Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
kprobes.c
Go to the documentation of this file.
1 /*
2  * Kernel Probes (KProbes)
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17  *
18  * Copyright IBM Corp. 2002, 2006
19  *
20  * s390 port, used ppc64 as template. Mike Grundy <[email protected]>
21  */
22 
23 #include <linux/kprobes.h>
24 #include <linux/ptrace.h>
25 #include <linux/preempt.h>
26 #include <linux/stop_machine.h>
27 #include <linux/kdebug.h>
28 #include <linux/uaccess.h>
29 #include <asm/cacheflush.h>
30 #include <asm/sections.h>
31 #include <linux/module.h>
32 #include <linux/slab.h>
33 #include <linux/hardirq.h>
34 
35 DEFINE_PER_CPU(struct kprobe *, current_kprobe);
36 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
37 
38 struct kretprobe_blackpoint kretprobe_blacklist[] = { };
39 
40 static int __kprobes is_prohibited_opcode(kprobe_opcode_t *insn)
41 {
42  switch (insn[0] >> 8) {
43  case 0x0c: /* bassm */
44  case 0x0b: /* bsm */
45  case 0x83: /* diag */
46  case 0x44: /* ex */
47  case 0xac: /* stnsm */
48  case 0xad: /* stosm */
49  return -EINVAL;
50  }
51  switch (insn[0]) {
52  case 0x0101: /* pr */
53  case 0xb25a: /* bsa */
54  case 0xb240: /* bakr */
55  case 0xb258: /* bsg */
56  case 0xb218: /* pc */
57  case 0xb228: /* pt */
58  case 0xb98d: /* epsw */
59  return -EINVAL;
60  }
61  return 0;
62 }
63 
64 static int __kprobes get_fixup_type(kprobe_opcode_t *insn)
65 {
66  /* default fixup method */
67  int fixup = FIXUP_PSW_NORMAL;
68 
69  switch (insn[0] >> 8) {
70  case 0x05: /* balr */
71  case 0x0d: /* basr */
72  fixup = FIXUP_RETURN_REGISTER;
73  /* if r2 = 0, no branch will be taken */
74  if ((insn[0] & 0x0f) == 0)
75  fixup |= FIXUP_BRANCH_NOT_TAKEN;
76  break;
77  case 0x06: /* bctr */
78  case 0x07: /* bcr */
79  fixup = FIXUP_BRANCH_NOT_TAKEN;
80  break;
81  case 0x45: /* bal */
82  case 0x4d: /* bas */
83  fixup = FIXUP_RETURN_REGISTER;
84  break;
85  case 0x47: /* bc */
86  case 0x46: /* bct */
87  case 0x86: /* bxh */
88  case 0x87: /* bxle */
89  fixup = FIXUP_BRANCH_NOT_TAKEN;
90  break;
91  case 0x82: /* lpsw */
92  fixup = FIXUP_NOT_REQUIRED;
93  break;
94  case 0xb2: /* lpswe */
95  if ((insn[0] & 0xff) == 0xb2)
96  fixup = FIXUP_NOT_REQUIRED;
97  break;
98  case 0xa7: /* bras */
99  if ((insn[0] & 0x0f) == 0x05)
100  fixup |= FIXUP_RETURN_REGISTER;
101  break;
102  case 0xc0:
103  if ((insn[0] & 0x0f) == 0x00 || /* larl */
104  (insn[0] & 0x0f) == 0x05) /* brasl */
105  fixup |= FIXUP_RETURN_REGISTER;
106  break;
107  case 0xeb:
108  if ((insn[2] & 0xff) == 0x44 || /* bxhg */
109  (insn[2] & 0xff) == 0x45) /* bxleg */
110  fixup = FIXUP_BRANCH_NOT_TAKEN;
111  break;
112  case 0xe3: /* bctg */
113  if ((insn[2] & 0xff) == 0x46)
114  fixup = FIXUP_BRANCH_NOT_TAKEN;
115  break;
