONFIG_X86_64 303 295 struct insn insn; 304 - kernel_insn_init(&insn, p->ainsn.insn); 296 + int ret; 297 + kprobe_opcode_t buf[MAX_INSN_SIZE]; 305 298 299 + kernel_insn_init(&insn, src); 300 + if (recover) { 301 + insn_get_opcode(&insn); 302 + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) { 303 + ret = recover_probed_instruction(buf, 304 + (unsigned long)src); 305 + if (ret) 306 + return 0; 307 + kernel_insn_init(&insn, buf); 308 + } 309 + } 310 + insn_get_length(&insn); 311 + memcpy(dest, insn.kaddr, insn.length); 312 + 313 + #ifdef CONFIG_X86_64 306 314 if (insn_rip_relative(&insn)) { 307 315 s64 newdisp; 308 316 u8 *disp; 317 + kernel_insn_init(&insn, dest); 309 318 insn_get_displacement(&insn); 310 319 /* 311 320 * The copied instruction uses the %rip-relative addressing ··· 335 312 * extension of the original signed 32-bit displacement would 336 313 * have given. 337 314 */ 338 - newdisp = (u8 *) p->addr + (s64) insn.displacement.value - 339 - (u8 *) p->ainsn.insn; 315 + newdisp = (u8 *) src + (s64) insn.displacement.value - 316 + (u8 *) dest; 340 317 BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */ 341 - disp = (u8 *) p->ainsn.insn + insn_offset_displacement(&insn); 318 + disp = (u8 *) dest + insn_offset_displacement(&insn); 342 319 *(s32 *) disp = (s32) newdisp; 343 320 } 344 321 #endif 322 + return insn.length; 345 323 } 346 324 347 325 static void __kprobes arch_copy_kprobe(struct kprobe *p) 348 326 { 349 - memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); 350 - 351 - fix_riprel(p); 327 + /* 328 + * Copy an instruction without recovering int3, because it will be 329 + * put by another subsystem. 330 + */ 331 + __copy_instruction(p->ainsn.insn, p->addr, 0); 352 332 353 333 if (can_boost(p->addr)) 354 334 p->ainsn.boostable = 0; ··· 432 406 update_debugctlmsr(current->thread.debugctlmsr); 433 407 } 434 408 435 - static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs) 436 - { 437 - clear_btf(); 438 - regs->flags |= X86_EFLAGS_TF; 439 - regs->flags &= ~X86_EFLAGS_IF; 440 - /* single step inline if the instruction is an int3 */ 441 - if (p->opcode == BREAKPOINT_INSTRUCTION) 442 - regs->ip = (unsigned long)p->addr; 443 - else 444 - regs->ip = (unsigned long)p->ainsn.insn; 445 - } 446 - 447 409 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, 448 410 struct pt_regs *regs) 449 411 { ··· 443 429 *sara = (unsigned long) &kretprobe_trampoline; 444 430 } 445 431 432 + #ifdef CONFIG_OPTPROBES 433 + static int __kprobes setup_detour_execution(struct kprobe *p, 434 + struct pt_regs *regs, 435 + int reenter); 436 + #else 437 + #define setup_detour_execution(p, regs, reenter) (0) 438 + #endif 439 + 446 440 static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, 447 - struct kprobe_ctlblk *kcb) 441 + struct kprobe_ctlblk *kcb, int reenter) 448 442 { 443 + if (setup_detour_execution(p, regs, reenter)) 444 + return; 445 + 449 446 #if !defined(CONFIG_PREEMPT) 450 447 if (p->ainsn.boostable == 1 && !p->post_handler) { 451 448 /* Boost up -- we can execute copied instructions directly */ 452 - reset_current_kprobe(); 449 + if (!reenter) 450 + reset_current_kprobe(); 451 + /* 452 + * Reentering boosted probe doesn't reset current_kprobe, 453 + * nor set current_kprobe, because it doesn't use single 454 + * stepping. 455 + */ 453 456 regs->ip = (unsigned long)p->ainsn.insn; 454 457 preempt_enable_no_resched(); 455 458 return; 456 459 } 457 460 #endif 458 - prepare_singlestep(p, regs); 459 - kcb->kprobe_status = KPROBE_HIT_SS; 461 + if (reenter) { 462 + save_previous_kprobe(kcb); 463 + set_current_kprobe(p, regs, kcb); 464 + kcb->kprobe_status = KPROBE_REENTER; 465 + } else 466 + kcb->kprobe_status = KPROBE_HIT_SS; 467 + /* Prepare real single stepping */ 468 + clear_btf(); 469 + regs->flags |= X86_EFLAGS_TF; 470 + regs->flags &= ~X86_EFLAGS_IF; 471 + /* single step inline if the instruction is an int3 */ 472 + if (p->opcode == BREAKPOINT_INSTRUCTION) 473 + regs->ip = (unsigned long)p->addr; 474 + else 475 + regs->ip = (unsigned long)p->ainsn.insn; 460 476 } 461 477 462 478 /* ··· 500 456 switch (kcb->kprobe_status) { 501 457 case KPROBE_HIT_SSDONE: 502 458 case KPROBE_HIT_ACTIVE: 503 - save_previous_kprobe(kcb); 504 - set_current_kprobe(p, regs, kcb); 505 459 kprobes_inc_nmissed_count(p); 506 - prepare_singlestep(p, regs); 507 - kcb->kprobe_status = KPROBE_REENTER; 460 + setup_singlestep(p, regs, kcb, 1); 508 461 break; 509 462 case KPROBE_HIT_SS: 510 463 /* A probe has been hit in the codepath leading up to, or just ··· 576 535 * more here. 577 536 */ 578 537 if (!p->pre_handler || !p->pre_handler(p, regs)) 579 - setup_singlestep(p, regs, kcb); 538 + setup_singlestep(p, regs, kcb, 0); 580 539 return 1; 581 540 } 582 541 } else if (kprobe_running()) { 583 542 p = __get_cpu_var(current_kprobe); 584 543 if (p->break_handler && p->break_handler(p, regs)) { 585 - setup_singlestep(p, regs, kcb); 544 + setup_singlestep(p, regs, kcb, 0); 586 545 return 1; 587 546 } 588 547 } /* else: not a kprobe fault; let the kernel handle it */ ··· 590 549 preempt_enable_no_resched(); 591 550 return 0; 592 551 } 552 + 553 + #ifdef CONFIG_X86_64 554 + #define SAVE_REGS_STRING \ 555 + /* Skip cs, ip, orig_ax. */ \ 556 + " subq $24, %rsp\n" \ 557 + " pushq %rdi\n" \ 558 + " pushq %rsi\n" \ 559 + " pushq %rdx\n" \ 560 + " pushq %rcx\n" \ 561 + " pushq %rax\n" \ 562 + " pushq %r8\n" \ 563 + " pushq %r9\n" \ 564 + " pushq %r10\n" \ 565 + " pushq %r11\n" \ 566 + " pushq %rbx\n" \ 567 + " pushq %rbp\n" \ 568 + " pushq %r12\n" \ 569 + " pushq %r13\n" \ 570 + " pushq %r14\n" \ 571 + " pushq %r15\n" 572 + #define RESTORE_REGS_STRING \ 573 + " popq %r15\n" \ 574 + " popq %r14\n" \ 575 + " popq %r13\n" \ 576 + " popq %r12\n" \ 577 + " popq %rbp\n" \ 578 + " popq %rbx\n" \ 579 + " popq %r11\n" \ 580 + " popq %r10\n" \ 581 + " popq %r9\n" \ 582 + " popq %r8\n" \ 583 + " popq %rax\n" \ 584 + " popq %rcx\n" \ 585 + " popq %rdx\n" \ 586 + " popq %rsi\n" \ 587 + " popq %rdi\n" \ 588 + /* Skip orig_ax, ip, cs */ \ 589 + " addq $24, %rsp\n" 590 + #else 591 + #define SAVE_REGS_STRING \ 592 + /* Skip cs, ip, orig_ax and gs. */ \ 593 + " subl $16, %esp\n" \ 594 + " pushl %fs\n" \ 595 + " pushl %ds\n" \ 596 + " pushl %es\n" \ 597 + " pushl %eax\n" \ 598 + " pushl %ebp\n" \ 599 + " pushl %edi\n" \ 600 + " pushl %esi\n" \ 601 + " pushl %edx\n" \ 602 + " pushl %ecx\n" \ 603 + " pushl %ebx\n" 604 + #define RESTORE_REGS_STRING \ 605 + " popl %ebx\n" \ 606 + " popl %ecx\n" \ 607 + " popl %edx\n" \ 608 + " popl %esi\n" \ 609 + " popl %edi\n" \ 610 + " popl %ebp\n" \ 611 + " popl %eax\n" \ 612 + /* Skip ds, es, fs, gs, orig_ax, and ip. Note: don't pop cs here*/\ 613 + " addl $24, %esp\n" 614 + #endif 593 615 594 616 /* 595 617 * When a retprobed function returns, this code saves registers and ··· 667 563 /* We don't bother saving the ss register */ 668 564 " pushq %rsp\n" 669 565 " pushfq\n" 670 - /* 671 - * Skip cs, ip, orig_ax. 672 - * trampoline_handler() will plug in these values 673 - */ 674 - " subq $24, %rsp\n" 675 - " pushq %rdi\n" 676 - " pushq %rsi\n" 677 - " pushq %rdx\n" 678 - " pushq %rcx\n" 679 - " pushq %rax\n" 680 - " pushq %r8\n" 681 - " pushq %r9\n" 682 - " pushq %r10\n" 683 - " pushq %r11\n" 684 - " pushq %rbx\n" 685 - " pushq %rbp\n" 686 - " pushq %r12\n" 687 - " pushq %r13\n" 688 - " pushq %r14\n" 689 - " pushq %r15\n" 566 + SAVE_REGS_STRING 690 567 " movq %rsp, %rdi\n" 691 568 " call trampoline_handler\n" 692 569 /* Replace saved sp with true return address. */ 693 570 " movq %rax, 152(%rsp)\n" 694 - " popq %r15\n" 695 - " popq %r14\n" 696 - " popq %r13\n" 697 - " popq %r12\n" 698 - " popq %rbp\n" 699 - " popq %rbx\n" 700 - " popq %r11\n" 701 - " popq %r10\n" 702 - " popq %r9\n" 703 - " popq %r8\n" 704 - " popq %rax\n" 705 - " popq %rcx\n" 706 - " popq %rdx\n" 707 - " popq %rsi\n" 708 - " popq %rdi\n" 709 - /* Skip orig_ax, ip, cs */ 710 - " addq $24, %rsp\n" 571 + RESTORE_REGS_STRING 711 572 " popfq\n" 712 573 #else 713 574 " pushf\n" 714 - /* 715 - * Skip cs, ip, orig_ax and gs. 716 - * trampoline_handler() will plug in these values 717 - */ 718 - " subl $16, %esp\n" 719 - " pushl %fs\n" 720 - " pushl %es\n" 721 - " pushl %ds\n" 722 - " pushl %eax\n" 723 - " pushl %ebp\n" 724 - " pushl %edi\n" 725 - " pushl %esi\n" 726 - " pushl %edx\n" 727 - " pushl %ecx\n" 728 - " pushl %ebx\n" 575 + SAVE_REGS_STRING 729 576 " movl %esp, %eax\n" 730 577 " call trampoline_handler\n" 731 578 /* Move flags to cs */ ··· 684 629 " movl %edx, 52(%esp)\n" 685 630 /* Replace saved flags with true return address. */ 686 631 " movl %eax, 56(%esp)\n" 687 - " popl %ebx\n" 688 - " popl %ecx\n" 689 - " popl %edx\n" 690 - " popl %esi\n" 691 - " popl %edi\n" 692 - " popl %ebp\n" 693 - " popl %eax\n" 694 - /* Skip ds, es, fs, gs, orig_ax and ip */ 695 - " addl $24, %esp\n" 632 + RESTORE_REGS_STRING 696 633 " popf\n" 697 634 #endif 698 635 " ret\n"); ··· 852 805 * These instructions can be executed directly if it 853 806 * jumps back to correct address. 854 807 */ 855 - set_jmp_op((void *)regs->ip, 856 - (void *)orig_ip + (regs->ip - copy_ip)); 808 + synthesize_reljump((void *)regs->ip, 809 + (void *)orig_ip + (regs->ip - copy_ip)); 857 810 p->ainsn.boostable = 1; 858 811 } else { 859 812 p->ainsn.boostable = -1; ··· 1079 1032 } 1080 1033 return 0; 1081 1034 } 1035 + 1036 + 1037 + #ifdef CONFIG_OPTPROBES 1038 + 1039 + /* Insert a call instruction at address 'from', which calls address 'to'.*/ 1040 + static void __kprobes synthesize_relcall(void *from, void *to) 1041 + { 1042 + __synthesize_relative_insn(from, to, RELATIVECALL_OPCODE); 1043 + } 1044 + 1045 + /* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */ 1046 + static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, 1047 + unsigned long val) 1048 + { 1049 + #ifdef CONFIG_X86_64 1050 + *addr++ = 0x48; 1051 + *addr++ = 0xbf; 1052 + #else 1053 + *addr++ = 0xb8; 1054 + #endif 1055 + *(unsigned long *)addr = val; 1056 + } 1057 + 1058 + void __kprobes kprobes_optinsn_template_holder(void) 1059 + { 1060 + asm volatile ( 1061 + ".global optprobe_template_entry\n" 1062 + "optprobe_template_entry: \n" 1063 + #ifdef CONFIG_X86_64 1064 + /* We don't bother saving the ss register */ 1065 + " pushq %rsp\n" 1066 + " pushfq\n" 1067 + SAVE_REGS_STRING 1068 + " movq %rsp, %rsi\n" 1069 + ".global optprobe_template_val\n" 1070 + "optprobe_template_val: \n" 1071 + ASM_NOP5 1072 + ASM_NOP5 1073 + ".global optprobe_template_call\n" 1074 + "optprobe_template_call: \n" 1075 + ASM_NOP5 1076 + /* Move flags to rsp */ 1077 + " movq 144(%rsp), %rdx\n" 1078 + " movq %rdx, 152(%rsp)\n" 1079 + RESTORE_REGS_STRING 1080 + /* Skip flags entry */ 1081 + " addq $8, %rsp\n" 1082 + " popfq\n" 1083 + #else /* CONFIG_X86_32 */ 1084 + " pushf\n" 1085 + SAVE_REGS_STRING 1086 + " movl %esp, %edx\n" 1087 + ".global optprobe_template_val\n" 1088 + "optprobe_template_val: \n" 1089 + ASM_NOP5 1090 + ".global optprobe_template_call\n" 1091 + "optprobe_template_call: \n" 1092 + ASM_NOP5 1093 + RESTORE_REGS_STRING 1094 + " addl $4, %esp\n" /* skip cs */ 1095 + " popf\n" 1096 + #endif 1097 + ".global optprobe_template_end\n" 1098 + "optprobe_template_end: \n"); 1099 + } 1100 + 1101 + #define TMPL_MOVE_IDX \ 1102 + ((long)&optprobe_template_val - (long)&optprobe_template_entry) 1103 + #define TMPL_CALL_IDX \ 1104 + ((long)&optprobe_template_call - (long)&optprobe_template_entry) 1105 + #define TMPL_END_IDX \ 1106 + ((long)&optprobe_template_end - (long)&optprobe_template_entry) 1107 + 1108 + #define INT3_SIZE sizeof(kprobe_opcode_t) 1109 + 1110 + /* Optimized kprobe call back function: called from optinsn */ 1111 + static void __kprobes optimized_callback(struct optimized_kprobe *op, 1112 + struct pt_regs *regs) 1113 + { 1114 + struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 1115 + 1116 + preempt_disable(); 1117 + if (kprobe_running()) { 1118 + kprobes_inc_nmissed_count(&op->kp); 1119 + } else { 1120 + /* Save skipped registers */ 1121 + #ifdef CONFIG_X86_64 1122 + regs->cs = __KERNEL_CS; 1123 + #else 1124 + regs->cs = __KERNEL_CS | get_kernel_rpl(); 1125 + regs->gs = 0; 1126 + #endif 1127 + regs->ip = (unsigned long)op->kp.addr + INT3_SIZE; 1128 + regs->orig_ax = ~0UL; 1129 + 1130 + __get_cpu_var(current_kprobe) = &op->kp; 1131 + kcb->kprobe_status = KPROBE_HIT_ACTIVE; 1132 + opt_pre_handler(&op->kp, regs); 1133 + __get_cpu_var(current_kprobe) = NULL; 1134 + } 1135 + preempt_enable_no_resched(); 1136 + } 1137 + 1138 + static int __kprobes copy_optimized_instructions(u8 *dest, u8 *src) 1139 + { 1140 + int len = 0, ret; 1141 + 1142 + while (len < RELATIVEJUMP_SIZE) { 1143 + ret = __copy_instruction(dest + len, src + len, 1); 1144 + if (!ret || !can_boost(dest + len)) 1145 + return -EINVAL; 1146 + len += ret; 1147 + } 1148 + /* Check whether the address range is reserved */ 1149 + if (ftrace_text_reserved(src, src + len - 1) || 1150 + alternatives_text_reserved(src, src + len - 1)) 1151 + return -EBUSY; 1152 + 1153 + return len; 1154 + } 1155 + 1156 + /* Check whether insn is indirect jump */ 1157 + static int __kprobes insn_is_indirect_jump(struct insn *insn) 1158 + { 1159 + return ((insn->opcode.bytes[0] == 0xff && 1160 + (X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */ 1161 + insn->opcode.bytes[0] == 0xea); /* Segment based jump */ 1162 + } 1163 + 1164 + /* Check whether insn jumps into specified address range */ 1165 + static int insn_jump_into_range(struct insn *insn, unsigned long start, int len) 1166 + { 1167 + unsigned long target = 0; 1168 + 1169 + switch (insn->opcode.bytes[0]) { 1170 + case 0xe0: /* loopne */ 1171 + case 0xe1: /* loope */ 1172 + case 0xe2: /* loop */ 1173 + case 0xe3: /* jcxz */ 1174 + case 0xe9: /* near relative jump */ 1175 + case 0xeb: /* short relative jump */ 1176 + break; 1177 + case 0x0f: 1178 + if ((insn->opcode.bytes[1] & 0xf0) == 0x80) /* jcc near */ 1179 + break; 1180 + return 0; 1181 + default: 1182 + if ((insn->opcode.bytes[0] & 0xf0) == 0x70) /* jcc short */ 1183 + break; 1184 + return 0; 1185 + } 1186 + target = (unsigned long)insn->next_byte + insn->immediate.value; 1187 + 1188 + return (start <= target && target <= start + len); 1189 + } 1190 + 1191 + /* Decode whole function to ensure any instructions don't jump into target */ 1192 + static int __kprobes can_optimize(unsigned long paddr) 1193 + { 1194 + int ret; 1195 + unsigned long addr, size = 0, offset = 0; 1196 + struct insn insn; 1197 + kprobe_opcode_t buf[MAX_INSN_SIZE]; 1198 + /* Dummy buffers for lookup_symbol_attrs */ 1199 + static char __dummy_buf[KSYM_NAME_LEN]; 1200 + 1201 + /* Lookup symbol including addr */ 1202 + if (!kallsyms_lookup(paddr, &size, &offset, NULL, __dummy_buf)) 1203 + return 0; 1204 + 1205 + /* Check there is enough space for a relative jump. */ 1206 + if (size - offset < RELATIVEJUMP_SIZE) 1207 + return 0; 1208 + 1209 + /* Decode instructions */ 1210 + addr = paddr - offset; 1211 + while (addr < paddr - offset + size) { /* Decode until function end */ 1212 + if (search_exception_tables(addr)) 1213 + /* 1214 + * Since some fixup code will jumps into this function, 1215 + * we can't optimize kprobe in this function. 1216 + */ 1217 + return 0; 1218 + kernel_insn_init(&insn, (void *)addr); 1219 + insn_get_opcode(&insn); 1220 + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) { 1221 + ret = recover_probed_instruction(buf, addr); 1222 + if (ret) 1223 + return 0; 1224 + kernel_insn_init(&insn, buf); 1225 + } 1226 + insn_get_length(&insn); 1227 + /* Recover address */ 1228 + insn.kaddr = (void *)addr; 1229 + insn.next_byte = (void *)(addr + insn.length); 1230 + /* Check any instructions don't jump into target */ 1231 + if (insn_is_indirect_jump(&insn) || 1232 + insn_jump_into_range(&insn, paddr + INT3_SIZE, 1233 + RELATIVE_ADDR_SIZE)) 1234 + return 0; 1235 + addr += insn.length; 1236 + } 1237 + 1238 + return 1; 1239 + } 1240 + 1241 + /* Check optimized_kprobe can actually be optimized. */ 1242 + int __kprobes arch_check_optimized_kprobe(struct optimized_kprobe *op) 1243 + { 1244 + int i; 1245 + struct kprobe *p; 1246 + 1247 + for (i = 1; i < op->optinsn.size; i++) { 1248 + p = get_kprobe(op->kp.addr + i); 1249 + if (p && !kprobe_disabled(p)) 1250 + return -EEXIST; 1251 + } 1252 + 1253 + return 0; 1254 + } 1255 + 1256 + /* Check the addr is within the optimized instructions. */ 1257 + int __kprobes arch_within_optimized_kprobe(struct optimized_kprobe *op, 1258 + unsigned long addr) 1259 + { 1260 + return ((unsigned long)op->kp.addr <= addr && 1261 + (unsigned long)op->kp.addr + op->optinsn.size > addr); 1262 + } 1263 + 1264 + /* Free optimized instruction slot */ 1265 + static __kprobes 1266 + void __arch_remove_optimized_kprobe(struct optimized_kprobe *op, int dirty) 1267 + { 1268 + if (op->optinsn.insn) { 1269 + free_optinsn_slot(op->optinsn.insn, dirty); 1270 + op->optinsn.insn = NULL; 1271 + op->optinsn.size = 0; 1272 + } 1273 + } 1274 + 1275 + void __kprobes arch_remove_optimized_kprobe(struct optimized_kprobe *op) 1276 + { 1277 + __arch_remove_optimized_kprobe(op, 1); 1278 + } 1279 + 1280 + /* 1281 + * Copy replacing target instructions 1282 + * Target instructions MUST be relocatable (checked inside) 1283 + */ 1284 + int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) 1285 + { 1286 + u8 *buf; 1287 + int ret; 1288 + long rel; 1289 + 1290 + if (!can_optimize((unsigned long)op->kp.addr)) 1291 + return -EILSEQ; 1292 + 1293 + op->optinsn.insn = get_optinsn_slot(); 1294 + if (!op->optinsn.insn) 1295 + return -ENOMEM; 1296 + 1297 + /* 1298 + * Verify if the address gap is in 2GB range, because this uses 1299 + * a relative jump. 1300 + */ 1301 + rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; 1302 + if (abs(rel) > 0x7fffffff) 1303 + return -ERANGE; 1304 + 1305 + buf = (u8 *)op->optinsn.insn; 1306 + 1307 + /* Copy instructions into the out-of-line buffer */ 1308 + ret = copy_optimized_instructions(buf + TMPL_END_IDX, op->kp.addr); 1309 + if (ret < 0) { 1310 + __arch_remove_optimized_kprobe(op, 0); 1311 + return ret; 1312 + } 1313 + op->optinsn.size = ret; 1314 + 1315 + /* Copy arch-dep-instance from template */ 1316 + memcpy(buf, &optprobe_template_entry, TMPL_END_IDX); 1317 + 1318 + /* Set probe information */ 1319 + synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); 1320 + 1321 + /* Set probe function call */ 1322 + synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback); 1323 + 1324 + /* Set returning jmp instruction at the tail of out-of-line buffer */ 1325 + synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size, 1326 + (u8 *)op->kp.addr + op->optinsn.size); 1327 + 1328 + flush_icache_range((unsigned long) buf, 1329 + (unsigned long) buf + TMPL_END_IDX + 1330 + op->optinsn.size + RELATIVEJUMP_SIZE); 1331 + return 0; 1332 + } 1333 + 1334 + /* Replace a breakpoint (int3) with a relative jump. */ 1335 + int __kprobes arch_optimize_kprobe(struct optimized_kprobe *op) 1336 + { 1337 + unsigned char jmp_code[RELATIVEJUMP_SIZE]; 1338 + s32 rel = (s32)((long)op->optinsn.insn - 1339 + ((long)op->kp.addr + RELATIVEJUMP_SIZE)); 1340 + 1341 + /* Backup instructions which will be replaced by jump address */ 1342 + memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE, 1343 + RELATIVE_ADDR_SIZE); 1344 + 1345 + jmp_code[0] = RELATIVEJUMP_OPCODE; 1346 + *(s32 *)(&jmp_code[1]) = rel; 1347 + 1348 + /* 1349 + * text_poke_smp doesn't support NMI/MCE code modifying. 1350 + * However, since kprobes itself also doesn't support NMI/MCE 1351 + * code probing, it's not a problem. 1352 + */ 1353 + text_poke_smp(op->kp.addr, jmp_code, RELATIVEJUMP_SIZE); 1354 + return 0; 1355 + } 1356 + 1357 + /* Replace a relative jump with a breakpoint (int3). */ 1358 + void __kprobes arch_unoptimize_kprobe(struct optimized_kprobe *op) 1359 + { 1360 + u8 buf[RELATIVEJUMP_SIZE]; 1361 + 1362 + /* Set int3 to first byte for kprobes */ 1363 + buf[0] = BREAKPOINT_INSTRUCTION; 1364 + memcpy(buf + 1, op->optinsn.copied_insn, RELATIVE_ADDR_SIZE); 1365 + text_poke_smp(op->kp.addr, buf, RELATIVEJUMP_SIZE); 1366 + } 1367 + 1368 + static int __kprobes setup_detour_execution(struct kprobe *p, 1369 + struct pt_regs *regs, 1370 + int reenter) 1371 + { 1372 + struct optimized_kprobe *op; 1373 + 1374 + if (p->flags & KPROBE_FLAG_OPTIMIZED) { 1375 + /* This kprobe is really able to run optimized path. */ 1376 + op = container_of(p, struct optimized_kprobe, kp); 1377 + /* Detour through copied instructions */ 1378 + regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX; 1379 + if (!reenter) 1380 + reset_current_kprobe(); 1381 + preempt_enable_no_resched(); 1382 + return 1; 1383 + } 1384 + return 0; 1385 + } 1386 + #endif 1082 1387 1083 1388 int __init arch_init_kprobes(void) 1084 1389 {

