2019-05-27 13:55:05 +07:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
2005-04-17 05:20:36 +07:00
|
|
|
#ifndef _LINUX_KPROBES_H
|
|
|
|
#define _LINUX_KPROBES_H
|
|
|
|
/*
|
|
|
|
* Kernel Probes (KProbes)
|
|
|
|
* include/linux/kprobes.h
|
|
|
|
*
|
|
|
|
* Copyright (C) IBM Corporation, 2002, 2004
|
|
|
|
*
|
|
|
|
* 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel
|
|
|
|
* Probes initial implementation ( includes suggestions from
|
|
|
|
* Rusty Russell).
|
|
|
|
* 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
|
|
|
|
* interface to access function arguments.
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
* 2005-May Hien Nguyen <hien@us.ibm.com> and Jim Keniston
|
|
|
|
* <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
|
|
|
|
* <prasanna@in.ibm.com> added function-return probes.
|
2005-04-17 05:20:36 +07:00
|
|
|
*/
|
2017-02-28 05:26:56 +07:00
|
|
|
#include <linux/compiler.h>
|
2008-07-29 17:00:59 +07:00
|
|
|
#include <linux/linkage.h>
|
2005-04-17 05:20:36 +07:00
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/notifier.h>
|
|
|
|
#include <linux/smp.h>
|
2011-11-24 08:12:59 +07:00
|
|
|
#include <linux/bug.h>
|
2005-11-07 16:00:07 +07:00
|
|
|
#include <linux/percpu.h>
|
2005-11-07 16:00:13 +07:00
|
|
|
#include <linux/spinlock.h>
|
|
|
|
#include <linux/rcupdate.h>
|
2006-03-23 18:00:35 +07:00
|
|
|
#include <linux/mutex.h>
|
2012-06-05 17:28:32 +07:00
|
|
|
#include <linux/ftrace.h>
|
2017-02-28 05:26:56 +07:00
|
|
|
#include <asm/kprobes.h>
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
|
2005-12-12 15:37:33 +07:00
|
|
|
#ifdef CONFIG_KPROBES
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2005-06-23 14:09:36 +07:00
|
|
|
/* kprobe_status settings */
|
|
|
|
#define KPROBE_HIT_ACTIVE 0x00000001
|
|
|
|
#define KPROBE_HIT_SS 0x00000002
|
|
|
|
#define KPROBE_REENTER 0x00000004
|
|
|
|
#define KPROBE_HIT_SSDONE 0x00000008
|
|
|
|
|
2009-01-30 05:25:08 +07:00
|
|
|
#else /* CONFIG_KPROBES */
|
2017-02-28 05:26:56 +07:00
|
|
|
#include <asm-generic/kprobes.h>
|
2009-01-30 05:25:08 +07:00
|
|
|
typedef int kprobe_opcode_t;
|
|
|
|
struct arch_specific_insn {
|
|
|
|
int dummy;
|
|
|
|
};
|
|
|
|
#endif /* CONFIG_KPROBES */
|
2005-09-07 05:19:26 +07:00
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
struct kprobe;
|
|
|
|
struct pt_regs;
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
struct kretprobe;
|
|
|
|
struct kretprobe_instance;
|
2005-04-17 05:20:36 +07:00
|
|
|
typedef int (*kprobe_pre_handler_t) (struct kprobe *, struct pt_regs *);
|
|
|
|
typedef void (*kprobe_post_handler_t) (struct kprobe *, struct pt_regs *,
|
|
|
|
unsigned long flags);
|
|
|
|
typedef int (*kprobe_fault_handler_t) (struct kprobe *, struct pt_regs *,
|
|
|
|
int trapnr);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
typedef int (*kretprobe_handler_t) (struct kretprobe_instance *,
|
|
|
|
struct pt_regs *);
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
struct kprobe {
|
|
|
|
struct hlist_node hlist;
|
|
|
|
|
2005-05-06 06:15:42 +07:00
|
|
|
/* list of kprobes for multi-handler support */
|
|
|
|
struct list_head list;
|
|
|
|
|
2005-06-23 14:09:36 +07:00
|
|
|
/*count the number of times this probe was temporarily disarmed */
|
|
|
|
unsigned long nmissed;
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
/* location of the probe point */
|
|
|
|
kprobe_opcode_t *addr;
|
|
|
|
|
2006-10-02 16:17:30 +07:00
|
|
|
/* Allow user to indicate symbol name of the probe point */
|
2007-05-08 14:26:23 +07:00
|
|
|
const char *symbol_name;
|
2006-10-02 16:17:30 +07:00
|
|
|
|
|
|
|
/* Offset into the symbol */
|
|
|
|
unsigned int offset;
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
/* Called before addr is executed. */
|
|
|
|
kprobe_pre_handler_t pre_handler;
|
|
|
|
|
|
|
|
/* Called after addr is executed, unless... */
|
|
|
|
kprobe_post_handler_t post_handler;
|
|
|
|
|
2009-04-07 09:01:00 +07:00
|
|
|
/*
|
|
|
|
* ... called if executing addr causes a fault (eg. page fault).