116  }
117  return fixup;
118 }
119 
120 int __kprobes arch_prepare_kprobe(struct kprobe *p)
121 {
122  if ((unsigned long) p->addr & 0x01)
123  return -EINVAL;
124 
125  /* Make sure the probe isn't going on a difficult instruction */
126  if (is_prohibited_opcode(p->addr))
127  return -EINVAL;
128 
129  p->opcode = *p->addr;
130  memcpy(p->ainsn.insn, p->addr, ((p->opcode >> 14) + 3) & -2);
131 
132  return 0;
133 }
134 
135 struct ins_replace_args {
136  kprobe_opcode_t *ptr;
137  kprobe_opcode_t opcode;
138 };
139 
140 static int __kprobes swap_instruction(void *aref)
141 {
142  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
143  unsigned long status = kcb->kprobe_status;
144  struct ins_replace_args *args = aref;
145 
146  kcb->kprobe_status = KPROBE_SWAP_INST;
147  probe_kernel_write(args->ptr, &args->opcode, sizeof(args->opcode));
148  kcb->kprobe_status = status;
149  return 0;
150 }
151 
152 void __kprobes arch_arm_kprobe(struct kprobe *p)
153 {
154  struct ins_replace_args args;
155 
156  args.ptr = p->addr;
157  args.opcode = BREAKPOINT_INSTRUCTION;
158  stop_machine(swap_instruction, &args, NULL);
159 }
160 
161 void __kprobes arch_disarm_kprobe(struct kprobe *p)
162 {
163  struct ins_replace_args args;
164 
165  args.ptr = p->addr;
166  args.opcode = p->opcode;
167  stop_machine(swap_instruction, &args, NULL);
168 }
169 
170 void __kprobes arch_remove_kprobe(struct kprobe *p)
171 {
172 }
173 
174 static void __kprobes enable_singlestep(struct kprobe_ctlblk *kcb,
175  struct pt_regs *regs,
176  unsigned long ip)
177 {
178  struct per_regs per_kprobe;
179 
180  /* Set up the PER control registers %cr9-%cr11 */
181  per_kprobe.control = PER_EVENT_IFETCH;
182  per_kprobe.start = ip;
183  per_kprobe.end = ip;
184 
185  /* Save control regs and psw mask */
186  __ctl_store(kcb->kprobe_saved_ctl, 9, 11);
187  kcb->kprobe_saved_imask = regs->psw.mask &
188  (PSW_MASK_PER | PSW_MASK_IO | PSW_MASK_EXT);
189 
190  /* Set PER control regs, turns on single step for the given address */
191  __ctl_load(per_kprobe, 9, 11);
192  regs->psw.mask |= PSW_MASK_PER;
193  regs->psw.mask &= ~(PSW_MASK_IO | PSW_MASK_EXT);
194  regs->psw.addr = ip | PSW_ADDR_AMODE;
195 }
196 
197 static void __kprobes disable_singlestep(struct kprobe_ctlblk *kcb,
198  struct pt_regs *regs,
199  unsigned long ip)
200 {
201  /* Restore control regs and psw mask, set new psw address */
202  __ctl_load(kcb->kprobe_saved_ctl, 9, 11);
203  regs->psw.mask &= ~PSW_MASK_PER;
204  regs->psw.mask |= kcb->kprobe_saved_imask;
205  regs->psw.addr = ip | PSW_ADDR_AMODE;
206 }
207 
208 /*
209  * Activate a kprobe by storing its pointer to current_kprobe. The
210  * previous kprobe is stored in kcb->prev_kprobe. A stack of up to
211  * two kprobes can be active, see KPROBE_REENTER.