+44

include/linux/kprobes.h

··· 122 122 /* Kprobe status flags */ 123 123 #define KPROBE_FLAG_GONE 1 /* breakpoint has already gone */ 124 124 #define KPROBE_FLAG_DISABLED 2 /* probe is temporarily disabled */ 125 + #define KPROBE_FLAG_OPTIMIZED 4 /* 126 + * probe is really optimized. 127 + * NOTE: 128 + * this flag is only for optimized_kprobe. 129 + */ 125 130 126 131 /* Has this kprobe gone ? */ 127 132 static inline int kprobe_gone(struct kprobe *p) ··· 138 133 static inline int kprobe_disabled(struct kprobe *p) 139 134 { 140 135 return p->flags & (KPROBE_FLAG_DISABLED | KPROBE_FLAG_GONE); 136 + } 137 + 138 + /* Is this kprobe really running optimized path ? */ 139 + static inline int kprobe_optimized(struct kprobe *p) 140 + { 141 + return p->flags & KPROBE_FLAG_OPTIMIZED; 141 142 } 142 143 /* 143 144 * Special probe type that uses setjmp-longjmp type tricks to resume ··· 259 248 extern kprobe_opcode_t *get_insn_slot(void); 260 249 extern void free_insn_slot(kprobe_opcode_t *slot, int dirty); 261 250 extern void kprobes_inc_nmissed_count(struct kprobe *p); 251 + 252 + #ifdef CONFIG_OPTPROBES 253 + /* 254 + * Internal structure for direct jump optimized probe 255 + */ 256 + struct optimized_kprobe { 257 + struct kprobe kp; 258 + struct list_head list; /* list for optimizing queue */ 259 + struct arch_optimized_insn optinsn; 260 + }; 261 + 262 + /* Architecture dependent functions for direct jump optimization */ 263 + extern int arch_prepared_optinsn(struct arch_optimized_insn *optinsn); 264 + extern int arch_check_optimized_kprobe(struct optimized_kprobe *op); 265 + extern int arch_prepare_optimized_kprobe(struct optimized_kprobe *op); 266 + extern void arch_remove_optimized_kprobe(struct optimized_kprobe *op); 267 + extern int arch_optimize_kprobe(struct optimized_kprobe *op); 268 + extern void arch_unoptimize_kprobe(struct optimized_kprobe *op); 269 + extern kprobe_opcode_t *get_optinsn_slot(void); 270 + extern void free_optinsn_slot(kprobe_opcode_t *slot, int dirty); 271 + extern int arch_within_optimized_kprobe(struct optimized_kprobe *op, 272 + unsigned long addr); 273 + 274 + extern void opt_pre_handler(struct kprobe *p, struct pt_regs *regs); 275 + 276 + #ifdef CONFIG_SYSCTL 277 + extern int sysctl_kprobes_optimization; 278 + extern int proc_kprobes_optimization_handler(struct ctl_table *table, 279 + int write, void __user *buffer, 280 + size_t *length, loff_t *ppos); 281 + #endif 282 + 283 + #endif /* CONFIG_OPTPROBES */ 262 284 263 285 /* Get the kprobe at this addr (if any) - called with preemption disabled */ 264 286 struct kprobe *get_kprobe(void *addr);

