projects / thirdparty / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 09c434b8 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
| 804defea AM |
2 | /* |
| 3 | * NOTE: This example is works on x86 and powerpc. | |
| 4 | * Here's a sample kernel module showing the use of kprobes to dump a | |
| 54aea454 | 5 | * stack trace and selected registers when _do_fork() is called. |
| 804defea AM |
6 | * |
| 7 | * For more information on theory of operation of kprobes, see | |
| 8 | * Documentation/kprobes.txt | |
| 9 | * | |
| 10 | * You will see the trace data in /var/log/messages and on the console | |
| 54aea454 | 11 | * whenever _do_fork() is invoked to create a new process. |
| 804defea AM |
12 | */ |
| 13 | ||
| 14 | #include <linux/kernel.h> | |
| 15 | #include <linux/module.h> | |
| 16 | #include <linux/kprobes.h> | |
| 17 | ||
| d04659ac HS |
18 | #define MAX_SYMBOL_LEN 64 |
| 19 | static char symbol[MAX_SYMBOL_LEN] = "_do_fork"; | |
| 20 | module_param_string(symbol, symbol, sizeof(symbol), 0644); | |
| 21 | ||
| 804defea AM |
22 | /* For each probe you need to allocate a kprobe structure */ |
| 23 | static struct kprobe kp = { | |
| d04659ac | 24 | .symbol_name = symbol, |
| 804defea AM |
25 | }; |
| 26 | ||
| 27 | /* kprobe pre_handler: called just before the probed instruction is executed */ | |
| d85eaa94 | 28 | static int __kprobes handler_pre(struct kprobe *p, struct pt_regs *regs) |
| 804defea AM |
29 | { |
| 30 | #ifdef CONFIG_X86 | |
| e708c148 | 31 | pr_info("<%s> pre_handler: p->addr = 0x%p, ip = %lx, flags = 0x%lx\n", |
| ea9b5013 | 32 | p->symbol_name, p->addr, regs->ip, regs->flags); |
| 804defea AM |
33 | #endif |
| 34 | #ifdef CONFIG_PPC | |
| e708c148 | 35 | pr_info("<%s> pre_handler: p->addr = 0x%p, nip = 0x%lx, msr = 0x%lx\n", |
| ea9b5013 | 36 | p->symbol_name, p->addr, regs->nip, regs->msr); |
| 804defea | 37 | #endif |
| 8a149237 | 38 | #ifdef CONFIG_MIPS |
| e708c148 | 39 | pr_info("<%s> pre_handler: p->addr = 0x%p, epc = 0x%lx, status = 0x%lx\n", |
| ea9b5013 | 40 | p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status); |
| 8a149237 | 41 | #endif |
| af78cede SP |
42 | #ifdef CONFIG_ARM64 |
| 43 | pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx," | |
| 44 | " pstate = 0x%lx\n", | |
| 45 | p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate); | |
| 46 | #endif | |
| e16c5dd5 JT |
47 | #ifdef CONFIG_S390 |
| 48 | pr_info("<%s> pre_handler: p->addr, 0x%p, ip = 0x%lx, flags = 0x%lx\n", | |
| 49 | p->symbol_name, p->addr, regs->psw.addr, regs->flags); | |
| 50 | #endif | |
| 804defea AM |
51 | |
| 52 | /* A dump_stack() here will give a stack backtrace */ | |
| 53 | return 0; | |
| 54 | } | |
| 55 | ||
| 56 | /* kprobe post_handler: called after the probed instruction is executed */ | |
| d85eaa94 | 57 | static void __kprobes handler_post(struct kprobe *p, struct pt_regs *regs, |
| 804defea AM |
58 | unsigned long flags) |
| 59 | { | |
| 60 | #ifdef CONFIG_X86 | |
| e708c148 | 61 | pr_info("<%s> post_handler: p->addr = 0x%p, flags = 0x%lx\n", |
| ea9b5013 | 62 | p->symbol_name, p->addr, regs->flags); |
| 804defea AM |
63 | #endif |
| 64 | #ifdef CONFIG_PPC | |
| e708c148 | 65 | pr_info("<%s> post_handler: p->addr = 0x%p, msr = 0x%lx\n", |
| ea9b5013 | 66 | p->symbol_name, p->addr, regs->msr); |
| 804defea | 67 | #endif |
| 8a149237 | 68 | #ifdef CONFIG_MIPS |
| e708c148 | 69 | pr_info("<%s> post_handler: p->addr = 0x%p, status = 0x%lx\n", |
| ea9b5013 | 70 | p->symbol_name, p->addr, regs->cp0_status); |
| 8a149237 | 71 | #endif |
| af78cede SP |
72 | #ifdef CONFIG_ARM64 |
| 73 | pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n", | |
| 74 | p->symbol_name, p->addr, (long)regs->pstate); | |
| 75 | #endif | |
| e16c5dd5 JT |
76 | #ifdef CONFIG_S390 |
| 77 | pr_info("<%s> pre_handler: p->addr, 0x%p, flags = 0x%lx\n", | |
| 78 | p->symbol_name, p->addr, regs->flags); | |
| 79 | #endif | |
| 804defea AM |
80 | } |
| 81 | ||
| 82 | /* | |
| 83 | * fault_handler: this is called if an exception is generated for any | |
| 84 | * instruction within the pre- or post-handler, or when Kprobes | |
| 85 | * single-steps the probed instruction. | |
| 86 | */ | |
| 87 | static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr) | |
| 88 | { | |
| e708c148 | 89 | pr_info("fault_handler: p->addr = 0x%p, trap #%dn", p->addr, trapnr); |
| 804defea AM |
90 | /* Return 0 because we don't handle the fault. */ |
| 91 | return 0; | |
| 92 | } | |
| d85eaa94 MH |
93 | /* NOKPROBE_SYMBOL() is also available */ |
| 94 | NOKPROBE_SYMBOL(handler_fault); | |
| 804defea AM |
95 | |
| 96 | static int __init kprobe_init(void) | |
| 97 | { | |
| 98 | int ret; | |
| 99 | kp.pre_handler = handler_pre; | |
| 100 | kp.post_handler = handler_post; | |
| 101 | kp.fault_handler = handler_fault; | |
| 102 | ||
| 103 | ret = register_kprobe(&kp); | |
| 104 | if (ret < 0) { | |
| e708c148 | 105 | pr_err("register_kprobe failed, returned %d\n", ret); |
| 804defea AM |
106 | return ret; |
| 107 | } | |
| e708c148 | 108 | pr_info("Planted kprobe at %p\n", kp.addr); |
| 804defea AM |
109 | return 0; |
| 110 | } | |
| 111 | ||
| 112 | static void __exit kprobe_exit(void) | |
| 113 | { | |
| 114 | unregister_kprobe(&kp); | |
| e708c148 | 115 | pr_info("kprobe at %p unregistered\n", kp.addr); |
| 804defea AM |
116 | } |
| 117 | ||
| 118 | module_init(kprobe_init) | |
| 119 | module_exit(kprobe_exit) | |
| 120 | MODULE_LICENSE("GPL"); |