212  */
213 static void __kprobes push_kprobe(struct kprobe_ctlblk *kcb, struct kprobe *p)
214 {
215  kcb->prev_kprobe.kp = __get_cpu_var(current_kprobe);
216  kcb->prev_kprobe.status = kcb->kprobe_status;
217  __get_cpu_var(current_kprobe) = p;
218 }
219 
220 /*
221  * Deactivate a kprobe by backing up to the previous state. If the
222  * current state is KPROBE_REENTER prev_kprobe.kp will be non-NULL,
223  * for any other state prev_kprobe.kp will be NULL.
224  */
225 static void __kprobes pop_kprobe(struct kprobe_ctlblk *kcb)
226 {
227  __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
228  kcb->kprobe_status = kcb->prev_kprobe.status;
229 }
230 
231 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
232  struct pt_regs *regs)
233 {
234  ri->ret_addr = (kprobe_opcode_t *) regs->gprs[14];
235 
236  /* Replace the return addr with trampoline addr */
237  regs->gprs[14] = (unsigned long) &kretprobe_trampoline;
238 }
239 
240 static void __kprobes kprobe_reenter_check(struct kprobe_ctlblk *kcb,
241  struct kprobe *p)
242 {
243  switch (kcb->kprobe_status) {
244  case KPROBE_HIT_SSDONE:
245  case KPROBE_HIT_ACTIVE:
246  kprobes_inc_nmissed_count(p);
247  break;
248  case KPROBE_HIT_SS:
249  case KPROBE_REENTER:
250  default:
251  /*
252  * A kprobe on the code path to single step an instruction
253  * is a BUG. The code path resides in the .kprobes.text
254  * section and is executed with interrupts disabled.
255  */
256  printk(KERN_EMERG "Invalid kprobe detected at %p.\n", p->addr);
257  dump_kprobe(p);
258  BUG();
259  }
260 }
261 
262 static int __kprobes kprobe_handler(struct pt_regs *regs)
263 {
264  struct kprobe_ctlblk *kcb;
265  struct kprobe *p;
266 
267  /*
268  * We want to disable preemption for the entire duration of kprobe
269  * processing. That includes the calls to the pre/post handlers
270  * and single stepping the kprobe instruction.
271  */
272  preempt_disable();
273  kcb = get_kprobe_ctlblk();
274  p = get_kprobe((void *)((regs->psw.addr & PSW_ADDR_INSN) - 2));
275 
276  if (p) {
277  if (kprobe_running()) {
278  /*
279  * We have hit a kprobe while another is still
280  * active. This can happen in the pre and post
281  * handler. Single step the instruction of the
282  * new probe but do not call any handler function
283  * of this secondary kprobe.
284  * push_kprobe and pop_kprobe saves and restores
285  * the currently active kprobe.
286  */
287  kprobe_reenter_check(kcb, p);
288  push_kprobe(kcb, p);
289  kcb->kprobe_status = KPROBE_REENTER;
290  } else {
291  /*
292  * If we have no pre-handler or it returned 0, we
293  * continue with single stepping. If we have a
294  * pre-handler and it returned non-zero, it prepped
295  * for calling the break_handler below on re-entry
296  * for jprobe processing, so get out doing nothing
297  * more here.
298  */
299  push_kprobe(kcb, p);
300  kcb->kprobe_status = KPROBE_HIT_ACTIVE;
301  if (p->pre_handler && p->pre_handler(p, regs))
302  return 1;
303  kcb->kprobe_status = KPROBE_HIT_SS;
304  }
305  enable_singlestep(kcb, regs, (unsigned long) p->ainsn.insn);
306  return 1;
307  } else if (kprobe_running()) {
308  p = __get_cpu_var(current_kprobe);
309  if (p->break_handler && p->break_handler(p, regs)) {
310  /*
311  * Continuation after the jprobe completed and
312  * caused the jprobe_return trap. The jprobe
313  * break_handler "returns" to the original
314  * function that still has the kprobe breakpoint
315  * installed. We continue with single stepping.