+563 -96

kernel/kprobes.c

··· 42 42 #include <linux/freezer.h> 43 43 #include <linux/seq_file.h> 44 44 #include <linux/debugfs.h> 45 + #include <linux/sysctl.h> 45 46 #include <linux/kdebug.h> 46 47 #include <linux/memory.h> 47 48 #include <linux/ftrace.h> 49 + #include <linux/cpu.h> 48 50 49 51 #include <asm-generic/sections.h> 50 52 #include <asm/cacheflush.h> ··· 107 105 * stepping on the instruction on a vmalloced/kmalloced/data page 108 106 * is a recipe for disaster 109 107 */ 110 - #define INSNS_PER_PAGE (PAGE_SIZE/(MAX_INSN_SIZE * sizeof(kprobe_opcode_t))) 111 - 112 108 struct kprobe_insn_page { 113 109 struct list_head list; 114 110 kprobe_opcode_t *insns; /* Page of instruction slots */ 115 - char slot_used[INSNS_PER_PAGE]; 116 111 int nused; 117 112 int ngarbage; 113 + char slot_used[]; 118 114 }; 115 + 116 + #define KPROBE_INSN_PAGE_SIZE(slots) \ 117 + (offsetof(struct kprobe_insn_page, slot_used) + \ 118 + (sizeof(char) * (slots))) 119 + 120 + struct kprobe_insn_cache { 121 + struct list_head pages; /* list of kprobe_insn_page */ 122 + size_t insn_size; /* size of instruction slot */ 123 + int nr_garbage; 124 + }; 125 + 126 + static int slots_per_page(struct kprobe_insn_cache *c) 127 + { 128 + return PAGE_SIZE/(c->insn_size * sizeof(kprobe_opcode_t)); 129 + } 119 130 120 131 enum kprobe_slot_state { 121 132 SLOT_CLEAN = 0, ··· 136 121 SLOT_USED = 2, 137 122 }; 138 123 139 - static DEFINE_MUTEX(kprobe_insn_mutex); /* Protects kprobe_insn_pages */ 140 - static LIST_HEAD(kprobe_insn_pages); 141 - static int kprobe_garbage_slots; 142 - static int collect_garbage_slots(void); 124 + static DEFINE_MUTEX(kprobe_insn_mutex); /* Protects kprobe_insn_slots */ 125 + static struct kprobe_insn_cache kprobe_insn_slots = { 126 + .pages = LIST_HEAD_INIT(kprobe_insn_slots.pages), 127 + .insn_size = MAX_INSN_SIZE, 128 + .nr_garbage = 0, 129 + }; 130 + static int __kprobes collect_garbage_slots(struct kprobe_insn_cache *c); 143 131 144 132 /** 145 133 * __get_insn_slot() - Find a slot on an executable page for an instruction. 146 134 * We allocate an executable page if there's no room on existing ones. 147 135 */ 148 - static kprobe_opcode_t __kprobes *__get_insn_slot(void) 136 + static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) 149 137 { 150 138 struct kprobe_insn_page *kip; 151 139 152 140 retry: 153 - list_for_each_entry(kip, &kprobe_insn_pages, list) { 154 - if (kip->nused < INSNS_PER_PAGE) { 141 + list_for_each_entry(kip, &c->pages, list) { 142 + if (kip->nused < slots_per_page(c)) { 155 143 int i; 156 - for (i = 0; i < INSNS_PER_PAGE; i++) { 144 + for (i = 0; i < slots_per_page(c); i++) { 157 145 if (kip->slot_used[i] == SLOT_CLEAN) { 158 146 kip->slot_used[i] = SLOT_USED; 159 147 kip->nused++; 160 - return kip->insns + (i * MAX_INSN_SIZE); 148 + return kip->insns + (i * c->insn_size); 161 149 } 162 150 } 163 - /* Surprise! No unused slots. Fix kip->nused. */ 164 - kip->nused = INSNS_PER_PAGE; 151 + /* kip->nused is broken. Fix it. */ 152 + kip->nused = slots_per_page(c); 153 + WARN_ON(1); 165 154 } 166 155 } 167 156 168 157 /* If there are any garbage slots, collect it and try again. */ 169 - if (kprobe_garbage_slots && collect_garbage_slots() == 0) { 158 + if (c->nr_garbage && collect_garbage_slots(c) == 0) 170 159 goto retry; 171 - } 172 - /* All out of space. Need to allocate a new page. Use slot 0. */ 173 - kip = kmalloc(sizeof(struct kprobe_insn_page), GFP_KERNEL); 160 + 161 + /* All out of space. Need to allocate a new page. */ 162 + kip = kmalloc(KPROBE_INSN_PAGE_SIZE(slots_per_page(c)), GFP_KERNEL); 174 163 if (!kip) 175 164 return NULL; 176 165 ··· 189 170 return NULL; 190 171 } 191 172 INIT_LIST_HEAD(&kip->list); 192 - list_add(&kip->list, &kprobe_insn_pages); 193 - memset(kip->slot_used, SLOT_CLEAN, INSNS_PER_PAGE); 173 + memset(kip->slot_used, SLOT_CLEAN, slots_per_page(c)); 194 174 kip->slot_used[0] = SLOT_USED; 195 175 kip->nused = 1; 196 176 kip->ngarbage = 0; 177 + list_add(&kip->list, &c->pages); 197 178 return kip->insns; 198 179 } 199 180 181 + 200 182 kprobe_opcode_t __kprobes *get_insn_slot(void) 201 183 { 202 - kprobe_opcode_t *ret; 184 + kprobe_opcode_t *ret = NULL; 185 + 203 186 mutex_lock(&kprobe_insn_mutex); 204 - ret = __get_insn_slot(); 187 + ret = __get_insn_slot(&kprobe_insn_slots); 205 188 mutex_unlock(&kprobe_insn_mutex); 189 + 206 190 return ret; 207 191 } 208 192 ··· 221 199 * so as not to have to set it up again the 222 200 * next time somebody inserts a probe. 223 201 */ 224 - if (!list_is_singular(&kprobe_insn_pages)) { 202 + if (!list_is_singular(&kip->list)) { 225 203 list_del(&kip->list); 226 204 module_free(NULL, kip->insns); 227 205 kfree(kip); ··· 231 209 return 0; 232 210 } 233 211 234 - static int __kprobes collect_garbage_slots(void) 212 + static int __kprobes collect_garbage_slots(struct kprobe_insn_cache *c) 235 213 { 236 214 struct kprobe_insn_page *kip, *next; 237 215 238 216 /* Ensure no-one is interrupted on the garbages */ 239 217 synchronize_sched(); 240 218 241 - list_for_each_entry_safe(kip, next, &kprobe_insn_pages, list) { 219 + list_for_each_entry_safe(kip, next, &c->pages, list) { 242 220 int i; 243 221 if (kip->ngarbage == 0) 244 222 continue; 245 223 kip->ngarbage = 0; /* we will collect all garbages */ 246 - for (i = 0; i < INSNS_PER_PAGE; i++) { 224 + for (i = 0; i < slots_per_page(c); i++) { 247 225 if (kip->slot_used[i] == SLOT_DIRTY && 248 226 collect_one_slot(kip, i)) 249 227 break; 250 228 } 251 229 } 252 - kprobe_garbage_slots = 0; 230 + c->nr_garbage = 0; 253 231 return 0; 232 + } 233 + 234 + static void __kprobes __free_insn_slot(struct kprobe_insn_cache *c, 235 + kprobe_opcode_t *slot, int dirty) 236 + { 237 + struct kprobe_insn_page *kip; 238 + 239 + list_for_each_entry(kip, &c->pages, list) { 240 + long idx = ((long)slot - (long)kip->insns) / c->insn_size; 241 + if (idx >= 0 && idx < slots_per_page(c)) { 242 + WARN_ON(kip->slot_used[idx] != SLOT_USED); 243 + if (dirty) { 244 + kip->slot_used[idx] = SLOT_DIRTY; 245 + kip->ngarbage++; 246 + if (++c->nr_garbage > slots_per_page(c)) 247 + collect_garbage_slots(c); 248 + } else 249 + collect_one_slot(kip, idx); 250 + return; 251 + } 252 + } 253 + /* Could not free this slot. */ 254 + WARN_ON(1); 254 255 } 255 256 256 257 void __kprobes free_insn_slot(kprobe_opcode_t * slot, int dirty) 257 258 { 258 - struct kprobe_insn_page *kip; 259 - 260 259 mutex_lock(&kprobe_insn_mutex); 261 - list_for_each_entry(kip, &kprobe_insn_pages, list) { 262 - if (kip->insns <= slot && 263 - slot < kip->insns + (INSNS_PER_PAGE * MAX_INSN_SIZE)) { 264 - int i = (slot - kip->insns) / MAX_INSN_SIZE; 265 - if (dirty) { 266 - kip->slot_used[i] = SLOT_DIRTY; 267 - kip->ngarbage++; 268 - } else 269 - collect_one_slot(kip, i); 270 - break; 271 - } 272 - } 273 - 274 - if (dirty && ++kprobe_garbage_slots > INSNS_PER_PAGE) 275 - collect_garbage_slots(); 276 - 260 + __free_insn_slot(&kprobe_insn_slots, slot, dirty); 277 261 mutex_unlock(&kprobe_insn_mutex); 278 262 } 263 + #ifdef CONFIG_OPTPROBES 264 + /* For optimized_kprobe buffer */ 265 + static DEFINE_MUTEX(kprobe_optinsn_mutex); /* Protects kprobe_optinsn_slots */ 266 + static struct kprobe_insn_cache kprobe_optinsn_slots = { 267 + .pages = LIST_HEAD_INIT(kprobe_optinsn_slots.pages), 268 + /* .insn_size is initialized later */ 269 + .nr_garbage = 0, 270 + }; 271 + /* Get a slot for optimized_kprobe buffer */ 272 + kprobe_opcode_t __kprobes *get_optinsn_slot(void) 273 + { 274 + kprobe_opcode_t *ret = NULL; 275 + 276 + mutex_lock(&kprobe_optinsn_mutex); 277 + ret = __get_insn_slot(&kprobe_optinsn_slots); 278 + mutex_unlock(&kprobe_optinsn_mutex); 279 + 280 + return ret; 281 + } 282 + 283 + void __kprobes free_optinsn_slot(kprobe_opcode_t * slot, int dirty) 284 + { 285 + mutex_lock(&kprobe_optinsn_mutex); 286 + __free_insn_slot(&kprobe_optinsn_slots, slot, dirty); 287 + mutex_unlock(&kprobe_optinsn_mutex); 288 + } 289 + #endif 279 290 #endif 280 291 281 292 /* We have preemption disabled.. so it is safe to use __ versions */ ··· 339 284 if (p->addr == addr) 340 285 return p; 341 286 } 287 + 342 288 return NULL; 343 289 } 290 + 291 + static int __kprobes aggr_pre_handler(struct kprobe *p, struct pt_regs *regs); 292 + 293 + /* Return true if the kprobe is an aggregator */ 294 + static inline int kprobe_aggrprobe(struct kprobe *p) 295 + { 296 + return p->pre_handler == aggr_pre_handler; 297 + } 298 + 299 + /* 300 + * Keep all fields in the kprobe consistent 301 + */ 302 + static inline void copy_kprobe(struct kprobe *old_p, struct kprobe *p) 303 + { 304 + memcpy(&p->opcode, &old_p->opcode, sizeof(kprobe_opcode_t)); 305 + memcpy(&p->ainsn, &old_p->ainsn, sizeof(struct arch_specific_insn)); 306 + } 307 + 308 + #ifdef CONFIG_OPTPROBES 309 + /* NOTE: change this value only with kprobe_mutex held */ 310 + static bool kprobes_allow_optimization; 311 + 312 + /* 313 + * Call all pre_handler on the list, but ignores its return value. 314 + * This must be called from arch-dep optimized caller. 315 + */ 316 + void __kprobes opt_pre_handler(struct kprobe *p, struct pt_regs *regs) 317 + { 318 + struct kprobe *kp; 319 + 320 + list_for_each_entry_rcu(kp, &p->list, list) { 321 + if (kp->pre_handler && likely(!kprobe_disabled(kp))) { 322 + set_kprobe_instance(kp); 323 + kp->pre_handler(kp, regs); 324 + } 325 + reset_kprobe_instance(); 326 + } 327 + } 328 + 329 + /* Return true(!0) if the kprobe is ready for optimization. */ 330 + static inline int kprobe_optready(struct kprobe *p) 331 + { 332 + struct optimized_kprobe *op; 333 + 334 + if (kprobe_aggrprobe(p)) { 335 + op = container_of(p, struct optimized_kprobe, kp); 336 + return arch_prepared_optinsn(&op->optinsn); 337 + } 338 + 339 + return 0; 340 + } 341 + 342 + /* 343 + * Return an optimized kprobe whose optimizing code replaces 344 + * instructions including addr (exclude breakpoint). 345 + */ 346 + struct kprobe *__kprobes get_optimized_kprobe(unsigned long addr) 347 + { 348 + int i; 349 + struct kprobe *p = NULL; 350 + struct optimized_kprobe *op; 351 + 352 + /* Don't check i == 0, since that is a breakpoint case. */ 353 + for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH; i++) 354 + p = get_kprobe((void *)(addr - i)); 355 + 356 + if (p && kprobe_optready(p)) { 357 + op = container_of(p, struct optimized_kprobe, kp); 358 + if (arch_within_optimized_kprobe(op, addr)) 359 + return p; 360 + } 361 + 362 + return NULL; 363 + } 364 + 365 + /* Optimization staging list, protected by kprobe_mutex */ 366 + static LIST_HEAD(optimizing_list); 367 + 368 + static void kprobe_optimizer(struct work_struct *work); 369 + static DECLARE_DELAYED_WORK(optimizing_work, kprobe_optimizer); 370 + #define OPTIMIZE_DELAY 5 371 + 372 + /* Kprobe jump optimizer */ 373 + static __kprobes void kprobe_optimizer(struct work_struct *work) 374 + { 375 + struct optimized_kprobe *op, *tmp; 376 + 377 + /* Lock modules while optimizing kprobes */ 378 + mutex_lock(&module_mutex); 379 + mutex_lock(&kprobe_mutex); 380 + if (kprobes_all_disarmed || !kprobes_allow_optimization) 381 + goto end; 382 + 383 + /* 384 + * Wait for quiesence period to ensure all running interrupts 385 + * are done. Because optprobe may modify multiple instructions 386 + * there is a chance that Nth instruction is interrupted. In that 387 + * case, running interrupt can return to 2nd-Nth byte of jump 388 + * instruction. This wait is for avoiding it. 389 + */ 390 + synchronize_sched(); 391 + 392 + /* 393 + * The optimization/unoptimization refers online_cpus via 394 + * stop_machine() and cpu-hotplug modifies online_cpus. 395 + * And same time, text_mutex will be held in cpu-hotplug and here. 396 + * This combination can cause a deadlock (cpu-hotplug try to lock 397 + * text_mutex but stop_machine can not be done because online_cpus 398 + * has been changed) 399 + * To avoid this deadlock, we need to call get_online_cpus() 400 + * for preventing cpu-hotplug outside of text_mutex locking. 401 + */ 402 + get_online_cpus(); 403 + mutex_lock(&text_mutex); 404 + list_for_each_entry_safe(op, tmp, &optimizing_list, list) { 405 + WARN_ON(kprobe_disabled(&op->kp)); 406 + if (arch_optimize_kprobe(op) < 0) 407 + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; 408 + list_del_init(&op->list); 409 + } 410 + mutex_unlock(&text_mutex); 411 + put_online_cpus(); 412 + end: 413 + mutex_unlock(&kprobe_mutex); 414 + mutex_unlock(&module_mutex); 415 + } 416 + 417 + /* Optimize kprobe if p is ready to be optimized */ 418 + static __kprobes void optimize_kprobe(struct kprobe *p) 419 + { 420 + struct optimized_kprobe *op; 421 + 422 + /* Check if the kprobe is disabled or not ready for optimization. */ 423 + if (!kprobe_optready(p) || !kprobes_allow_optimization || 424 + (kprobe_disabled(p) || kprobes_all_disarmed)) 425 + return; 426 + 427 + /* Both of break_handler and post_handler are not supported. */ 428 + if (p->break_handler || p->post_handler) 429 + return; 430 + 431 + op = container_of(p, struct optimized_kprobe, kp); 432 + 433 + /* Check there is no other kprobes at the optimized instructions */ 434 + if (arch_check_optimized_kprobe(op) < 0) 435 + return; 436 + 437 + /* Check if it is already optimized. */ 438 + if (op->kp.flags & KPROBE_FLAG_OPTIMIZED) 439 + return; 440 + 441 + op->kp.flags |= KPROBE_FLAG_OPTIMIZED; 442 + list_add(&op->list, &optimizing_list); 443 + if (!delayed_work_pending(&optimizing_work)) 444 + schedule_delayed_work(&optimizing_work, OPTIMIZE_DELAY); 445 + } 446 + 447 + /* Unoptimize a kprobe if p is optimized */ 448 + static __kprobes void unoptimize_kprobe(struct kprobe *p) 449 + { 450 + struct optimized_kprobe *op; 451 + 452 + if ((p->flags & KPROBE_FLAG_OPTIMIZED) && kprobe_aggrprobe(p)) { 453 + op = container_of(p, struct optimized_kprobe, kp); 454 + if (!list_empty(&op->list)) 455 + /* Dequeue from the optimization queue */ 456 + list_del_init(&op->list); 457 + else 458 + /* Replace jump with break */ 459 + arch_unoptimize_kprobe(op); 460 + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; 461 + } 462 + } 463 + 464 + /* Remove optimized instructions */ 465 + static void __kprobes kill_optimized_kprobe(struct kprobe *p) 466 + { 467 + struct optimized_kprobe *op; 468 + 469 + op = container_of(p, struct optimized_kprobe, kp); 470 + if (!list_empty(&op->list)) { 471 + /* Dequeue from the optimization queue */ 472 + list_del_init(&op->list); 473 + op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; 474 + } 475 + /* Don't unoptimize, because the target code will be freed. */ 476 + arch_remove_optimized_kprobe(op); 477 + } 478 + 479 + /* Try to prepare optimized instructions */ 480 + static __kprobes void prepare_optimized_kprobe(struct kprobe *p) 481 + { 482 + struct optimized_kprobe *op; 483 + 484 + op = container_of(p, struct optimized_kprobe, kp); 485 + arch_prepare_optimized_kprobe(op); 486 + } 487 + 488 + /* Free optimized instructions and optimized_kprobe */ 489 + static __kprobes void free_aggr_kprobe(struct kprobe *p) 490 + { 491 + struct optimized_kprobe *op; 492 + 493 + op = container_of(p, struct optimized_kprobe, kp); 494 + arch_remove_optimized_kprobe(op); 495 + kfree(op); 496 + } 497 + 498 + /* Allocate new optimized_kprobe and try to prepare optimized instructions */ 499 + static __kprobes struct kprobe *alloc_aggr_kprobe(struct kprobe *p) 500 + { 501 + struct optimized_kprobe *op; 502 + 503 + op = kzalloc(sizeof(struct optimized_kprobe), GFP_KERNEL); 504 + if (!op) 505 + return NULL; 506 + 507 + INIT_LIST_HEAD(&op->list); 508 + op->kp.addr = p->addr; 509 + arch_prepare_optimized_kprobe(op); 510 + 511 + return &op->kp; 512 + } 513 + 514 + static void __kprobes init_aggr_kprobe(struct kprobe *ap, struct kprobe *p); 515 + 516 + /* 517 + * Prepare an optimized_kprobe and optimize it 518 + * NOTE: p must be a normal registered kprobe 519 + */ 520 + static __kprobes void try_to_optimize_kprobe(struct kprobe *p) 521 + { 522 + struct kprobe *ap; 523 + struct optimized_kprobe *op; 524 + 525 + ap = alloc_aggr_kprobe(p); 526 + if (!ap) 527 + return; 528 + 529 + op = container_of(ap, struct optimized_kprobe, kp); 530 + if (!arch_prepared_optinsn(&op->optinsn)) { 531 + /* If failed to setup optimizing, fallback to kprobe */ 532 + free_aggr_kprobe(ap); 533 + return; 534 + } 535 + 536 + init_aggr_kprobe(ap, p); 537 + optimize_kprobe(ap); 538 + } 539 + 540 + #ifdef CONFIG_SYSCTL 541 + static void __kprobes optimize_all_kprobes(void) 542 + { 543 + struct hlist_head *head; 544 + struct hlist_node *node; 545 + struct kprobe *p; 546 + unsigned int i; 547 + 548 + /* If optimization is already allowed, just return */ 549 + if (kprobes_allow_optimization) 550 + return; 551 + 552 + kprobes_allow_optimization = true; 553 + mutex_lock(&text_mutex); 554 + for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 555 + head = &kprobe_table[i]; 556 + hlist_for_each_entry_rcu(p, node, head, hlist) 557 + if (!kprobe_disabled(p)) 558 + optimize_kprobe(p); 559 + } 560 + mutex_unlock(&text_mutex); 561 + printk(KERN_INFO "Kprobes globally optimized\n"); 562 + } 563 + 564 + static void __kprobes unoptimize_all_kprobes(void) 565 + { 566 + struct hlist_head *head; 567 + struct hlist_node *node; 568 + struct kprobe *p; 569 + unsigned int i; 570 + 571 + /* If optimization is already prohibited, just return */ 572 + if (!kprobes_allow_optimization) 573 + return; 574 + 575 + kprobes_allow_optimization = false; 576 + printk(KERN_INFO "Kprobes globally unoptimized\n"); 577 + get_online_cpus(); /* For avoiding text_mutex deadlock */ 578 + mutex_lock(&text_mutex); 579 + for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 580 + head = &kprobe_table[i]; 581 + hlist_for_each_entry_rcu(p, node, head, hlist) { 582 + if (!kprobe_disabled(p)) 583 + unoptimize_kprobe(p); 584 + } 585 + } 586 + 587 + mutex_unlock(&text_mutex); 588 + put_online_cpus(); 589 + /* Allow all currently running kprobes to complete */ 590 + synchronize_sched(); 591 + } 592 + 593 + int sysctl_kprobes_optimization; 594 + int proc_kprobes_optimization_handler(struct ctl_table *table, int write, 595 + void __user *buffer, size_t *length, 596 + loff_t *ppos) 597 + { 598 + int ret; 599 + 600 + mutex_lock(&kprobe_mutex); 601 + sysctl_kprobes_optimization = kprobes_allow_optimization ? 1 : 0; 602 + ret = proc_dointvec_minmax(table, write, buffer, length, ppos); 603 + 604 + if (sysctl_kprobes_optimization) 605 + optimize_all_kprobes(); 606 + else 607 + unoptimize_all_kprobes(); 608 + mutex_unlock(&kprobe_mutex); 609 + 610 + return ret; 611 + } 612 + #endif /* CONFIG_SYSCTL */ 613 + 614 + static void __kprobes __arm_kprobe(struct kprobe *p) 615 + { 616 + struct kprobe *old_p; 617 + 618 + /* Check collision with other optimized kprobes */ 619 + old_p = get_optimized_kprobe((unsigned long)p->addr); 620 + if (unlikely(old_p)) 621 + unoptimize_kprobe(old_p); /* Fallback to unoptimized kprobe */ 622 + 623 + arch_arm_kprobe(p); 624 + optimize_kprobe(p); /* Try to optimize (add kprobe to a list) */ 625 + } 626 + 627 + static void __kprobes __disarm_kprobe(struct kprobe *p) 628 + { 629 + struct kprobe *old_p; 630 + 631 + unoptimize_kprobe(p); /* Try to unoptimize */ 632 + arch_disarm_kprobe(p); 633 + 634 + /* If another kprobe was blocked, optimize it. */ 635 + old_p = get_optimized_kprobe((unsigned long)p->addr); 636 + if (unlikely(old_p)) 637 + optimize_kprobe(old_p); 638 + } 639 + 640 + #else /* !CONFIG_OPTPROBES */ 641 + 642 + #define optimize_kprobe(p) do {} while (0) 643 + #define unoptimize_kprobe(p) do {} while (0) 644 + #define kill_optimized_kprobe(p) do {} while (0) 645 + #define prepare_optimized_kprobe(p) do {} while (0) 646 + #define try_to_optimize_kprobe(p) do {} while (0) 647 + #define __arm_kprobe(p) arch_arm_kprobe(p) 648 + #define __disarm_kprobe(p) arch_disarm_kprobe(p) 649 + 650 + static __kprobes void free_aggr_kprobe(struct kprobe *p) 651 + { 652 + kfree(p); 653 + } 654 + 655 + static __kprobes struct kprobe *alloc_aggr_kprobe(struct kprobe *p) 656 + { 657 + return kzalloc(sizeof(struct kprobe), GFP_KERNEL); 658 + } 659 + #endif /* CONFIG_OPTPROBES */ 344 660 345 661 /* Arm a kprobe with text_mutex */ 346 662 static void __kprobes arm_kprobe(struct kprobe *kp) 347 663 { 664 + /* 665 + * Here, since __arm_kprobe() doesn't use stop_machine(), 666 + * this doesn't cause deadlock on text_mutex. So, we don't 667 + * need get_online_cpus(). 668 + */ 348 669 mutex_lock(&text_mutex); 349 - arch_arm_kprobe(kp); 670 + __arm_kprobe(kp); 350 671 mutex_unlock(&text_mutex); 351 672 } 352 673 353 674 /* Disarm a kprobe with text_mutex */ 354 675 static void __kprobes disarm_kprobe(struct kprobe *kp) 355 676 { 677 + get_online_cpus(); /* For avoiding text_mutex deadlock */ 356 678 mutex_lock(&text_mutex); 357 - arch_disarm_kprobe(kp); 679 + __disarm_kprobe(kp); 358 680 mutex_unlock(&text_mutex); 681 + put_online_cpus(); 359 682 } 360 683 361 684 /* ··· 802 369 void __kprobes kprobes_inc_nmissed_count(struct kprobe *p) 803 370 { 804 371 struct kprobe *kp; 805 - if (p->pre_handler != aggr_pre_handler) { 372 + if (!kprobe_aggrprobe(p)) { 806 373 p->nmissed++; 807 374 } else { 808 375 list_for_each_entry_rcu(kp, &p->list, list) ··· 926 493 } 927 494 928 495 /* 929 - * Keep all fields in the kprobe consistent 930 - */ 931 - static inline void copy_kprobe(struct kprobe *old_p, struct kprobe *p) 932 - { 933 - memcpy(&p->opcode, &old_p->opcode, sizeof(kprobe_opcode_t)); 934 - memcpy(&p->ainsn, &old_p->ainsn, sizeof(struct arch_specific_insn)); 935 - } 936 - 937 - /* 938 496 * Add the new probe to ap->list. Fail if this is the 939 497 * second jprobe at the address - two jprobes can't coexist 940 498 */ 941 499 static int __kprobes add_new_kprobe(struct kprobe *ap, struct kprobe *p) 942 500 { 943 501 BUG_ON(kprobe_gone(ap) || kprobe_gone(p)); 502 + 503 + if (p->break_handler || p->post_handler) 504 + unoptimize_kprobe(ap); /* Fall back to normal kprobe */ 505 + 944 506 if (p->break_handler) { 945 507 if (ap->break_handler) 946 508 return -EEXIST; ··· 950 522 ap->flags &= ~KPROBE_FLAG_DISABLED; 951 523 if (!kprobes_all_disarmed) 952 524 /* Arm the breakpoint again. */ 953 - arm_kprobe(ap); 525 + __arm_kprobe(ap); 954 526 } 955 527 return 0; 956 528 } ··· 959 531 * Fill in the required fields of the "manager kprobe". Replace the 960 532 * earlier kprobe in the hlist with the manager kprobe 961 533 */ 962 - static inline void add_aggr_kprobe(struct kprobe *ap, struct kprobe *p) 534 + static void __kprobes init_aggr_kprobe(struct kprobe *ap, struct kprobe *p) 963 535 { 536 + /* Copy p's insn slot to ap */ 964 537 copy_kprobe(p, ap); 965 538 flush_insn_slot(ap); 966 539 ap->addr = p->addr; 967 - ap->flags = p->flags; 540 + ap->flags = p->flags & ~KPROBE_FLAG_OPTIMIZED; 968 541 ap->pre_handler = aggr_pre_handler; 969 542 ap->fault_handler = aggr_fault_handler; 970 543 /* We don't care the kprobe which has gone. */ ··· 975 546 ap->break_handler = aggr_break_handler; 976 547 977 548 INIT_LIST_HEAD(&ap->list); 978 - list_add_rcu(&p->list, &ap->list); 549 + INIT_HLIST_NODE(&ap->hlist); 979 550 551 + list_add_rcu(&p->list, &ap->list); 980 552 hlist_replace_rcu(&p->hlist, &ap->hlist); 981 553 } 982 554 ··· 991 561 int ret = 0; 992 562 struct kprobe *ap = old_p; 993 563 994 - if (old_p->pre_handler != aggr_pre_handler) { 995 - /* If old_p is not an aggr_probe, create new aggr_kprobe. */ 996 - ap = kzalloc(sizeof(struct kprobe), GFP_KERNEL); 564 + if (!kprobe_aggrprobe(old_p)) { 565 + /* If old_p is not an aggr_kprobe, create new aggr_kprobe. */ 566 + ap = alloc_aggr_kprobe(old_p); 997 567 if (!ap) 998 568 return -ENOMEM; 999 - add_aggr_kprobe(ap, old_p); 569 + init_aggr_kprobe(ap, old_p); 1000 570 } 1001 571 1002 572 if (kprobe_gone(ap)) { ··· 1015 585 */ 1016 586 return ret; 1017 587 588 + /* Prepare optimized instructions if possible. */ 589 + prepare_optimized_kprobe(ap); 590 + 1018 591 /* 1019 592 * Clear gone flag to prevent allocating new slot again, and 1020 593 * set disabled flag because it is not armed yet. ··· 1026 593 | KPROBE_FLAG_DISABLED; 1027 594 } 1028 595 596 + /* Copy ap's insn slot to p */ 1029 597 copy_kprobe(ap, p); 1030 598 return add_new_kprobe(ap, p); 1031 599 } ··· 1177 743 p->nmissed = 0; 1178 744 INIT_LIST_HEAD(&p->list); 1179 745 mutex_lock(&kprobe_mutex); 746 + 747 + get_online_cpus(); /* For avoiding text_mutex deadlock. */ 748 + mutex_lock(&text_mutex); 749 + 1180 750 old_p = get_kprobe(p->addr); 1181 751 if (old_p) { 752 + /* Since this may unoptimize old_p, locking text_mutex. */ 1182 753 ret = register_aggr_kprobe(old_p, p); 1183 754 goto out; 1184 755 } 1185 756 1186 - mutex_lock(&text_mutex); 1187 757 ret = arch_prepare_kprobe(p); 1188 758 if (ret) 1189 - goto out_unlock_text; 759 + goto out; 1190 760 1191 761 INIT_HLIST_NODE(&p->hlist); 1192 762 hlist_add_head_rcu(&p->hlist, 1193 763 &kprobe_table[hash_ptr(p->addr, KPROBE_HASH_BITS)]); 1194 764 1195 765 if (!kprobes_all_disarmed && !kprobe_disabled(p)) 1196 - arch_arm_kprobe(p); 766 + __arm_kprobe(p); 1197 767 1198 - out_unlock_text: 1199 - mutex_unlock(&text_mutex); 768 + /* Try to optimize kprobe */ 769 + try_to_optimize_kprobe(p); 770 + 1200 771 out: 772 + mutex_unlock(&text_mutex); 773 + put_online_cpus(); 1201 774 mutex_unlock(&kprobe_mutex); 1202 775 1203 776 if (probed_mod) ··· 1226 785 return -EINVAL; 1227 786 1228 787 if (old_p == p || 1229 - (old_p->pre_handler == aggr_pre_handler && 788 + (kprobe_aggrprobe(old_p) && 1230 789 list_is_singular(&old_p->list))) { 1231 790 /* 1232 791 * Only probe on the hash list. Disarm only if kprobes are ··· 1234 793 * already have been removed. We save on flushing icache. 1235 794 */ 1236 795 if (!kprobes_all_disarmed && !kprobe_disabled(old_p)) 1237 - disarm_kprobe(p); 796 + disarm_kprobe(old_p); 1238 797 hlist_del_rcu(&old_p->hlist); 1239 798 } else { 1240 799 if (p->break_handler && !kprobe_gone(p)) ··· 1250 809 list_del_rcu(&p->list); 1251 810 if (!kprobe_disabled(old_p)) { 1252 811 try_to_disable_aggr_kprobe(old_p); 1253 - if (!kprobes_all_disarmed && kprobe_disabled(old_p)) 1254 - disarm_kprobe(old_p); 812 + if (!kprobes_all_disarmed) { 813 + if (kprobe_disabled(old_p)) 814 + disarm_kprobe(old_p); 815 + else 816 + /* Try to optimize this probe again */ 817 + optimize_kprobe(old_p); 818 + } 1255 819 } 1256 820 } 1257 821 return 0; ··· 1273 827 old_p = list_entry(p->list.next, struct kprobe, list); 1274 828 list_del(&p->list); 1275 829 arch_remove_kprobe(old_p); 1276 - kfree(old_p); 830 + free_aggr_kprobe(old_p); 1277 831 } 1278 832 } 1279 833 ··· 1569 1123 struct kprobe *kp; 1570 1124 1571 1125 p->flags |= KPROBE_FLAG_GONE; 1572 - if (p->pre_handler == aggr_pre_handler) { 1126 + if (kprobe_aggrprobe(p)) { 1573 1127 /* 1574 1128 * If this is an aggr_kprobe, we have to list all the 1575 1129 * chained probes and mark them GONE. ··· 1578 1132 kp->flags |= KPROBE_FLAG_GONE; 1579 1133 p->post_handler = NULL; 1580 1134 p->break_handler = NULL; 1135 + kill_optimized_kprobe(p); 1581 1136 } 1582 1137 /* 1583 1138 * Here, we can remove insn_slot safely, because no thread calls ··· 1688 1241 } 1689 1242 } 1690 1243 1244 + #if defined(CONFIG_OPTPROBES) 1245 + #if defined(__ARCH_WANT_KPROBES_INSN_SLOT) 1246 + /* Init kprobe_optinsn_slots */ 1247 + kprobe_optinsn_slots.insn_size = MAX_OPTINSN_SIZE; 1248 + #endif 1249 + /* By default, kprobes can be optimized */ 1250 + kprobes_allow_optimization = true; 1251 + #endif 1252 + 1691 1253 /* By default, kprobes are armed */ 1692 1254 kprobes_all_disarmed = false; 1693 1255 ··· 1715 1259 1716 1260 #ifdef CONFIG_DEBUG_FS 1717 1261 static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, 1718 - const char *sym, int offset,char *modname) 1262 + const char *sym, int offset, char *modname, struct kprobe *pp) 1719 1263 { 1720 1264 char *kprobe_type; 1721 1265 ··· 1725 1269 kprobe_type = "j"; 1726 1270 else 1727 1271 kprobe_type = "k"; 1272 + 1728 1273 if (sym) 1729 - seq_printf(pi, "%p %s %s+0x%x %s %s%s\n", 1274 + seq_printf(pi, "%p %s %s+0x%x %s ", 1730 1275 p->addr, kprobe_type, sym, offset, 1731 - (modname ? modname : " "), 1732 - (kprobe_gone(p) ? "[GONE]" : ""), 1733 - ((kprobe_disabled(p) && !kprobe_gone(p)) ? 1734 - "[DISABLED]" : "")); 1276 + (modname ? modname : " ")); 1735 1277 else 1736 - seq_printf(pi, "%p %s %p %s%s\n", 1737 - p->addr, kprobe_type, p->addr, 1738 - (kprobe_gone(p) ? "[GONE]" : ""), 1739 - ((kprobe_disabled(p) && !kprobe_gone(p)) ? 1740 - "[DISABLED]" : "")); 1278 + seq_printf(pi, "%p %s %p ", 1279 + p->addr, kprobe_type, p->addr); 1280 + 1281 + if (!pp) 1282 + pp = p; 1283 + seq_printf(pi, "%s%s%s\n", 1284 + (kprobe_gone(p) ? "[GONE]" : ""), 1285 + ((kprobe_disabled(p) && !kprobe_gone(p)) ? "[DISABLED]" : ""), 1286 + (kprobe_optimized(pp) ? "[OPTIMIZED]" : "")); 1741 1287 } 1742 1288 1743 1289 static void __kprobes *kprobe_seq_start(struct seq_file *f, loff_t *pos) ··· 1775 1317 hlist_for_each_entry_rcu(p, node, head, hlist) { 1776 1318 sym = kallsyms_lookup((unsigned long)p->addr, NULL, 1777 1319 &offset, &modname, namebuf); 1778 - if (p->pre_handler == aggr_pre_handler) { 1320 + if (kprobe_aggrprobe(p)) { 1779 1321 list_for_each_entry_rcu(kp, &p->list, list) 1780 - report_probe(pi, kp, sym, offset, modname); 1322 + report_probe(pi, kp, sym, offset, modname, p); 1781 1323 } else 1782 - report_probe(pi, p, sym, offset, modname); 1324 + report_probe(pi, p, sym, offset, modname, NULL); 1783 1325 } 1784 1326 preempt_enable(); 1785 1327 return 0; ··· 1857 1399 goto out; 1858 1400 } 1859 1401 1860 - if (!kprobes_all_disarmed && kprobe_disabled(p)) 1861 - arm_kprobe(p); 1862 - 1863 - p->flags &= ~KPROBE_FLAG_DISABLED; 1864 1402 if (p != kp) 1865 1403 kp->flags &= ~KPROBE_FLAG_DISABLED; 1404 + 1405 + if (!kprobes_all_disarmed && kprobe_disabled(p)) { 1406 + p->flags &= ~KPROBE_FLAG_DISABLED; 1407 + arm_kprobe(p); 1408 + } 1866 1409 out: 1867 1410 mutex_unlock(&kprobe_mutex); 1868 1411 return ret; ··· 1883 1424 if (!kprobes_all_disarmed) 1884 1425 goto already_enabled; 1885 1426 1427 + /* Arming kprobes doesn't optimize kprobe itself */ 1886 1428 mutex_lock(&text_mutex); 1887 1429 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1888 1430 head = &kprobe_table[i]; 1889 1431 hlist_for_each_entry_rcu(p, node, head, hlist) 1890 1432 if (!kprobe_disabled(p)) 1891 - arch_arm_kprobe(p); 1433 + __arm_kprobe(p); 1892 1434 } 1893 1435 mutex_unlock(&text_mutex); 1894 1436 ··· 1916 1456 1917 1457 kprobes_all_disarmed = true; 1918 1458 printk(KERN_INFO "Kprobes globally disabled\n"); 1459 + 1460 + /* 1461 + * Here we call get_online_cpus() for avoiding text_mutex deadlock, 1462 + * because disarming may also unoptimize kprobes. 1463 + */ 1464 + get_online_cpus(); 1919 1465 mutex_lock(&text_mutex); 1920 1466 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1921 1467 head = &kprobe_table[i]; 1922 1468 hlist_for_each_entry_rcu(p, node, head, hlist) { 1923 1469 if (!arch_trampoline_kprobe(p) && !kprobe_disabled(p)) 1924 - arch_disarm_kprobe(p); 1470 + __disarm_kprobe(p); 1925 1471 } 1926 1472 } 1927 1473 1928 1474 mutex_unlock(&text_mutex); 1475 + put_online_cpus(); 1929 1476 mutex_unlock(&kprobe_mutex); 1930 1477 /* Allow all currently running kprobes to complete */ 1931 1478 synchronize_sched();