|
|
|
|
* Return 1 if it handled fault, otherwise kernel will see it.
|
|
|
|
*/
|
2005-04-17 05:20:36 +07:00
|
|
|
kprobe_fault_handler_t fault_handler;
|
|
|
|
|
|
|
|
/* Saved opcode (which has been replaced with breakpoint) */
|
|
|
|
kprobe_opcode_t opcode;
|
|
|
|
|
|
|
|
/* copy of the original instruction */
|
|
|
|
struct arch_specific_insn ainsn;
|
2009-01-07 05:41:52 +07:00
|
|
|
|
2009-04-07 09:01:02 +07:00
|
|
|
/*
|
|
|
|
* Indicates various status flags.
|
|
|
|
* Protected by kprobe_mutex after this kprobe is registered.
|
|
|
|
*/
|
2009-01-07 05:41:52 +07:00
|
|
|
u32 flags;
|
2005-04-17 05:20:36 +07:00
|
|
|
};
|
|
|
|
|
2009-01-07 05:41:52 +07:00
|
|
|
/* Kprobe status flags */
|
|
|
|
#define KPROBE_FLAG_GONE 1 /* breakpoint has already gone */
|
2009-04-07 09:01:02 +07:00
|
|
|
#define KPROBE_FLAG_DISABLED 2 /* probe is temporarily disabled */
|
2010-02-25 20:34:07 +07:00
|
|
|
#define KPROBE_FLAG_OPTIMIZED 4 /*
|
|
|
|
* probe is really optimized.
|
|
|
|
* NOTE:
|
|
|
|
* this flag is only for optimized_kprobe.
|
|
|
|
*/
|
2012-06-05 17:28:32 +07:00
|
|
|
#define KPROBE_FLAG_FTRACE 8 /* probe is using ftrace */
|
2009-01-07 05:41:52 +07:00
|
|
|
|
2009-04-07 09:01:02 +07:00
|
|
|
/* Has this kprobe gone ? */
|
2009-01-07 05:41:52 +07:00
|
|
|
static inline int kprobe_gone(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return p->flags & KPROBE_FLAG_GONE;
|
|
|
|
}
|
|
|
|
|
2009-04-07 09:01:02 +07:00
|
|
|
/* Is this kprobe disabled ? */
|
|
|
|
static inline int kprobe_disabled(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return p->flags & (KPROBE_FLAG_DISABLED | KPROBE_FLAG_GONE);
|
|
|
|
}
|
2010-02-25 20:34:07 +07:00
|
|
|
|
|
|
|
/* Is this kprobe really running optimized path ? */
|
|
|
|
static inline int kprobe_optimized(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return p->flags & KPROBE_FLAG_OPTIMIZED;
|
|
|
|
}
|
2012-06-05 17:28:32 +07:00
|
|
|
|
|
|
|
/* Is this kprobe uses ftrace ? */
|
|
|
|
static inline int kprobe_ftrace(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return p->flags & KPROBE_FLAG_FTRACE;
|
|
|
|
}
|
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
/*
|
|
|
|
* Function-return probe -
|
|
|
|
* Note:
|
|
|
|
* User needs to provide a handler function, and initialize maxactive.
|
|
|
|
* maxactive - The maximum number of instances of the probed function that
|
|
|
|
* can be active concurrently.