316  */
317  kcb->kprobe_status = KPROBE_HIT_SS;
318  enable_singlestep(kcb, regs,
319  (unsigned long) p->ainsn.insn);
320  return 1;
321  } /* else:
322  * No kprobe at this address and the current kprobe
323  * has no break handler (no jprobe!). The kernel just
324  * exploded, let the standard trap handler pick up the
325  * pieces.
326  */
327  } /* else:
328  * No kprobe at this address and no active kprobe. The trap has
329  * not been caused by a kprobe breakpoint. The race of breakpoint
330  * vs. kprobe remove does not exist because on s390 as we use
331  * stop_machine to arm/disarm the breakpoints.
332  */
333  preempt_enable_no_resched();
334  return 0;
335 }
336 
337 /*
338  * Function return probe trampoline:
339  * - init_kprobes() establishes a probepoint here
340  * - When the probed function returns, this probe
341  * causes the handlers to fire
342  */
343 static void __used kretprobe_trampoline_holder(void)
344 {
345  asm volatile(".global kretprobe_trampoline\n"
346  "kretprobe_trampoline: bcr 0,0\n");
347 }
348 
349 /*
350  * Called when the probe at kretprobe trampoline is hit
351  */
352 static int __kprobes trampoline_probe_handler(struct kprobe *p,
353  struct pt_regs *regs)
354 {
355  struct kretprobe_instance *ri;
356  struct hlist_head *head, empty_rp;
357  struct hlist_node *node, *tmp;
358  unsigned long flags, orig_ret_address;
359  unsigned long trampoline_address;
360  kprobe_opcode_t *correct_ret_addr;
361 
362  INIT_HLIST_HEAD(&empty_rp);
363  kretprobe_hash_lock(current, &head, &flags);
364 
365  /*
366  * It is possible to have multiple instances associated with a given
367  * task either because an multiple functions in the call path
368  * have a return probe installed on them, and/or more than one return
369  * return probe was registered for a target function.
370  *
371  * We can handle this because:
372  * - instances are always inserted at the head of the list
373  * - when multiple return probes are registered for the same
374  * function, the first instance's ret_addr will point to the
375  * real return address, and all the rest will point to
376  * kretprobe_trampoline
377  */
378  ri = NULL;
379  orig_ret_address = 0;
380  correct_ret_addr = NULL;
381  trampoline_address = (unsigned long) &kretprobe_trampoline;
382  hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
383  if (ri->task != current)
384  /* another task is sharing our hash bucket */
385  continue;
386 
387  orig_ret_address = (unsigned long) ri->ret_addr;
388 
389  if (orig_ret_address != trampoline_address)
390  /*
391  * This is the real return address. Any other
392  * instances associated with this task are for
393  * other calls deeper on the call stack
394  */
395  break;
396  }
397 
398  kretprobe_assert(ri, orig_ret_address, trampoline_address);
399 
400  correct_ret_addr = ri->ret_addr;
401  hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
402  if (ri->task != current)
403  /* another task is sharing our hash bucket */
404  continue;
405 
406  orig_ret_address = (unsigned long) ri->ret_addr;
407 
408  if (ri->rp && ri->rp->handler) {
409  ri->ret_addr = correct_ret_addr;
410  ri->rp->handler(ri, regs);
411  }
412 
413  recycle_rp_inst(ri, &empty_rp);
414 
415  if (orig_ret_address != trampoline_address)
416  /*
417  * This is the real return address. Any other
418  * instances associated with this task are for
419  * other calls deeper on the call stack
420  */
421  break;
422  }
423 
424  regs->psw.addr = orig_ret_address | PSW_ADDR_AMODE;
425 
426  pop_kprobe(get_kprobe_ctlblk());
427  kretprobe_hash_unlock(current, &flags);
428  preempt_enable_no_resched();
429 
430  hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
431  hlist_del(&ri->hlist);
432  kfree(ri);
433  }
434  /*
435  * By returning a non-zero value, we are telling
436  * kprobe_handler() that we don't want the post_handler
437  * to run (and have re-enabled preemption)
438  */
439  return 1;
440 }
441 
442 /*
443  * Called after single-stepping. p->addr is the address of the
444  * instruction whose first byte has been replaced by the "breakpoint"
445  * instruction. To avoid the SMP problems that can occur when we
446  * temporarily put back the original opcode to single-step, we
447  * single-stepped a copy of the instruction. The address of this
448  * copy is p->ainsn.insn.