+12

kernel/sysctl.c

··· 50 50 #include <linux/ftrace.h> 51 51 #include <linux/slow-work.h> 52 52 #include <linux/perf_event.h> 53 + #include <linux/kprobes.h> 53 54 54 55 #include <asm/uaccess.h> 55 56 #include <asm/processor.h> ··· 1449 1448 .maxlen = sizeof(int), 1450 1449 .mode = 0644, 1451 1450 .proc_handler = proc_dointvec 1451 + }, 1452 + #endif 1453 + #if defined(CONFIG_OPTPROBES) 1454 + { 1455 + .procname = "kprobes-optimization", 1456 + .data = &sysctl_kprobes_optimization, 1457 + .maxlen = sizeof(int), 1458 + .mode = 0644, 1459 + .proc_handler = proc_kprobes_optimization_handler, 1460 + .extra1 = &zero, 1461 + .extra2 = &one, 1452 1462 }, 1453 1463 #endif 1454 1464 { }

+53 -5

tools/perf/Documentation/perf-probe.txt

··· 41 41 42 42 -d:: 43 43 --del=:: 44 - Delete a probe event. 44 + Delete probe events. This accepts glob wildcards('*', '?') and character 45 + classes(e.g. [a-z], [!A-Z]). 45 46 46 47 -l:: 47 48 --list:: ··· 51 50 -L:: 52 51 --line=:: 53 52 Show source code lines which can be probed. This needs an argument 54 - which specifies a range of the source code. 53 + which specifies a range of the source code. (see LINE SYNTAX for detail) 54 + 55 + -f:: 56 + --force:: 57 + Forcibly add events with existing name. 55 58 56 59 PROBE SYNTAX 57 60 ------------ 58 61 Probe points are defined by following syntax. 59 62 60 - "[EVENT=]FUNC[+OFFS|:RLN|%return][@SRC]|SRC:ALN [ARG ...]" 63 + 1) Define event based on function name 64 + [EVENT=]FUNC[@SRC][:RLN|+OFFS|%return|;PTN] [ARG ...] 65 + 66 + 2) Define event based on source file with line number 67 + [EVENT=]SRC:ALN [ARG ...] 68 + 69 + 3) Define event based on source file with lazy pattern 70 + [EVENT=]SRC;PTN [ARG ...] 71 + 61 72 62 73 'EVENT' specifies the name of new event, if omitted, it will be set the name of the probed function. Currently, event group name is set as 'probe'. 63 - 'FUNC' specifies a probed function name, and it may have one of the following options; '+OFFS' is the offset from function entry address in bytes, 'RLN' is the relative-line number from function entry line, and '%return' means that it probes function return. In addition, 'SRC' specifies a source file which has that function. 64 - It is also possible to specify a probe point by the source line number by using 'SRC:ALN' syntax, where 'SRC' is the source file path and 'ALN' is the line number. 74 + 'FUNC' specifies a probed function name, and it may have one of the following options; '+OFFS' is the offset from function entry address in bytes, ':RLN' is the relative-line number from function entry line, and '%return' means that it probes function return. And ';PTN' means lazy matching pattern (see LAZY MATCHING). Note that ';PTN' must be the end of the probe point definition. In addition, '@SRC' specifies a source file which has that function. 75 + It is also possible to specify a probe point by the source line number or lazy matching by using 'SRC:ALN' or 'SRC;PTN' syntax, where 'SRC' is the source file path, ':ALN' is the line number and ';PTN' is the lazy matching pattern. 65 76 'ARG' specifies the arguments of this probe point. You can use the name of local variable, or kprobe-tracer argument format (e.g. $retval, %ax, etc). 66 77 67 78 LINE SYNTAX ··· 88 75 and 'ALN2' is end line number in the file. It is also possible to specify how 89 76 many lines to show by using 'NUM'. 90 77 So, "source.c:100-120" shows lines between 100th to l20th in source.c file. And "func:10+20" shows 20 lines from 10th line of func function. 78 + 79 + LAZY MATCHING 80 + ------------- 81 + The lazy line matching is similar to glob matching but ignoring spaces in both of pattern and target. So this accepts wildcards('*', '?') and character classes(e.g. [a-z], [!A-Z]). 82 + 83 + e.g. 84 + 'a=*' can matches 'a=b', 'a = b', 'a == b' and so on. 85 + 86 + This provides some sort of flexibility and robustness to probe point definitions against minor code changes. For example, actual 10th line of schedule() can be moved easily by modifying schedule(), but the same line matching 'rq=cpu_rq*' may still exist in the function.) 87 + 88 + 89 + EXAMPLES 90 + -------- 91 + Display which lines in schedule() can be probed: 92 + 93 + ./perf probe --line schedule 94 + 95 + Add a probe on schedule() function 12th line with recording cpu local variable: 96 + 97 + ./perf probe schedule:12 cpu 98 + or 99 + ./perf probe --add='schedule:12 cpu' 100 + 101 + this will add one or more probes which has the name start with "schedule". 102 + 103 + Add probes on lines in schedule() function which calls update_rq_clock(). 104 + 105 + ./perf probe 'schedule;update_rq_clock*' 106 + or 107 + ./perf probe --add='schedule;update_rq_clock*' 108 + 109 + Delete all probes on schedule(). 110 + 111 + ./perf probe --del='schedule*' 112 + 91 113 92 114 SEE ALSO 93 115 --------

