Abstract

Dprobes allows the insertion of fully automated breakpoints or probepoints, anywhere in the system and user space. Probepoints are global by definition, that is they are defined relative to a module and not to a storage address. Each probepoint has an associated set of probe instructions that are interpreted when the probe fires. These instructions allow memory and CPU registers to be examined and altered using conditional logic. When the probe program terminates an external debugging facility may be optionally triggered - should it register for this purpose. For example:

• A trace facility may augment its capability with a dynamic trace capability by using the Dprobes facility as a means of inserting tracepoints - dynamically, without any prior code modification.

• A crash dump facility may use Dprobes as a means of invoking dumps conditionally when a specific set of circumstances occurs in a particular code path.

• A debugger may use Dprobes as high-speed complex conditional breakpoint service.

In creating Dynamic Probes, we were challenged with the conflicts between:
 

• Size of the kernel modification

• Co-existence with other kernel enhancements, particularly debugging and instrumentation enhancements.

• Maintaining concurrency with the latest kernel version.

• Ease of development and continued enhancement of Dynamic Probes.

We alleviated these problems by developing a generalised interface for kernel modifications to use allowing them to exist as dynamically loadable kernel modules.

This interface: The Generalised Kernel Hooks Interface (GKHI) is described in the second part of this paper.

• View the full text of this paper in HTML form, PDF form, and PostScript form. You may also view the presentations slides

• If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

• To become a USENIX Member, please see our Membership Information.