449  */
450 static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs)
451 {
452  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
453  unsigned long ip = regs->psw.addr & PSW_ADDR_INSN;
454  int fixup = get_fixup_type(p->ainsn.insn);
455 
456  if (fixup & FIXUP_PSW_NORMAL)
457  ip += (unsigned long) p->addr - (unsigned long) p->ainsn.insn;
458 
459  if (fixup & FIXUP_BRANCH_NOT_TAKEN) {
460  int ilen = ((p->ainsn.insn[0] >> 14) + 3) & -2;
461  if (ip - (unsigned long) p->ainsn.insn == ilen)
462  ip = (unsigned long) p->addr + ilen;
463  }
464 
465  if (fixup & FIXUP_RETURN_REGISTER) {
466  int reg = (p->ainsn.insn[0] & 0xf0) >> 4;
467  regs->gprs[reg] += (unsigned long) p->addr -
468  (unsigned long) p->ainsn.insn;
469  }
470 
471  disable_singlestep(kcb, regs, ip);
472 }
473 
474 static int __kprobes post_kprobe_handler(struct pt_regs *regs)
475 {
476  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
477  struct kprobe *p = kprobe_running();
478 
479  if (!p)
480  return 0;
481 
482  if (kcb->kprobe_status != KPROBE_REENTER && p->post_handler) {
483  kcb->kprobe_status = KPROBE_HIT_SSDONE;
484  p->post_handler(p, regs, 0);
485  }
486 
487  resume_execution(p, regs);
488  pop_kprobe(kcb);
489  preempt_enable_no_resched();
490 
491  /*
492  * if somebody else is singlestepping across a probe point, psw mask
493  * will have PER set, in which case, continue the remaining processing
494  * of do_single_step, as if this is not a probe hit.
495  */
496  if (regs->psw.mask & PSW_MASK_PER)
497  return 0;
498 
499  return 1;
500 }
501 
502 static int __kprobes kprobe_trap_handler(struct pt_regs *regs, int trapnr)
503 {
504  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
505  struct kprobe *p = kprobe_running();
506  const struct exception_table_entry *entry;
507 
508  switch(kcb->kprobe_status) {
509  case KPROBE_SWAP_INST:
510  /* We are here because the instruction replacement failed */
511  return 0;
512  case KPROBE_HIT_SS:
513  case KPROBE_REENTER:
514  /*
515  * We are here because the instruction being single
516  * stepped caused a page fault. We reset the current
517  * kprobe and the nip points back to the probe address
518  * and allow the page fault handler to continue as a
519  * normal page fault.
520  */
521  disable_singlestep(kcb, regs, (unsigned long) p->addr);
522  pop_kprobe(kcb);
523  preempt_enable_no_resched();
524  break;
525  case KPROBE_HIT_ACTIVE:
526  case KPROBE_HIT_SSDONE:
527  /*
528  * We increment the nmissed count for accounting,
529  * we can also use npre/npostfault count for accouting
530  * these specific fault cases.
531  */
532  kprobes_inc_nmissed_count(p);
533 
534  /*
535  * We come here because instructions in the pre/post
536  * handler caused the page_fault, this could happen
537  * if handler tries to access user space by
538  * copy_from_user(), get_user() etc. Let the
539  * user-specified handler try to fix it first.
