kprobe address of sys_waitpid

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

kprobe address of sys_waitpid

Li Guanglei
I wrote a very simple stap script to probe entry & return of
sys_waitpid & sys_wait4, but I got the output like:

  entry of sys_wait4
  return of sys_wait4
  entry of sys_waitpid
  return of sys_waitpid

the sys_waitpid in kernel is something like:

    return sys_wait4();

So I think the right order should be:

  entry of sys_waitpid
  entry of sys_wait4
  return of sys_wait4
  return of sys_waitpid

I found systemtap will put the probe on address 0xc0125a6c:

c0125a56 <sys_waitpid>:
c0125a56:       6a 00                   push   $0x0
c0125a58:       ff 74 24 10             pushl  0x10(%esp)
c0125a5c:       ff 74 24 10             pushl  0x10(%esp)
c0125a60:       ff 74 24 10             pushl  0x10(%esp)
c0125a64:       e8 c3 ff ff ff          call   c0125a2c <sys_wait4>
c0125a69:       83 c4 10                add    $0x10,%esp
c0125a6c:       c3                      ret

static struct kprobe dwarf_kprobe_0[1]= {
  {.addr= (void *) 0xc0125a6c}

char const * dwarf_kprobe_0_location_names[1] = {

I got this from 2.6.9-27EL on x86. But it seems ok on 2.6.9-27EL/ppc64