+5 -5

tools/perf/Makefile

··· 500 500 msg := $(error No libelf.h/libelf found, please install libelf-dev/elfutils-libelf-devel and glibc-dev[el]); 501 501 endif 502 502 503 - ifneq ($(shell sh -c "(echo '\#ifndef _MIPS_SZLONG'; echo '\#define _MIPS_SZLONG 0'; echo '\#endif'; echo '\#include <dwarf.h>'; echo '\#include <libdwarf.h>'; echo 'int main(void) { Dwarf_Debug dbg; Dwarf_Error err; Dwarf_Ranges *rng; dwarf_init(0, DW_DLC_READ, 0, 0, &dbg, &err); dwarf_get_ranges(dbg, 0, &rng, 0, 0, &err); return (long)dbg; }') | $(CC) -x c - $(ALL_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/libdwarf -ldwarf -lelf -o $(BITBUCKET) $(ALL_LDFLAGS) $(EXTLIBS) "$(QUIET_STDERR)" && echo y"), y) 504 - msg := $(warning No libdwarf.h found or old libdwarf.h found, disables dwarf support. Please install libdwarf-dev/libdwarf-devel >= 20081231); 505 - BASIC_CFLAGS += -DNO_LIBDWARF 503 + ifneq ($(shell sh -c "(echo '\#include <dwarf.h>'; echo '\#include <libdw.h>'; echo 'int main(void) { Dwarf *dbg; dbg = dwarf_begin(0, DWARF_C_READ); return (long)dbg; }') | $(CC) -x c - $(ALL_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/elfutils -ldw -lelf -o $(BITBUCKET) $(ALL_LDFLAGS) $(EXTLIBS) "$(QUIET_STDERR)" && echo y"), y) 504 + msg := $(warning No libdw.h found or old libdw.h found, disables dwarf support. Please install elfutils-devel/elfutils-dev); 505 + BASIC_CFLAGS += -DNO_DWARF_SUPPORT 506 506 else 507 - BASIC_CFLAGS += -I/usr/include/libdwarf 508 - EXTLIBS += -lelf -ldwarf 507 + BASIC_CFLAGS += -I/usr/include/elfutils 508 + EXTLIBS += -lelf -ldw 509 509 LIB_OBJS += util/probe-finder.o 510 510 endif 511 511

+20 -16

tools/perf/builtin-probe.c

··· 128 128 pp->function); 129 129 } 130 130 131 - #ifndef NO_LIBDWARF 131 + #ifndef NO_DWARF_SUPPORT 132 132 static int open_vmlinux(void) 133 133 { 134 134 if (map__load(session.kmaps[MAP__FUNCTION], NULL) < 0) { ··· 156 156 "perf probe [<options>] --add 'PROBEDEF' [--add 'PROBEDEF' ...]", 157 157 "perf probe [<options>] --del '[GROUP:]EVENT' ...", 158 158 "perf probe --list", 159 + #ifndef NO_DWARF_SUPPORT 159 160 "perf probe --line 'LINEDESC'", 161 + #endif 160 162 NULL 161 163 }; 162 164 163 165 static const struct option options[] = { 164 166 OPT_BOOLEAN('v', "verbose", &verbose, 165 167 "be more verbose (show parsed arguments, etc)"), 166 - #ifndef NO_LIBDWARF 168 + #ifndef NO_DWARF_SUPPORT 167 169 OPT_STRING('k', "vmlinux", &symbol_conf.vmlinux_name, 168 170 "file", "vmlinux pathname"), 169 171 #endif ··· 174 172 OPT_CALLBACK('d', "del", NULL, "[GROUP:]EVENT", "delete a probe event.", 175 173 opt_del_probe_event), 176 174 OPT_CALLBACK('a', "add", NULL, 177 - #ifdef NO_LIBDWARF 178 - "[EVENT=]FUNC[+OFFS|%return] [ARG ...]", 175 + #ifdef NO_DWARF_SUPPORT 176 + "[EVENT=]FUNC[+OFF|%return] [ARG ...]", 179 177 #else 180 - "[EVENT=]FUNC[+OFFS|%return|:RLN][@SRC]|SRC:ALN [ARG ...]", 178 + "[EVENT=]FUNC[@SRC][+OFF|%return|:RL|;PT]|SRC:AL|SRC;PT" 179 + " [ARG ...]", 181 180 #endif 182 181 "probe point definition, where\n" 183 182 "\t\tGROUP:\tGroup name (optional)\n" 184 183 "\t\tEVENT:\tEvent name\n" 185 184 "\t\tFUNC:\tFunction name\n" 186 - "\t\tOFFS:\tOffset from function entry (in byte)\n" 185 + "\t\tOFF:\tOffset from function entry (in byte)\n" 187 186 "\t\t%return:\tPut the probe at function return\n" 188 - #ifdef NO_LIBDWARF 187 + #ifdef NO_DWARF_SUPPORT 189 188 "\t\tARG:\tProbe argument (only \n" 190 189 #else 191 190 "\t\tSRC:\tSource code path\n" 192 - "\t\tRLN:\tRelative line number from function entry.\n" 193 - "\t\tALN:\tAbsolute line number in file.\n" 191 + "\t\tRL:\tRelative line number from function entry.\n" 192 + "\t\tAL:\tAbsolute line number in file.\n" 193 + "\t\tPT:\tLazy expression of line code.\n" 194 194 "\t\tARG:\tProbe argument (local variable name or\n" 195 195 #endif 196 196 "\t\t\tkprobe-tracer argument format.)\n", 197 197 opt_add_probe_event), 198 198 OPT_BOOLEAN('f', "force", &session.force_add, "forcibly add events" 199 199 " with existing name"), 200 - #ifndef NO_LIBDWARF 200 + #ifndef NO_DWARF_SUPPORT 201 201 OPT_CALLBACK('L', "line", NULL, 202 202 "FUNC[:RLN[+NUM|:RLN2]]|SRC:ALN[+NUM|:ALN2]", 203 203 "Show source code lines.", opt_show_lines), ··· 227 223 int cmd_probe(int argc, const char **argv, const char *prefix __used) 228 224 { 229 225 int i, ret; 230 - #ifndef NO_LIBDWARF 226 + #ifndef NO_DWARF_SUPPORT 231 227 int fd; 232 228 #endif 233 229 struct probe_point *pp; ··· 263 259 return 0; 264 260 } 265 261 266 - #ifndef NO_LIBDWARF 262 + #ifndef NO_DWARF_SUPPORT 267 263 if (session.show_lines) { 268 264 if (session.nr_probe != 0 || session.dellist) { 269 265 pr_warning(" Error: Don't use --line with" ··· 294 290 init_vmlinux(); 295 291 296 292 if (session.need_dwarf) 297 - #ifdef NO_LIBDWARF 293 + #ifdef NO_DWARF_SUPPORT 298 294 die("Debuginfo-analysis is not supported"); 299 - #else /* !NO_LIBDWARF */ 295 + #else /* !NO_DWARF_SUPPORT */ 300 296 pr_debug("Some probes require debuginfo.\n"); 301 297 302 298 fd = open_vmlinux(); ··· 316 312 continue; 317 313 318 314 lseek(fd, SEEK_SET, 0); 319 - ret = find_probepoint(fd, pp); 315 + ret = find_probe_point(fd, pp); 320 316 if (ret > 0) 321 317 continue; 322 318 if (ret == 0) { /* No error but failed to find probe point. */ ··· 337 333 close(fd); 338 334 339 335 end_dwarf: 340 - #endif /* !NO_LIBDWARF */ 336 + #endif /* !NO_DWARF_SUPPORT */ 341 337 342 338 /* Synthesize probes without dwarf */ 343 339 for (i = 0; i < session.nr_probe; i++) {

+37 -18

tools/perf/util/probe-event.c

··· 119 119 char c, nc = 0; 120 120 /* 121 121 * <Syntax> 122 - * perf probe [EVENT=]SRC:LN 123 - * perf probe [EVENT=]FUNC[+OFFS|%return][@SRC] 122 + * perf probe [EVENT=]SRC[:LN|;PTN] 123 + * perf probe [EVENT=]FUNC[@SRC][+OFFS|%return|:LN|;PAT] 124 124 * 125 125 * TODO:Group name support 126 126 */ 127 127 128 - ptr = strchr(arg, '='); 129 - if (ptr) { /* Event name */ 128 + ptr = strpbrk(arg, ";=@+%"); 129 + if (ptr && *ptr == '=') { /* Event name */ 130 130 *ptr = '\0'; 131 131 tmp = ptr + 1; 132 132 ptr = strchr(arg, ':'); ··· 139 139 arg = tmp; 140 140 } 141 141 142 - ptr = strpbrk(arg, ":+@%"); 142 + ptr = strpbrk(arg, ";:+@%"); 143 143 if (ptr) { 144 144 nc = *ptr; 145 145 *ptr++ = '\0'; ··· 156 156 while (ptr) { 157 157 arg = ptr; 158 158 c = nc; 159 - ptr = strpbrk(arg, ":+@%"); 159 + if (c == ';') { /* Lazy pattern must be the last part */ 160 + pp->lazy_line = strdup(arg); 161 + break; 162 + } 163 + ptr = strpbrk(arg, ";:+@%"); 160 164 if (ptr) { 161 165 nc = *ptr; 162 166 *ptr++ = '\0'; ··· 169 165 case ':': /* Line number */ 170 166 pp->line = strtoul(arg, &tmp, 0); 171 167 if (*tmp != '\0') 172 - semantic_error("There is non-digit charactor" 173 - " in line number."); 168 + semantic_error("There is non-digit char" 169 + " in line number."); 174 170 break; 175 171 case '+': /* Byte offset from a symbol */ 176 172 pp->offset = strtoul(arg, &tmp, 0); 177 173 if (*tmp != '\0') 178 - semantic_error("There is non-digit charactor" 174 + semantic_error("There is non-digit character" 179 175 " in offset."); 180 176 break; 181 177 case '@': /* File name */ ··· 183 179 semantic_error("SRC@SRC is not allowed."); 184 180 pp->file = strdup(arg); 185 181 DIE_IF(pp->file == NULL); 186 - if (ptr) 187 - semantic_error("@SRC must be the last " 188 - "option."); 189 182 break; 190 183 case '%': /* Probe places */ 191 184 if (strcmp(arg, "return") == 0) { ··· 197 196 } 198 197 199 198 /* Exclusion check */ 199 + if (pp->lazy_line && pp->line) 200 + semantic_error("Lazy pattern can't be used with line number."); 201 + 202 + if (pp->lazy_line && pp->offset) 203 + semantic_error("Lazy pattern can't be used with offset."); 204 + 200 205 if (pp->line && pp->offset) 201 206 semantic_error("Offset can't be used with line number."); 202 207 203 - if (!pp->line && pp->file && !pp->function) 204 - semantic_error("File always requires line number."); 208 + if (!pp->line && !pp->lazy_line && pp->file && !pp->function) 209 + semantic_error("File always requires line number or " 210 + "lazy pattern."); 205 211 206 212 if (pp->offset && !pp->function) 207 213 semantic_error("Offset requires an entry function."); ··· 216 208 if (pp->retprobe && !pp->function) 217 209 semantic_error("Return probe requires an entry function."); 218 210 219 - if ((pp->offset || pp->line) && pp->retprobe) 220 - semantic_error("Offset/Line can't be used with return probe."); 211 + if ((pp->offset || pp->line || pp->lazy_line) && pp->retprobe) 212 + semantic_error("Offset/Line/Lazy pattern can't be used with " 213 + "return probe."); 221 214 222 - pr_debug("symbol:%s file:%s line:%d offset:%d, return:%d\n", 223 - pp->function, pp->file, pp->line, pp->offset, pp->retprobe); 215 + pr_debug("symbol:%s file:%s line:%d offset:%d return:%d lazy:%s\n", 216 + pp->function, pp->file, pp->line, pp->offset, pp->retprobe, 217 + pp->lazy_line); 224 218 } 225 219 226 220 /* Parse perf-probe event definition */ ··· 468 458 free(pp->function); 469 459 if (pp->file) 470 460 free(pp->file); 461 + if (pp->lazy_line) 462 + free(pp->lazy_line); 471 463 for (i = 0; i < pp->nr_args; i++) 472 464 free(pp->args[i]); 473 465 if (pp->args) ··· 731 719 } 732 720 733 721 #define LINEBUF_SIZE 256 722 + #define NR_ADDITIONAL_LINES 2 734 723 735 724 static void show_one_line(FILE *fp, unsigned int l, bool skip, bool show_num) 736 725 { ··· 792 779 show_one_line(fp, (l++) - lr->offset, false, false); 793 780 show_one_line(fp, (l++) - lr->offset, false, true); 794 781 } 782 + 783 + if (lr->end == INT_MAX) 784 + lr->end = l + NR_ADDITIONAL_LINES; 785 + while (l < lr->end && !feof(fp)) 786 + show_one_line(fp, (l++) - lr->offset, false, false); 787 + 795 788 fclose(fp); 796 789 }