540  */
541  if (p->fault_handler && p->fault_handler(p, regs, trapnr))
542  return 1;
543 
544  /*
545  * In case the user-specified fault handler returned
546  * zero, try to fix up.
547  */
548  entry = search_exception_tables(regs->psw.addr & PSW_ADDR_INSN);
549  if (entry) {
550  regs->psw.addr = extable_fixup(entry) | PSW_ADDR_AMODE;
551  return 1;
552  }
553 
554  /*
555  * fixup_exception() could not handle it,
556  * Let do_page_fault() fix it.
557  */
558  break;
559  default:
560  break;
561  }
562  return 0;
563 }
564 
565 int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
566 {
567  int ret;
568 
569  if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT))
570  local_irq_disable();
571  ret = kprobe_trap_handler(regs, trapnr);
572  if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT))
573  local_irq_restore(regs->psw.mask & ~PSW_MASK_PER);
574  return ret;
575 }
576 
577 /*
578  * Wrapper routine to for handling exceptions.
579  */
580 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
581  unsigned long val, void *data)
582 {
583  struct die_args *args = (struct die_args *) data;
584  struct pt_regs *regs = args->regs;
585  int ret = NOTIFY_DONE;
586 
587  if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT))
588  local_irq_disable();
589 
590  switch (val) {
591  case DIE_BPT:
592  if (kprobe_handler(regs))
593  ret = NOTIFY_STOP;
594  break;
595  case DIE_SSTEP:
596  if (post_kprobe_handler(regs))
597  ret = NOTIFY_STOP;
598  break;
599  case DIE_TRAP:
600  if (!preemptible() && kprobe_running() &&
601  kprobe_trap_handler(regs, args->trapnr))
602  ret = NOTIFY_STOP;
603  break;
604  default:
605  break;
606  }
607 
608  if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT))
609  local_irq_restore(regs->psw.mask & ~PSW_MASK_PER);
610 
611  return ret;
612 }
613 
614 int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
615 {
616  struct jprobe *jp = container_of(p, struct jprobe, kp);
617  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
618  unsigned long stack;
619 
620  memcpy(&kcb->jprobe_saved_regs, regs, sizeof(struct pt_regs));
621 
622  /* setup return addr to the jprobe handler routine */
623  regs->psw.addr = (unsigned long) jp->entry | PSW_ADDR_AMODE;
624  regs->psw.mask &= ~(PSW_MASK_IO | PSW_MASK_EXT);
625 
626  /* r15 is the stack pointer */
627  stack = (unsigned long) regs->gprs[15];
628 
629  memcpy(kcb->jprobes_stack, (void *) stack, MIN_STACK_SIZE(stack));
630  return 1;
631 }
632 
633 void __kprobes jprobe_return(void)
634 {
635  asm volatile(".word 0x0002");
636 }
637 
638 static void __used __kprobes jprobe_return_end(void)
639 {
640  asm volatile("bcr 0,0");
641 }
642 
643 int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
644 {
645  struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
646  unsigned long stack;
647 
648  stack = (unsigned long) kcb->jprobe_saved_regs.gprs[15];
649 
650  /* Put the regs back */
651  memcpy(regs, &kcb->jprobe_saved_regs, sizeof(struct pt_regs));
652  /* put the stack back */
653  memcpy((void *) stack, kcb->jprobes_stack, MIN_STACK_SIZE(stack));
654  preempt_enable_no_resched();
655  return 1;
656 }
657 
658 static struct kprobe trampoline = {
659  .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
660  .pre_handler = trampoline_probe_handler
661 };
662 
663 int __init arch_init_kprobes(void)
664 {
665  return register_kprobe(&trampoline);
666 }
667 
668 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
669 {
670  return p->addr == (kprobe_opcode_t *) &kretprobe_trampoline;
671 }
Generated on Thu Jan 10 2013 12:56:16 for Linux Kernel by   doxygen 1.8.2