+485 -563

tools/perf/util/probe-finder.c

··· 32 32 #include <stdarg.h> 33 33 #include <ctype.h> 34 34 35 + #include "string.h" 35 36 #include "event.h" 36 37 #include "debug.h" 37 38 #include "util.h" 38 39 #include "probe-finder.h" 39 40 40 - 41 - /* Dwarf_Die Linkage to parent Die */ 42 - struct die_link { 43 - struct die_link *parent; /* Parent die */ 44 - Dwarf_Die die; /* Current die */ 45 - }; 46 - 47 - static Dwarf_Debug __dw_debug; 48 - static Dwarf_Error __dw_error; 49 41 50 42 /* 51 43 * Generic dwarf analysis helpers ··· 105 113 return 0; 106 114 } 107 115 108 - /* Find the fileno of the target file. */ 109 - static Dwarf_Unsigned cu_find_fileno(Dwarf_Die cu_die, const char *fname) 116 + /* Line number list operations */ 117 + 118 + /* Add a line to line number list */ 119 + static void line_list__add_line(struct list_head *head, unsigned int line) 110 120 { 111 - Dwarf_Signed cnt, i; 112 - Dwarf_Unsigned found = 0; 113 - char **srcs; 121 + struct line_node *ln; 122 + struct list_head *p; 123 + 124 + /* Reverse search, because new line will be the last one */ 125 + list_for_each_entry_reverse(ln, head, list) { 126 + if (ln->line < line) { 127 + p = &ln->list; 128 + goto found; 129 + } else if (ln->line == line) /* Already exist */ 130 + return ; 131 + } 132 + /* List is empty, or the smallest entry */ 133 + p = head; 134 + found: 135 + pr_debug("line list: add a line %u\n", line); 136 + ln = zalloc(sizeof(struct line_node)); 137 + DIE_IF(ln == NULL); 138 + ln->line = line; 139 + INIT_LIST_HEAD(&ln->list); 140 + list_add(&ln->list, p); 141 + } 142 + 143 + /* Check if the line in line number list */ 144 + static int line_list__has_line(struct list_head *head, unsigned int line) 145 + { 146 + struct line_node *ln; 147 + 148 + /* Reverse search, because new line will be the last one */ 149 + list_for_each_entry(ln, head, list) 150 + if (ln->line == line) 151 + return 1; 152 + 153 + return 0; 154 + } 155 + 156 + /* Init line number list */ 157 + static void line_list__init(struct list_head *head) 158 + { 159 + INIT_LIST_HEAD(head); 160 + } 161 + 162 + /* Free line number list */ 163 + static void line_list__free(struct list_head *head) 164 + { 165 + struct line_node *ln; 166 + while (!list_empty(head)) { 167 + ln = list_first_entry(head, struct line_node, list); 168 + list_del(&ln->list); 169 + free(ln); 170 + } 171 + } 172 + 173 + /* Dwarf wrappers */ 174 + 175 + /* Find the realpath of the target file. */ 176 + static const char *cu_find_realpath(Dwarf_Die *cu_die, const char *fname) 177 + { 178 + Dwarf_Files *files; 179 + size_t nfiles, i; 180 + const char *src; 114 181 int ret; 115 182 116 183 if (!fname) 117 - return 0; 184 + return NULL; 118 185 119 - ret = dwarf_srcfiles(cu_die, &srcs, &cnt, &__dw_error); 120 - if (ret == DW_DLV_OK) { 121 - for (i = 0; i < cnt && !found; i++) { 122 - if (strtailcmp(srcs[i], fname) == 0) 123 - found = i + 1; 124 - dwarf_dealloc(__dw_debug, srcs[i], DW_DLA_STRING); 125 - } 126 - for (; i < cnt; i++) 127 - dwarf_dealloc(__dw_debug, srcs[i], DW_DLA_STRING); 128 - dwarf_dealloc(__dw_debug, srcs, DW_DLA_LIST); 186 + ret = dwarf_getsrcfiles(cu_die, &files, &nfiles); 187 + if (ret != 0) 188 + return NULL; 189 + 190 + for (i = 0; i < nfiles; i++) { 191 + src = dwarf_filesrc(files, i, NULL, NULL); 192 + if (strtailcmp(src, fname) == 0) 193 + break; 129 194 } 130 - if (found) 131 - pr_debug("found fno: %d\n", (int)found); 132 - return found; 195 + return src; 133 196 } 134 197 135 - static int cu_get_filename(Dwarf_Die cu_die, Dwarf_Unsigned fno, char **buf) 198 + struct __addr_die_search_param { 199 + Dwarf_Addr addr; 200 + Dwarf_Die *die_mem; 201 + }; 202 + 203 + static int __die_search_func_cb(Dwarf_Die *fn_die, void *data) 136 204 { 137 - Dwarf_Signed cnt, i; 138 - char **srcs; 139 - int ret = 0; 205 + struct __addr_die_search_param *ad = data; 140 206 141 - if (!buf || !fno) 142 - return -EINVAL; 207 + if (dwarf_tag(fn_die) == DW_TAG_subprogram && 208 + dwarf_haspc(fn_die, ad->addr)) { 209 + memcpy(ad->die_mem, fn_die, sizeof(Dwarf_Die)); 210 + return DWARF_CB_ABORT; 211 + } 212 + return DWARF_CB_OK; 213 + } 143 214 144 - ret = dwarf_srcfiles(cu_die, &srcs, &cnt, &__dw_error); 145 - if (ret == DW_DLV_OK) { 146 - if ((Dwarf_Unsigned)cnt > fno - 1) { 147 - *buf = strdup(srcs[fno - 1]); 148 - ret = 0; 149 - pr_debug("found filename: %s\n", *buf); 150 - } else 151 - ret = -ENOENT; 152 - for (i = 0; i < cnt; i++) 153 - dwarf_dealloc(__dw_debug, srcs[i], DW_DLA_STRING); 154 - dwarf_dealloc(__dw_debug, srcs, DW_DLA_LIST); 155 - } else 156 - ret = -EINVAL; 157 - return ret; 215 + /* Search a real subprogram including this line, */ 216 + static Dwarf_Die *die_get_real_subprogram(Dwarf_Die *cu_die, Dwarf_Addr addr, 217 + Dwarf_Die *die_mem) 218 + { 219 + struct __addr_die_search_param ad; 220 + ad.addr = addr; 221 + ad.die_mem = die_mem; 222 + /* dwarf_getscopes can't find subprogram. */ 223 + if (!dwarf_getfuncs(cu_die, __die_search_func_cb, &ad, 0)) 224 + return NULL; 225 + else 226 + return die_mem; 227 + } 228 + 229 + /* Similar to dwarf_getfuncs, but returns inlined_subroutine if exists. */ 230 + static Dwarf_Die *die_get_inlinefunc(Dwarf_Die *sp_die, Dwarf_Addr addr, 231 + Dwarf_Die *die_mem) 232 + { 233 + Dwarf_Die child_die; 234 + int ret; 235 + 236 + ret = dwarf_child(sp_die, die_mem); 237 + if (ret != 0) 238 + return NULL; 239 + 240 + do { 241 + if (dwarf_tag(die_mem) == DW_TAG_inlined_subroutine && 242 + dwarf_haspc(die_mem, addr)) 243 + return die_mem; 244 + 245 + if (die_get_inlinefunc(die_mem, addr, &child_die)) { 246 + memcpy(die_mem, &child_die, sizeof(Dwarf_Die)); 247 + return die_mem; 248 + } 249 + } while (dwarf_siblingof(die_mem, die_mem) == 0); 250 + 251 + return NULL; 158 252 } 159 253 160 254 /* Compare diename and tname */ 161 - static int die_compare_name(Dwarf_Die dw_die, const char *tname) 255 + static bool die_compare_name(Dwarf_Die *dw_die, const char *tname) 162 256 { 163 - char *name; 164 - int ret; 165 - ret = dwarf_diename(dw_die, &name, &__dw_error); 166 - DIE_IF(ret == DW_DLV_ERROR); 167 - if (ret == DW_DLV_OK) { 168 - ret = strcmp(tname, name); 169 - dwarf_dealloc(__dw_debug, name, DW_DLA_STRING); 170 - } else 171 - ret = -1; 172 - return ret; 173 - } 174 - 175 - /* Check the address is in the subprogram(function). */ 176 - static int die_within_subprogram(Dwarf_Die sp_die, Dwarf_Addr addr, 177 - Dwarf_Signed *offs) 178 - { 179 - Dwarf_Addr lopc, hipc; 180 - int ret; 181 - 182 - /* TODO: check ranges */ 183 - ret = dwarf_lowpc(sp_die, &lopc, &__dw_error); 184 - DIE_IF(ret == DW_DLV_ERROR); 185 - if (ret == DW_DLV_NO_ENTRY) 186 - return 0; 187 - ret = dwarf_highpc(sp_die, &hipc, &__dw_error); 188 - DIE_IF(ret != DW_DLV_OK); 189 - if (lopc <= addr && addr < hipc) { 190 - *offs = addr - lopc; 191 - return 1; 192 - } else 193 - return 0; 194 - } 195 - 196 - /* Check the die is inlined function */ 197 - static Dwarf_Bool die_inlined_subprogram(Dwarf_Die dw_die) 198 - { 199 - /* TODO: check strictly */ 200 - Dwarf_Bool inl; 201 - int ret; 202 - 203 - ret = dwarf_hasattr(dw_die, DW_AT_inline, &inl, &__dw_error); 204 - DIE_IF(ret == DW_DLV_ERROR); 205 - return inl; 206 - } 207 - 208 - /* Get the offset of abstruct_origin */ 209 - static Dwarf_Off die_get_abstract_origin(Dwarf_Die dw_die) 210 - { 211 - Dwarf_Attribute attr; 212 - Dwarf_Off cu_offs; 213 - int ret; 214 - 215 - ret = dwarf_attr(dw_die, DW_AT_abstract_origin, &attr, &__dw_error); 216 - DIE_IF(ret != DW_DLV_OK); 217 - ret = dwarf_formref(attr, &cu_offs, &__dw_error); 218 - DIE_IF(ret != DW_DLV_OK); 219 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 220 - return cu_offs; 257 + const char *name; 258 + name = dwarf_diename(dw_die); 259 + DIE_IF(name == NULL); 260 + return strcmp(tname, name); 221 261 } 222 262 223 263 /* Get entry pc(or low pc, 1st entry of ranges) of the die */ 224 - static Dwarf_Addr die_get_entrypc(Dwarf_Die dw_die) 264 + static Dwarf_Addr die_get_entrypc(Dwarf_Die *dw_die) 225 265 { 226 - Dwarf_Attribute attr; 227 - Dwarf_Addr addr; 228 - Dwarf_Off offs; 229 - Dwarf_Ranges *ranges; 230 - Dwarf_Signed cnt; 266 + Dwarf_Addr epc; 231 267 int ret; 232 268 233 - /* Try to get entry pc */ 234 - ret = dwarf_attr(dw_die, DW_AT_entry_pc, &attr, &__dw_error); 235 - DIE_IF(ret == DW_DLV_ERROR); 236 - if (ret == DW_DLV_OK) { 237 - ret = dwarf_formaddr(attr, &addr, &__dw_error); 238 - DIE_IF(ret != DW_DLV_OK); 239 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 240 - return addr; 241 - } 242 - 243 - /* Try to get low pc */ 244 - ret = dwarf_lowpc(dw_die, &addr, &__dw_error); 245 - DIE_IF(ret == DW_DLV_ERROR); 246 - if (ret == DW_DLV_OK) 247 - return addr; 248 - 249 - /* Try to get ranges */ 250 - ret = dwarf_attr(dw_die, DW_AT_ranges, &attr, &__dw_error); 251 - DIE_IF(ret != DW_DLV_OK); 252 - ret = dwarf_formref(attr, &offs, &__dw_error); 253 - DIE_IF(ret != DW_DLV_OK); 254 - ret = dwarf_get_ranges(__dw_debug, offs, &ranges, &cnt, NULL, 255 - &__dw_error); 256 - DIE_IF(ret != DW_DLV_OK); 257 - addr = ranges[0].dwr_addr1; 258 - dwarf_ranges_dealloc(__dw_debug, ranges, cnt); 259 - return addr; 269 + ret = dwarf_entrypc(dw_die, &epc); 270 + DIE_IF(ret == -1); 271 + return epc; 260 272 } 261 273 262 - /* 263 - * Search a Die from Die tree. 264 - * Note: cur_link->die should be deallocated in this function. 265 - */ 266 - static int __search_die_tree(struct die_link *cur_link, 267 - int (*die_cb)(struct die_link *, void *), 268 - void *data) 274 + /* Get a variable die */ 275 + static Dwarf_Die *die_find_variable(Dwarf_Die *sp_die, const char *name, 276 + Dwarf_Die *die_mem) 269 277 { 270 - Dwarf_Die new_die; 271 - struct die_link new_link; 278 + Dwarf_Die child_die; 279 + int tag; 272 280 int ret; 273 281 274 - if (!die_cb) 275 - return 0; 282 + ret = dwarf_child(sp_die, die_mem); 283 + if (ret != 0) 284 + return NULL; 276 285 277 - /* Check current die */ 278 - while (!(ret = die_cb(cur_link, data))) { 279 - /* Check child die */ 280 - ret = dwarf_child(cur_link->die, &new_die, &__dw_error); 281 - DIE_IF(ret == DW_DLV_ERROR); 282 - if (ret == DW_DLV_OK) { 283 - new_link.parent = cur_link; 284 - new_link.die = new_die; 285 - ret = __search_die_tree(&new_link, die_cb, data); 286 - if (ret) 287 - break; 286 + do { 287 + tag = dwarf_tag(die_mem); 288 + if ((tag == DW_TAG_formal_parameter || 289 + tag == DW_TAG_variable) && 290 + (die_compare_name(die_mem, name) == 0)) 291 + return die_mem; 292 + 293 + if (die_find_variable(die_mem, name, &child_die)) { 294 + memcpy(die_mem, &child_die, sizeof(Dwarf_Die)); 295 + return die_mem; 288 296 } 297 + } while (dwarf_siblingof(die_mem, die_mem) == 0); 289 298 290 - /* Move to next sibling */ 291 - ret = dwarf_siblingof(__dw_debug, cur_link->die, &new_die, 292 - &__dw_error); 293 - DIE_IF(ret == DW_DLV_ERROR); 294 - dwarf_dealloc(__dw_debug, cur_link->die, DW_DLA_DIE); 295 - cur_link->die = new_die; 296 - if (ret == DW_DLV_NO_ENTRY) 297 - return 0; 298 - } 299 - dwarf_dealloc(__dw_debug, cur_link->die, DW_DLA_DIE); 300 - return ret; 301 - } 302 - 303 - /* Search a die in its children's die tree */ 304 - static int search_die_from_children(Dwarf_Die parent_die, 305 - int (*die_cb)(struct die_link *, void *), 306 - void *data) 307 - { 308 - struct die_link new_link; 309 - int ret; 310 - 311 - new_link.parent = NULL; 312 - ret = dwarf_child(parent_die, &new_link.die, &__dw_error); 313 - DIE_IF(ret == DW_DLV_ERROR); 314 - if (ret == DW_DLV_OK) 315 - return __search_die_tree(&new_link, die_cb, data); 316 - else 317 - return 0; 318 - } 319 - 320 - /* Find a locdesc corresponding to the address */ 321 - static int attr_get_locdesc(Dwarf_Attribute attr, Dwarf_Locdesc *desc, 322 - Dwarf_Addr addr) 323 - { 324 - Dwarf_Signed lcnt; 325 - Dwarf_Locdesc **llbuf; 326 - int ret, i; 327 - 328 - ret = dwarf_loclist_n(attr, &llbuf, &lcnt, &__dw_error); 329 - DIE_IF(ret != DW_DLV_OK); 330 - ret = DW_DLV_NO_ENTRY; 331 - for (i = 0; i < lcnt; ++i) { 332 - if (llbuf[i]->ld_lopc <= addr && 333 - llbuf[i]->ld_hipc > addr) { 334 - memcpy(desc, llbuf[i], sizeof(Dwarf_Locdesc)); 335 - desc->ld_s = 336 - malloc(sizeof(Dwarf_Loc) * llbuf[i]->ld_cents); 337 - DIE_IF(desc->ld_s == NULL); 338 - memcpy(desc->ld_s, llbuf[i]->ld_s, 339 - sizeof(Dwarf_Loc) * llbuf[i]->ld_cents); 340 - ret = DW_DLV_OK; 341 - break; 342 - } 343 - dwarf_dealloc(__dw_debug, llbuf[i]->ld_s, DW_DLA_LOC_BLOCK); 344 - dwarf_dealloc(__dw_debug, llbuf[i], DW_DLA_LOCDESC); 345 - } 346 - /* Releasing loop */ 347 - for (; i < lcnt; ++i) { 348 - dwarf_dealloc(__dw_debug, llbuf[i]->ld_s, DW_DLA_LOC_BLOCK); 349 - dwarf_dealloc(__dw_debug, llbuf[i], DW_DLA_LOCDESC); 350 - } 351 - dwarf_dealloc(__dw_debug, llbuf, DW_DLA_LIST); 352 - return ret; 353 - } 354 - 355 - /* Get decl_file attribute value (file number) */ 356 - static Dwarf_Unsigned die_get_decl_file(Dwarf_Die sp_die) 357 - { 358 - Dwarf_Attribute attr; 359 - Dwarf_Unsigned fno; 360 - int ret; 361 - 362 - ret = dwarf_attr(sp_die, DW_AT_decl_file, &attr, &__dw_error); 363 - DIE_IF(ret != DW_DLV_OK); 364 - dwarf_formudata(attr, &fno, &__dw_error); 365 - DIE_IF(ret != DW_DLV_OK); 366 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 367 - return fno; 368 - } 369 - 370 - /* Get decl_line attribute value (line number) */ 371 - static Dwarf_Unsigned die_get_decl_line(Dwarf_Die sp_die) 372 - { 373 - Dwarf_Attribute attr; 374 - Dwarf_Unsigned lno; 375 - int ret; 376 - 377 - ret = dwarf_attr(sp_die, DW_AT_decl_line, &attr, &__dw_error); 378 - DIE_IF(ret != DW_DLV_OK); 379 - dwarf_formudata(attr, &lno, &__dw_error); 380 - DIE_IF(ret != DW_DLV_OK); 381 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 382 - return lno; 299 + return NULL; 383 300 } 384 301 385 302 /* ··· 296 395 */ 297 396 298 397 /* Show a location */ 299 - static void show_location(Dwarf_Loc *loc, struct probe_finder *pf) 398 + static void show_location(Dwarf_Op *op, struct probe_finder *pf) 300 399 { 301 - Dwarf_Small op; 302 - Dwarf_Unsigned regn; 303 - Dwarf_Signed offs; 400 + unsigned int regn; 401 + Dwarf_Word offs = 0; 304 402 int deref = 0, ret; 305 403 const char *regs; 306 404 307 - op = loc->lr_atom; 308 - 405 + /* TODO: support CFA */ 309 406 /* If this is based on frame buffer, set the offset */ 310 - if (op == DW_OP_fbreg) { 407 + if (op->atom == DW_OP_fbreg) { 408 + if (pf->fb_ops == NULL) 409 + die("The attribute of frame base is not supported.\n"); 311 410 deref = 1; 312 - offs = (Dwarf_Signed)loc->lr_number; 313 - op = pf->fbloc.ld_s[0].lr_atom; 314 - loc = &pf->fbloc.ld_s[0]; 315 - } else 316 - offs = 0; 411 + offs = op->number; 412 + op = &pf->fb_ops[0]; 413 + } 317 414 318 - if (op >= DW_OP_breg0 && op <= DW_OP_breg31) { 319 - regn = op - DW_OP_breg0; 320 - offs += (Dwarf_Signed)loc->lr_number; 415 + if (op->atom >= DW_OP_breg0 && op->atom <= DW_OP_breg31) { 416 + regn = op->atom - DW_OP_breg0; 417 + offs += op->number; 321 418 deref = 1; 322 - } else if (op >= DW_OP_reg0 && op <= DW_OP_reg31) { 323 - regn = op - DW_OP_reg0; 324 - } else if (op == DW_OP_bregx) { 325 - regn = loc->lr_number; 326 - offs += (Dwarf_Signed)loc->lr_number2; 419 + } else if (op->atom >= DW_OP_reg0 && op->atom <= DW_OP_reg31) { 420 + regn = op->atom - DW_OP_reg0; 421 + } else if (op->atom == DW_OP_bregx) { 422 + regn = op->number; 423 + offs += op->number2; 327 424 deref = 1; 328 - } else if (op == DW_OP_regx) { 329 - regn = loc->lr_number; 425 + } else if (op->atom == DW_OP_regx) { 426 + regn = op->number; 330 427 } else 331 - die("Dwarf_OP %d is not supported.", op); 428 + die("DW_OP %d is not supported.", op->atom); 332 429 333 430 regs = get_arch_regstr(regn); 334 431 if (!regs) 335 - die("%lld exceeds max register number.", regn); 432 + die("%u exceeds max register number.", regn); 336 433 337 434 if (deref) 338 - ret = snprintf(pf->buf, pf->len, 339 - " %s=%+lld(%s)", pf->var, offs, regs); 435 + ret = snprintf(pf->buf, pf->len, " %s=+%ju(%s)", 436 + pf->var, (uintmax_t)offs, regs); 340 437 else 341 438 ret = snprintf(pf->buf, pf->len, " %s=%s", pf->var, regs); 342 439 DIE_IF(ret < 0); ··· 342 443 } 343 444 344 445 /* Show a variables in kprobe event format */ 345 - static void show_variable(Dwarf_Die vr_die, struct probe_finder *pf) 446 + static void show_variable(Dwarf_Die *vr_die, struct probe_finder *pf) 346 447 { 347 448 Dwarf_Attribute attr; 348 - Dwarf_Locdesc ld; 449 + Dwarf_Op *expr; 450 + size_t nexpr; 349 451 int ret; 350 452 351 - ret = dwarf_attr(vr_die, DW_AT_location, &attr, &__dw_error); 352 - if (ret != DW_DLV_OK) 453 + if (dwarf_attr(vr_die, DW_AT_location, &attr) == NULL) 353 454 goto error; 354 - ret = attr_get_locdesc(attr, &ld, (pf->addr - pf->cu_base)); 355 - if (ret != DW_DLV_OK) 455 + /* TODO: handle more than 1 exprs */ 456 + ret = dwarf_getlocation_addr(&attr, (pf->addr - pf->cu_base), 457 + &expr, &nexpr, 1); 458 + if (ret <= 0 || nexpr == 0) 356 459 goto error; 357 - /* TODO? */ 358 - DIE_IF(ld.ld_cents != 1); 359 - show_location(&ld.ld_s[0], pf); 360 - free(ld.ld_s); 361 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 460 + 461 + show_location(expr, pf); 462 + /* *expr will be cached in libdw. Don't free it. */ 362 463 return ; 363 464 error: 465 + /* TODO: Support const_value */ 364 466 die("Failed to find the location of %s at this address.\n" 365 467 " Perhaps, it has been optimized out.", pf->var); 366 468 } 367 469 368 - static int variable_callback(struct die_link *dlink, void *data) 369 - { 370 - struct probe_finder *pf = (struct probe_finder *)data; 371 - Dwarf_Half tag; 372 - int ret; 373 - 374 - ret = dwarf_tag(dlink->die, &tag, &__dw_error); 375 - DIE_IF(ret == DW_DLV_ERROR); 376 - if ((tag == DW_TAG_formal_parameter || 377 - tag == DW_TAG_variable) && 378 - (die_compare_name(dlink->die, pf->var) == 0)) { 379 - show_variable(dlink->die, pf); 380 - return 1; 381 - } 382 - /* TODO: Support struct members and arrays */ 383 - return 0; 384 - } 385 - 386 470 /* Find a variable in a subprogram die */ 387 - static void find_variable(Dwarf_Die sp_die, struct probe_finder *pf) 471 + static void find_variable(Dwarf_Die *sp_die, struct probe_finder *pf) 388 472 { 389 473 int ret; 474 + Dwarf_Die vr_die; 390 475 476 + /* TODO: Support struct members and arrays */ 391 477 if (!is_c_varname(pf->var)) { 392 478 /* Output raw parameters */ 393 479 ret = snprintf(pf->buf, pf->len, " %s", pf->var); ··· 383 499 384 500 pr_debug("Searching '%s' variable in context.\n", pf->var); 385 501 /* Search child die for local variables and parameters. */ 386 - ret = search_die_from_children(sp_die, variable_callback, pf); 387 - if (!ret) 502 + if (!die_find_variable(sp_die, pf->var, &vr_die)) 388 503 die("Failed to find '%s' in this function.", pf->var); 389 - } 390 504 391 - /* Get a frame base on the address */ 392 - static void get_current_frame_base(Dwarf_Die sp_die, struct probe_finder *pf) 393 - { 394 - Dwarf_Attribute attr; 395 - int ret; 396 - 397 - ret = dwarf_attr(sp_die, DW_AT_frame_base, &attr, &__dw_error); 398 - DIE_IF(ret != DW_DLV_OK); 399 - ret = attr_get_locdesc(attr, &pf->fbloc, (pf->addr - pf->cu_base)); 400 - DIE_IF(ret != DW_DLV_OK); 401 - dwarf_dealloc(__dw_debug, attr, DW_DLA_ATTR); 402 - } 403 - 404 - static void free_current_frame_base(struct probe_finder *pf) 405 - { 406 - free(pf->fbloc.ld_s); 407 - memset(&pf->fbloc, 0, sizeof(Dwarf_Locdesc)); 505 + show_variable(&vr_die, pf); 408 506 } 409 507 410 508 /* Show a probe point to output buffer */ 411 - static void show_probepoint(Dwarf_Die sp_die, Dwarf_Signed offs, 412 - struct probe_finder *pf) 509 + static void show_probe_point(Dwarf_Die *sp_die, struct probe_finder *pf) 413 510 { 414 511 struct probe_point *pp = pf->pp; 415 - char *name; 512 + Dwarf_Addr eaddr; 513 + Dwarf_Die die_mem; 514 + const char *name; 416 515 char tmp[MAX_PROBE_BUFFER]; 417 516 int ret, i, len; 517 + Dwarf_Attribute fb_attr; 518 + size_t nops; 519 + 520 + /* If no real subprogram, find a real one */ 521 + if (!sp_die || dwarf_tag(sp_die) != DW_TAG_subprogram) { 522 + sp_die = die_get_real_subprogram(&pf->cu_die, 523 + pf->addr, &die_mem); 524 + if (!sp_die) 525 + die("Probe point is not found in subprograms."); 526 + } 418 527 419 528 /* Output name of probe point */ 420 - ret = dwarf_diename(sp_die, &name, &__dw_error); 421 - DIE_IF(ret == DW_DLV_ERROR); 422 - if (ret == DW_DLV_OK) { 423 - ret = snprintf(tmp, MAX_PROBE_BUFFER, "%s+%u", name, 424 - (unsigned int)offs); 529 + name = dwarf_diename(sp_die); 530 + if (name) { 531 + dwarf_entrypc(sp_die, &eaddr); 532 + ret = snprintf(tmp, MAX_PROBE_BUFFER, "%s+%lu", name, 533 + (unsigned long)(pf->addr - eaddr)); 425 534 /* Copy the function name if possible */ 426 535 if (!pp->function) { 427 536 pp->function = strdup(name); 428 - pp->offset = offs; 537 + pp->offset = (size_t)(pf->addr - eaddr); 429 538 } 430 - dwarf_dealloc(__dw_debug, name, DW_DLA_STRING); 431 539 } else { 432 540 /* This function has no name. */ 433 - ret = snprintf(tmp, MAX_PROBE_BUFFER, "0x%llx", pf->addr); 541 + ret = snprintf(tmp, MAX_PROBE_BUFFER, "0x%jx", 542 + (uintmax_t)pf->addr); 434 543 if (!pp->function) { 435 544 /* TODO: Use _stext */ 436 545 pp->function = strdup(""); 437 - pp->offset = (int)pf->addr; 546 + pp->offset = (size_t)pf->addr; 438 547 } 439 548 } 440 549 DIE_IF(ret < 0); ··· 435 558 len = ret; 436 559 pr_debug("Probe point found: %s\n", tmp); 437 560 561 + /* Get the frame base attribute/ops */ 562 + dwarf_attr(sp_die, DW_AT_frame_base, &fb_attr); 563 + ret = dwarf_getlocation_addr(&fb_attr, (pf->addr - pf->cu_base), 564 + &pf->fb_ops, &nops, 1); 565 + if (ret <= 0 || nops == 0) 566 + pf->fb_ops = NULL; 567 + 438 568 /* Find each argument */ 439 - get_current_frame_base(sp_die, pf); 569 + /* TODO: use dwarf_cfi_addrframe */ 440 570 for (i = 0; i < pp->nr_args; i++) { 441 571 pf->var = pp->args[i]; 442 572 pf->buf = &tmp[len]; ··· 451 567 find_variable(sp_die, pf); 452 568 len += strlen(pf->buf); 453 569 } 454 - free_current_frame_base(pf); 570 + 571 + /* *pf->fb_ops will be cached in libdw. Don't free it. */ 572 + pf->fb_ops = NULL; 455 573 456 574 pp->probes[pp->found] = strdup(tmp); 457 575 pp->found++; 458 576 } 459 577 460 - static int probeaddr_callback(struct die_link *dlink, void *data) 461 - { 462 - struct probe_finder *pf = (struct probe_finder *)data; 463 - Dwarf_Half tag; 464 - Dwarf_Signed offs; 465 - int ret; 466 - 467 - ret = dwarf_tag(dlink->die, &tag, &__dw_error); 468 - DIE_IF(ret == DW_DLV_ERROR); 469 - /* Check the address is in this subprogram */ 470 - if (tag == DW_TAG_subprogram && 471 - die_within_subprogram(dlink->die, pf->addr, &offs)) { 472 - show_probepoint(dlink->die, offs, pf); 473 - return 1; 474 - } 475 - return 0; 476 - } 477 - 478 578 /* Find probe point from its line number */ 479 579 static void find_probe_point_by_line(struct probe_finder *pf) 480 580 { 481 - Dwarf_Signed cnt, i, clm; 482 - Dwarf_Line *lines; 483 - Dwarf_Unsigned lineno = 0; 581 + Dwarf_Lines *lines; 582 + Dwarf_Line *line; 583 + size_t nlines, i; 484 584 Dwarf_Addr addr; 485 - Dwarf_Unsigned fno; 585 + int lineno; 486 586 int ret; 487 587 488 - ret = dwarf_srclines(pf->cu_die, &lines, &cnt, &__dw_error); 489 - DIE_IF(ret != DW_DLV_OK); 588 + ret = dwarf_getsrclines(&pf->cu_die, &lines, &nlines); 589 + DIE_IF(ret != 0); 490 590 491 - for (i = 0; i < cnt; i++) { 492 - ret = dwarf_line_srcfileno(lines[i], &fno, &__dw_error); 493 - DIE_IF(ret != DW_DLV_OK); 494 - if (fno != pf->fno) 495 - continue; 496 - 497 - ret = dwarf_lineno(lines[i], &lineno, &__dw_error); 498 - DIE_IF(ret != DW_DLV_OK); 591 + for (i = 0; i < nlines; i++) { 592 + line = dwarf_onesrcline(lines, i); 593 + dwarf_lineno(line, &lineno); 499 594 if (lineno != pf->lno) 500 595 continue; 501 596 502 - ret = dwarf_lineoff(lines[i], &clm, &__dw_error); 503 - DIE_IF(ret != DW_DLV_OK); 597 + /* TODO: Get fileno from line, but how? */ 598 + if (strtailcmp(dwarf_linesrc(line, NULL, NULL), pf->fname) != 0) 599 + continue; 504 600 505 - ret = dwarf_lineaddr(lines[i], &addr, &__dw_error); 506 - DIE_IF(ret != DW_DLV_OK); 507 - pr_debug("Probe line found: line[%d]:%u,%d addr:0x%llx\n", 508 - (int)i, (unsigned)lineno, (int)clm, addr); 601 + ret = dwarf_lineaddr(line, &addr); 602 + DIE_IF(ret != 0); 603 + pr_debug("Probe line found: line[%d]:%d addr:0x%jx\n", 604 + (int)i, lineno, (uintmax_t)addr); 509 605 pf->addr = addr; 510 - /* Search a real subprogram including this line, */ 511 - ret = search_die_from_children(pf->cu_die, 512 - probeaddr_callback, pf); 513 - if (ret == 0) 514 - die("Probe point is not found in subprograms."); 606 + 607 + show_probe_point(NULL, pf); 515 608 /* Continuing, because target line might be inlined. */ 516 609 } 517 - dwarf_srclines_dealloc(__dw_debug, lines, cnt); 518 610 } 519 611 520 - /* Search function from function name */ 521 - static int probefunc_callback(struct die_link *dlink, void *data) 612 + /* Find lines which match lazy pattern */ 613 + static int find_lazy_match_lines(struct list_head *head, 614 + const char *fname, const char *pat) 615 + { 616 + char *fbuf, *p1, *p2; 617 + int fd, line, nlines = 0; 618 + struct stat st; 619 + 620 + fd = open(fname, O_RDONLY); 621 + if (fd < 0) 622 + die("failed to open %s", fname); 623 + DIE_IF(fstat(fd, &st) < 0); 624 + fbuf = malloc(st.st_size + 2); 625 + DIE_IF(fbuf == NULL); 626 + DIE_IF(read(fd, fbuf, st.st_size) < 0); 627 + close(fd); 628 + fbuf[st.st_size] = '\n'; /* Dummy line */ 629 + fbuf[st.st_size + 1] = '\0'; 630 + p1 = fbuf; 631 + line = 1; 632 + while ((p2 = strchr(p1, '\n')) != NULL) { 633 + *p2 = '\0'; 634 + if (strlazymatch(p1, pat)) { 635 + line_list__add_line(head, line); 636 + nlines++; 637 + } 638 + line++; 639 + p1 = p2 + 1; 640 + } 641 + free(fbuf); 642 + return nlines; 643 + } 644 + 645 + /* Find probe points from lazy pattern */ 646 + static void find_probe_point_lazy(Dwarf_Die *sp_die, struct probe_finder *pf) 647 + { 648 + Dwarf_Lines *lines; 649 + Dwarf_Line *line; 650 + size_t nlines, i; 651 + Dwarf_Addr addr; 652 + Dwarf_Die die_mem; 653 + int lineno; 654 + int ret; 655 + 656 + if (list_empty(&pf->lcache)) { 657 + /* Matching lazy line pattern */ 658 + ret = find_lazy_match_lines(&pf->lcache, pf->fname, 659 + pf->pp->lazy_line); 660 + if (ret <= 0) 661 + die("No matched lines found in %s.", pf->fname); 662 + } 663 + 664 + ret = dwarf_getsrclines(&pf->cu_die, &lines, &nlines); 665 + DIE_IF(ret != 0); 666 + for (i = 0; i < nlines; i++) { 667 + line = dwarf_onesrcline(lines, i); 668 + 669 + dwarf_lineno(line, &lineno); 670 + if (!line_list__has_line(&pf->lcache, lineno)) 671 + continue; 672 + 673 + /* TODO: Get fileno from line, but how? */ 674 + if (strtailcmp(dwarf_linesrc(line, NULL, NULL), pf->fname) != 0) 675 + continue; 676 + 677 + ret = dwarf_lineaddr(line, &addr); 678 + DIE_IF(ret != 0); 679 + if (sp_die) { 680 + /* Address filtering 1: does sp_die include addr? */ 681 + if (!dwarf_haspc(sp_die, addr)) 682 + continue; 683 + /* Address filtering 2: No child include addr? */ 684 + if (die_get_inlinefunc(sp_die, addr, &die_mem)) 685 + continue; 686 + } 687 + 688 + pr_debug("Probe line found: line[%d]:%d addr:0x%llx\n", 689 + (int)i, lineno, (unsigned long long)addr); 690 + pf->addr = addr; 691 + 692 + show_probe_point(sp_die, pf); 693 + /* Continuing, because target line might be inlined. */ 694 + } 695 + /* TODO: deallocate lines, but how? */ 696 + } 697 + 698 + static int probe_point_inline_cb(Dwarf_Die *in_die, void *data) 522 699 { 523 700 struct probe_finder *pf = (struct probe_finder *)data; 524 701 struct probe_point *pp = pf->pp; 525 - struct die_link *lk; 526 - Dwarf_Signed offs; 527 - Dwarf_Half tag; 528 - int ret; 529 702 530 - ret = dwarf_tag(dlink->die, &tag, &__dw_error); 531 - DIE_IF(ret == DW_DLV_ERROR); 532 - if (tag == DW_TAG_subprogram) { 533 - if (die_compare_name(dlink->die, pp->function) == 0) { 534 - if (pp->line) { /* Function relative line */ 535 - pf->fno = die_get_decl_file(dlink->die); 536 - pf->lno = die_get_decl_line(dlink->die) 537 - + pp->line; 538 - find_probe_point_by_line(pf); 539 - return 1; 540 - } 541 - if (die_inlined_subprogram(dlink->die)) { 542 - /* Inlined function, save it. */ 543 - ret = dwarf_die_CU_offset(dlink->die, 544 - &pf->inl_offs, 545 - &__dw_error); 546 - DIE_IF(ret != DW_DLV_OK); 547 - pr_debug("inline definition offset %lld\n", 548 - pf->inl_offs); 549 - return 0; /* Continue to search */ 550 - } 551 - /* Get probe address */ 552 - pf->addr = die_get_entrypc(dlink->die); 703 + if (pp->lazy_line) 704 + find_probe_point_lazy(in_die, pf); 705 + else { 706 + /* Get probe address */ 707 + pf->addr = die_get_entrypc(in_die); 708 + pf->addr += pp->offset; 709 + pr_debug("found inline addr: 0x%jx\n", 710 + (uintmax_t)pf->addr); 711 + 712 + show_probe_point(in_die, pf); 713 + } 714 + 715 + return DWARF_CB_OK; 716 + } 717 + 718 + /* Search function from function name */ 719 + static int probe_point_search_cb(Dwarf_Die *sp_die, void *data) 720 + { 721 + struct probe_finder *pf = (struct probe_finder *)data; 722 + struct probe_point *pp = pf->pp; 723 + 724 + /* Check tag and diename */ 725 + if (dwarf_tag(sp_die) != DW_TAG_subprogram || 726 + die_compare_name(sp_die, pp->function) != 0) 727 + return 0; 728 + 729 + pf->fname = dwarf_decl_file(sp_die); 730 + if (pp->line) { /* Function relative line */ 731 + dwarf_decl_line(sp_die, &pf->lno); 732 + pf->lno += pp->line; 733 + find_probe_point_by_line(pf); 734 + } else if (!dwarf_func_inline(sp_die)) { 735 + /* Real function */ 736 + if (pp->lazy_line) 737 + find_probe_point_lazy(sp_die, pf); 738 + else { 739 + pf->addr = die_get_entrypc(sp_die); 553 740 pf->addr += pp->offset; 554 741 /* TODO: Check the address in this function */ 555 - show_probepoint(dlink->die, pp->offset, pf); 556 - return 1; /* Exit; no same symbol in this CU. */ 742 + show_probe_point(sp_die, pf); 557 743 } 558 - } else if (tag == DW_TAG_inlined_subroutine && pf->inl_offs) { 559 - if (die_get_abstract_origin(dlink->die) == pf->inl_offs) { 560 - /* Get probe address */ 561 - pf->addr = die_get_entrypc(dlink->die); 562 - pf->addr += pp->offset; 563 - pr_debug("found inline addr: 0x%llx\n", pf->addr); 564 - /* Inlined function. Get a real subprogram */ 565 - for (lk = dlink->parent; lk != NULL; lk = lk->parent) { 566 - tag = 0; 567 - dwarf_tag(lk->die, &tag, &__dw_error); 568 - DIE_IF(ret == DW_DLV_ERROR); 569 - if (tag == DW_TAG_subprogram && 570 - !die_inlined_subprogram(lk->die)) 571 - goto found; 572 - } 573 - die("Failed to find real subprogram."); 574 - found: 575 - /* Get offset from subprogram */ 576 - ret = die_within_subprogram(lk->die, pf->addr, &offs); 577 - DIE_IF(!ret); 578 - show_probepoint(lk->die, offs, pf); 579 - /* Continue to search */ 580 - } 581 - } 582 - return 0; 744 + } else 745 + /* Inlined function: search instances */ 746 + dwarf_func_inline_instances(sp_die, probe_point_inline_cb, pf); 747 + 748 + return 1; /* Exit; no same symbol in this CU. */ 583 749 } 584 750 585 751 static void find_probe_point_by_func(struct probe_finder *pf) 586 752 { 587 - search_die_from_children(pf->cu_die, probefunc_callback, pf); 753 + dwarf_getfuncs(&pf->cu_die, probe_point_search_cb, pf, 0); 588 754 } 589 755 590 756 /* Find a probe point */ 591 - int find_probepoint(int fd, struct probe_point *pp) 757 + int find_probe_point(int fd, struct probe_point *pp) 592 758 { 593 - Dwarf_Half addr_size = 0; 594 - Dwarf_Unsigned next_cuh = 0; 595 - int cu_number = 0, ret; 596 759 struct probe_finder pf = {.pp = pp}; 760 + int ret; 761 + Dwarf_Off off, noff; 762 + size_t cuhl; 763 + Dwarf_Die *diep; 764 + Dwarf *dbg; 597 765 598 - ret = dwarf_init(fd, DW_DLC_READ, 0, 0, &__dw_debug, &__dw_error); 599 - if (ret != DW_DLV_OK) 766 + dbg = dwarf_begin(fd, DWARF_C_READ); 767 + if (!dbg) 600 768 return -ENOENT; 601 769 602 770 pp->found = 0; 603 - while (++cu_number) { 604 - /* Search CU (Compilation Unit) */ 605 - ret = dwarf_next_cu_header(__dw_debug, NULL, NULL, NULL, 606 - &addr_size, &next_cuh, &__dw_error); 607 - DIE_IF(ret == DW_DLV_ERROR); 608 - if (ret == DW_DLV_NO_ENTRY) 609 - break; 610 - 771 + off = 0; 772 + line_list__init(&pf.lcache); 773 + /* Loop on CUs (Compilation Unit) */ 774 + while (!dwarf_nextcu(dbg, off, &noff, &cuhl, NULL, NULL, NULL)) { 611 775 /* Get the DIE(Debugging Information Entry) of this CU */ 612 - ret = dwarf_siblingof(__dw_debug, 0, &pf.cu_die, &__dw_error); 613 - DIE_IF(ret != DW_DLV_OK); 776 + diep = dwarf_offdie(dbg, off + cuhl, &pf.cu_die); 777 + if (!diep) 778 + continue; 614 779 615 780 /* Check if target file is included. */ 616 781 if (pp->file) 617 - pf.fno = cu_find_fileno(pf.cu_die, pp->file); 782 + pf.fname = cu_find_realpath(&pf.cu_die, pp->file); 783 + else 784 + pf.fname = NULL; 618 785 619 - if (!pp->file || pf.fno) { 786 + if (!pp->file || pf.fname) { 620 787 /* Save CU base address (for frame_base) */ 621 - ret = dwarf_lowpc(pf.cu_die, &pf.cu_base, &__dw_error); 622 - DIE_IF(ret == DW_DLV_ERROR); 623 - if (ret == DW_DLV_NO_ENTRY) 788 + ret = dwarf_lowpc(&pf.cu_die, &pf.cu_base); 789 + if (ret != 0) 624 790 pf.cu_base = 0; 625 791 if (pp->function) 626 792 find_probe_point_by_func(&pf); 793 + else if (pp->lazy_line) 794 + find_probe_point_lazy(NULL, &pf); 627 795 else { 628 796 pf.lno = pp->line; 629 797 find_probe_point_by_line(&pf); 630 798 } 631 799 } 632 - dwarf_dealloc(__dw_debug, pf.cu_die, DW_DLA_DIE); 800 + off = noff; 633 801 } 634 - ret = dwarf_finish(__dw_debug, &__dw_error); 635 - DIE_IF(ret != DW_DLV_OK); 802 + line_list__free(&pf.lcache); 803 + dwarf_end(dbg); 636 804 637 805 return pp->found; 638 806 } 639 807 640 - 641 - static void line_range_add_line(struct line_range *lr, unsigned int line) 642 - { 643 - struct line_node *ln; 644 - struct list_head *p; 645 - 646 - /* Reverse search, because new line will be the last one */ 647 - list_for_each_entry_reverse(ln, &lr->line_list, list) { 648 - if (ln->line < line) { 649 - p = &ln->list; 650 - goto found; 651 - } else if (ln->line == line) /* Already exist */ 652 - return ; 653 - } 654 - /* List is empty, or the smallest entry */ 655 - p = &lr->line_list; 656 - found: 657 - pr_debug("Debug: add a line %u\n", line); 658 - ln = zalloc(sizeof(struct line_node)); 659 - DIE_IF(ln == NULL); 660 - ln->line = line; 661 - INIT_LIST_HEAD(&ln->list); 662 - list_add(&ln->list, p); 663 - } 664 - 665 808 /* Find line range from its line number */ 666 - static void find_line_range_by_line(struct line_finder *lf) 809 + static void find_line_range_by_line(Dwarf_Die *sp_die, struct line_finder *lf) 667 810 { 668 - Dwarf_Signed cnt, i; 669 - Dwarf_Line *lines; 670 - Dwarf_Unsigned lineno = 0; 671 - Dwarf_Unsigned fno; 811 + Dwarf_Lines *lines; 812 + Dwarf_Line *line; 813 + size_t nlines, i; 672 814 Dwarf_Addr addr; 815 + int lineno; 673 816 int ret; 817 + const char *src; 818 + Dwarf_Die die_mem; 674 819 675 - ret = dwarf_srclines(lf->cu_die, &lines, &cnt, &__dw_error); 676 - DIE_IF(ret != DW_DLV_OK); 820 + line_list__init(&lf->lr->line_list); 821 + ret = dwarf_getsrclines(&lf->cu_die, &lines, &nlines); 822 + DIE_IF(ret != 0); 677 823 678 - for (i = 0; i < cnt; i++) { 679 - ret = dwarf_line_srcfileno(lines[i], &fno, &__dw_error); 680 - DIE_IF(ret != DW_DLV_OK); 681 - if (fno != lf->fno) 682 - continue; 683 - 684 - ret = dwarf_lineno(lines[i], &lineno, &__dw_error); 685 - DIE_IF(ret != DW_DLV_OK); 824 + for (i = 0; i < nlines; i++) { 825 + line = dwarf_onesrcline(lines, i); 826 + ret = dwarf_lineno(line, &lineno); 827 + DIE_IF(ret != 0); 686 828 if (lf->lno_s > lineno || lf->lno_e < lineno) 687 829 continue; 688 830 689 - /* Filter line in the function address range */ 690 - if (lf->addr_s && lf->addr_e) { 691 - ret = dwarf_lineaddr(lines[i], &addr, &__dw_error); 692 - DIE_IF(ret != DW_DLV_OK); 693 - if (lf->addr_s > addr || lf->addr_e <= addr) 831 + if (sp_die) { 832 + /* Address filtering 1: does sp_die include addr? */ 833 + ret = dwarf_lineaddr(line, &addr); 834 + DIE_IF(ret != 0); 835 + if (!dwarf_haspc(sp_die, addr)) 836 + continue; 837 + 838 + /* Address filtering 2: No child include addr? */ 839 + if (die_get_inlinefunc(sp_die, addr, &die_mem)) 694 840 continue; 695 841 } 696 - line_range_add_line(lf->lr, (unsigned int)lineno); 842 + 843 + /* TODO: Get fileno from line, but how? */ 844 + src = dwarf_linesrc(line, NULL, NULL); 845 + if (strtailcmp(src, lf->fname) != 0) 846 + continue; 847 + 848 + /* Copy real path */ 849 + if (!lf->lr->path) 850 + lf->lr->path = strdup(src); 851 + line_list__add_line(&lf->lr->line_list, (unsigned int)lineno); 697 852 } 698 - dwarf_srclines_dealloc(__dw_debug, lines, cnt); 853 + /* Update status */ 699 854 if (!list_empty(&lf->lr->line_list)) 700 855 lf->found = 1; 856 + else { 857 + free(lf->lr->path); 858 + lf->lr->path = NULL; 859 + } 860 + } 861 + 862 + static int line_range_inline_cb(Dwarf_Die *in_die, void *data) 863 + { 864 + find_line_range_by_line(in_die, (struct line_finder *)data); 865 + return DWARF_CB_ABORT; /* No need to find other instances */ 701 866 } 702 867 703 868 /* Search function from function name */ 704 - static int linefunc_callback(struct die_link *dlink, void *data) 869 + static int line_range_search_cb(Dwarf_Die *sp_die, void *data) 705 870 { 706 871 struct line_finder *lf = (struct line_finder *)data; 707 872 struct line_range *lr = lf->lr; 708 - Dwarf_Half tag; 709 - int ret; 710 873 711 - ret = dwarf_tag(dlink->die, &tag, &__dw_error); 712 - DIE_IF(ret == DW_DLV_ERROR); 713 - if (tag == DW_TAG_subprogram && 714 - die_compare_name(dlink->die, lr->function) == 0) { 715 - /* Get the address range of this function */ 716 - ret = dwarf_highpc(dlink->die, &lf->addr_e, &__dw_error); 717 - if (ret == DW_DLV_OK) 718 - ret = dwarf_lowpc(dlink->die, &lf->addr_s, &__dw_error); 719 - DIE_IF(ret == DW_DLV_ERROR); 720 - if (ret == DW_DLV_NO_ENTRY) { 721 - lf->addr_s = 0; 722 - lf->addr_e = 0; 723 - } 724 - 725 - lf->fno = die_get_decl_file(dlink->die); 726 - lr->offset = die_get_decl_line(dlink->die);; 874 + if (dwarf_tag(sp_die) == DW_TAG_subprogram && 875 + die_compare_name(sp_die, lr->function) == 0) { 876 + lf->fname = dwarf_decl_file(sp_die); 877 + dwarf_decl_line(sp_die, &lr->offset); 878 + pr_debug("fname: %s, lineno:%d\n", lf->fname, lr->offset); 727 879 lf->lno_s = lr->offset + lr->start; 728 880 if (!lr->end) 729 - lf->lno_e = (Dwarf_Unsigned)-1; 881 + lf->lno_e = INT_MAX; 730 882 else 731 883 lf->lno_e = lr->offset + lr->end; 732 884 lr->start = lf->lno_s; 733 885 lr->end = lf->lno_e; 734 - find_line_range_by_line(lf); 735 - /* If we find a target function, this should be end. */ 736 - lf->found = 1; 886 + if (dwarf_func_inline(sp_die)) 887 + dwarf_func_inline_instances(sp_die, 888 + line_range_inline_cb, lf); 889 + else 890 + find_line_range_by_line(sp_die, lf); 737 891 return 1; 738 892 } 739 893 return 0; ··· 779 857 780 858 static void find_line_range_by_func(struct line_finder *lf) 781 859 { 782 - search_die_from_children(lf->cu_die, linefunc_callback, lf); 860 + dwarf_getfuncs(&lf->cu_die, line_range_search_cb, lf, 0); 783 861 } 784 862 785 863 int find_line_range(int fd, struct line_range *lr) 786 864 { 787 - Dwarf_Half addr_size = 0; 788 - Dwarf_Unsigned next_cuh = 0; 865 + struct line_finder lf = {.lr = lr, .found = 0}; 789 866 int ret; 790 - struct line_finder lf = {.lr = lr}; 867 + Dwarf_Off off = 0, noff; 868 + size_t cuhl; 869 + Dwarf_Die *diep; 870 + Dwarf *dbg; 791 871 792 - ret = dwarf_init(fd, DW_DLC_READ, 0, 0, &__dw_debug, &__dw_error); 793 - if (ret != DW_DLV_OK) 872 + dbg = dwarf_begin(fd, DWARF_C_READ); 873 + if (!dbg) 794 874 return -ENOENT; 795 875 876 + /* Loop on CUs (Compilation Unit) */ 796 877 while (!lf.found) { 797 - /* Search CU (Compilation Unit) */ 798 - ret = dwarf_next_cu_header(__dw_debug, NULL, NULL, NULL, 799 - &addr_size, &next_cuh, &__dw_error); 800 - DIE_IF(ret == DW_DLV_ERROR); 801 - if (ret == DW_DLV_NO_ENTRY) 878 + ret = dwarf_nextcu(dbg, off, &noff, &cuhl, NULL, NULL, NULL); 879 + if (ret != 0) 802 880 break; 803 881 804 882 /* Get the DIE(Debugging Information Entry) of this CU */ 805 - ret = dwarf_siblingof(__dw_debug, 0, &lf.cu_die, &__dw_error); 806 - DIE_IF(ret != DW_DLV_OK); 883 + diep = dwarf_offdie(dbg, off + cuhl, &lf.cu_die); 884 + if (!diep) 885 + continue; 807 886 808 887 /* Check if target file is included. */ 809 888 if (lr->file) 810 - lf.fno = cu_find_fileno(lf.cu_die, lr->file); 889 + lf.fname = cu_find_realpath(&lf.cu_die, lr->file); 890 + else 891 + lf.fname = 0; 811 892 812 - if (!lr->file || lf.fno) { 893 + if (!lr->file || lf.fname) { 813 894 if (lr->function) 814 895 find_line_range_by_func(&lf); 815 896 else { 816 897 lf.lno_s = lr->start; 817 898 if (!lr->end) 818 - lf.lno_e = (Dwarf_Unsigned)-1; 899 + lf.lno_e = INT_MAX; 819 900 else 820 901 lf.lno_e = lr->end; 821 - find_line_range_by_line(&lf); 902 + find_line_range_by_line(NULL, &lf); 822 903 } 823 - /* Get the real file path */ 824 - if (lf.found) 825 - cu_get_filename(lf.cu_die, lf.fno, &lr->path); 826 904 } 827 - dwarf_dealloc(__dw_debug, lf.cu_die, DW_DLA_DIE); 905 + off = noff; 828 906 } 829 - ret = dwarf_finish(__dw_debug, &__dw_error); 830 - DIE_IF(ret != DW_DLV_OK); 907 + pr_debug("path: %lx\n", (unsigned long)lr->path); 908 + dwarf_end(dbg); 831 909 return lf.found; 832 910 } 833 911

+23 -28

tools/perf/util/probe-finder.h

··· 1 1 #ifndef _PROBE_FINDER_H 2 2 #define _PROBE_FINDER_H 3 3 4 + #include <stdbool.h> 4 5 #include "util.h" 5 6 6 7 #define MAX_PATH_LEN 256 ··· 21 20 /* Inputs */ 22 21 char *file; /* File name */ 23 22 int line; /* Line number */ 23 + char *lazy_line; /* Lazy line pattern */ 24 24 25 25 char *function; /* Function name */ 26 26 int offset; /* Offset bytes */ ··· 48 46 char *function; /* Function name */ 49 47 unsigned int start; /* Start line number */ 50 48 unsigned int end; /* End line number */ 51 - unsigned int offset; /* Start line offset */ 49 + int offset; /* Start line offset */ 52 50 char *path; /* Real path name */ 53 51 struct list_head line_list; /* Visible lines */ 54 52 }; 55 53 56 - #ifndef NO_LIBDWARF 57 - extern int find_probepoint(int fd, struct probe_point *pp); 54 + #ifndef NO_DWARF_SUPPORT 55 + extern int find_probe_point(int fd, struct probe_point *pp); 58 56 extern int find_line_range(int fd, struct line_range *lr); 59 57 60 - /* Workaround for undefined _MIPS_SZLONG bug in libdwarf.h: */ 61 - #ifndef _MIPS_SZLONG 62 - # define _MIPS_SZLONG 0 63 - #endif 64 - 65 58 #include <dwarf.h> 66 - #include <libdwarf.h> 59 + #include <libdw.h> 67 60 68 61 struct probe_finder { 69 - struct probe_point *pp; /* Target probe point */ 62 + struct probe_point *pp; /* Target probe point */ 70 63 71 64 /* For function searching */ 72 - Dwarf_Addr addr; /* Address */ 73 - Dwarf_Unsigned fno; /* File number */ 74 - Dwarf_Unsigned lno; /* Line number */ 75 - Dwarf_Off inl_offs; /* Inline offset */ 76 - Dwarf_Die cu_die; /* Current CU */ 65 + Dwarf_Addr addr; /* Address */ 66 + const char *fname; /* File name */ 67 + int lno; /* Line number */ 68 + Dwarf_Die cu_die; /* Current CU */ 77 69 78 70 /* For variable searching */ 79 - Dwarf_Addr cu_base; /* Current CU base address */ 80 - Dwarf_Locdesc fbloc; /* Location of Current Frame Base */ 81 - const char *var; /* Current variable name */ 82 - char *buf; /* Current output buffer */ 83 - int len; /* Length of output buffer */ 71 + Dwarf_Op *fb_ops; /* Frame base attribute */ 72 + Dwarf_Addr cu_base; /* Current CU base address */ 73 + const char *var; /* Current variable name */ 74 + char *buf; /* Current output buffer */ 75 + int len; /* Length of output buffer */ 76 + struct list_head lcache; /* Line cache for lazy match */ 84 77 }; 85 78 86 79 struct line_finder { 87 - struct line_range *lr; /* Target line range */ 80 + struct line_range *lr; /* Target line range */ 88 81 89 - Dwarf_Unsigned fno; /* File number */ 90 - Dwarf_Unsigned lno_s; /* Start line number */ 91 - Dwarf_Unsigned lno_e; /* End line number */ 92 - Dwarf_Addr addr_s; /* Start address */ 93 - Dwarf_Addr addr_e; /* End address */ 94 - Dwarf_Die cu_die; /* Current CU */ 82 + const char *fname; /* File name */ 83 + int lno_s; /* Start line number */ 84 + int lno_e; /* End line number */ 85 + Dwarf_Die cu_die; /* Current CU */ 95 86 int found; 96 87 }; 97 88 98 - #endif /* NO_LIBDWARF */ 89 + #endif /* NO_DWARF_SUPPORT */ 99 90 100 91 #endif /*_PROBE_FINDER_H */

+42 -13

tools/perf/util/string.c

··· 265 265 return false; 266 266 } 267 267 268 - /** 269 - * strglobmatch - glob expression pattern matching 270 - * @str: the target string to match 271 - * @pat: the pattern string to match 272 - * 273 - * This returns true if the @str matches @pat. @pat can includes wildcards 274 - * ('*','?') and character classes ([CHARS], complementation and ranges are 275 - * also supported). Also, this supports escape character ('\') to use special 276 - * characters as normal character. 277 - * 278 - * Note: if @pat syntax is broken, this always returns false. 279 - */ 280 - bool strglobmatch(const char *str, const char *pat) 268 + /* Glob/lazy pattern matching */ 269 + static bool __match_glob(const char *str, const char *pat, bool ignore_space) 281 270 { 282 271 while (*str && *pat && *pat != '*') { 272 + if (ignore_space) { 273 + /* Ignore spaces for lazy matching */ 274 + if (isspace(*str)) { 275 + str++; 276 + continue; 277 + } 278 + if (isspace(*pat)) { 279 + pat++; 280 + continue; 281 + } 282 + } 283 283 if (*pat == '?') { /* Matches any single character */ 284 284 str++; 285 285 pat++; ··· 308 308 return !*str && !*pat; 309 309 } 310 310 311 + /** 312 + * strglobmatch - glob expression pattern matching 313 + * @str: the target string to match 314 + * @pat: the pattern string to match 315 + * 316 + * This returns true if the @str matches @pat. @pat can includes wildcards 317 + * ('*','?') and character classes ([CHARS], complementation and ranges are 318 + * also supported). Also, this supports escape character ('\') to use special 319 + * characters as normal character. 320 + * 321 + * Note: if @pat syntax is broken, this always returns false. 322 + */ 323 + bool strglobmatch(const char *str, const char *pat) 324 + { 325 + return __match_glob(str, pat, false); 326 + } 327 + 328 + /** 329 + * strlazymatch - matching pattern strings lazily with glob pattern 330 + * @str: the target string to match 331 + * @pat: the pattern string to match 332 + * 333 + * This is similar to strglobmatch, except this ignores spaces in 334 + * the target string. 335 + */ 336 + bool strlazymatch(const char *str, const char *pat) 337 + { 338 + return __match_glob(str, pat, true); 339 + }

+1

tools/perf/util/string.h

··· 10 10 char **argv_split(const char *str, int *argcp); 11 11 void argv_free(char **argv); 12 12 bool strglobmatch(const char *str, const char *pat); 13 + bool strlazymatch(const char *str, const char *pat); 13 14 14 15 #define _STR(x) #x 15 16 #define STR(x) _STR(x)