|
|
|
|
* nmissed - tracks the number of times the probed function's return was
|
|
|
|
* ignored, due to maxactive being too low.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
struct kretprobe {
|
|
|
|
struct kprobe kp;
|
|
|
|
kretprobe_handler_t handler;
|
2008-02-06 16:38:22 +07:00
|
|
|
kretprobe_handler_t entry_handler;
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
int maxactive;
|
|
|
|
int nmissed;
|
2008-02-06 16:38:22 +07:00
|
|
|
size_t data_size;
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
struct hlist_head free_instances;
|
2009-07-25 21:09:17 +07:00
|
|
|
raw_spinlock_t lock;
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
};
|
|
|
|
|
|
|
|
struct kretprobe_instance {
|
|
|
|
struct hlist_node hlist;
|
|
|
|
struct kretprobe *rp;
|
[PATCH] Return probe redesign: architecture independent changes
The following is the second version of the function return probe patches
I sent out earlier this week. Changes since my last submission include:
* Fix in ppc64 code removing an unneeded call to re-enable preemption
* Fix a build problem in ia64 when kprobes was turned off
* Added another BUG_ON check to each of the architecture trampoline
handlers
My initial patch description ==>
From my experiences with adding return probes to x86_64 and ia64, and the
feedback on LKML to those patches, I think we can simplify the design
for return probes.
The following patch tweaks the original design such that:
* Instead of storing the stack address in the return probe instance, the
task pointer is stored. This gives us all we need in order to:
- find the correct return probe instance when we enter the trampoline
(even if we are recursing)
- find all left-over return probe instances when the task is going away
This has the side effect of simplifying the implementation since more
work can be done in kernel/kprobes.c since architecture specific knowledge
of the stack layout is no longer required. Specifically, we no longer have:
- arch_get_kprobe_task()
- arch_kprobe_flush_task()
- get_rp_inst_tsk()
- get_rp_inst()
- trampoline_post_handler() <see next bullet>
* Instead of splitting the return probe handling and cleanup logic across
the pre and post trampoline handlers, all the work is pushed into the
pre function (trampoline_probe_handler), and then we skip single stepping
the original function. In this case the original instruction to be single
stepped was just a NOP, and we can do without the extra interruption.
The new flow of events to having a return probe handler execute when a target
function exits is:
* At system initialization time, a kprobe is inserted at the beginning of
kretprobe_trampoline. kernel/kprobes.c use to handle this on it's own,
but ia64 needed to do this a little differently (i.e. a function pointer
is really a pointer to a structure containing the instruction pointer and
a global pointer), so I added the notion of arch_init(), so that
kernel/kprobes.c:init_kprobes() now allows architecture specific
initialization by calling arch_init() before exiting. Each architecture
now registers a kprobe on it's own trampoline function.
* register_kretprobe() will insert a kprobe at the beginning of the targeted
function with the kprobe pre_handler set to arch_prepare_kretprobe
(still no change)
* When the target function is entered, the kprobe is fired, calling
arch_prepare_kretprobe (still no change)
* In arch_prepare_kretprobe() we try to get a free instance and if one is
available then we fill out the instance with a pointer to the return probe,
the original return address, and a pointer to the task structure (instead
of the stack address.) Just like before we change the return address
to the trampoline function and mark the instance as used.
If multiple return probes are registered for a given target function,
then arch_prepare_kretprobe() will get called multiple times for the same
task (since our kprobe implementation is able to handle multiple kprobes
at the same address.) Past the first call to arch_prepare_kretprobe,
we end up with the original address stored in the return probe instance
pointing to our trampoline function. (This is a significant difference
from the original arch_prepare_kretprobe design.)
* Target function executes like normal and then returns to kretprobe_trampoline.
* kprobe inserted on the first instruction of kretprobe_trampoline is fired
and calls trampoline_probe_handler() (no change here)
* trampoline_probe_handler() consumes each of the instances associated with
the current task by calling the registered handler function and marking
the instance as unused until an instance is found that has a return address
different then the trampoline function.
(change similar to my previous ia64 RFC)
* If the task is killed with some left-over return probe instances (meaning
that a target function was entered, but never returned), then we just
free any instances associated with the task. (Not much different other
then we can handle this without calling architecture specific functions.)
There is a known problem that this patch does not yet solve where
registering a return probe flush_old_exec or flush_thread will put us
in a bad state. Most likely the best way to handle this is to not allow
registering return probes on these two functions.
(Significant change)
This patch series applies to the 2.6.12-rc6-mm1 kernel, and provides:
* kernel/kprobes.c changes
* i386 patch of existing return probes implementation
* x86_64 patch of existing return probe implementation
* ia64 implementation
* ppc64 implementation (provided by Ananth)
This patch implements the architecture independant changes for a reworking
of the kprobes based function return probes design. Changes include:
* Removing functions for querying a return probe instance off a stack address
* Removing the stack_addr field from the kretprobe_instance definition,
and adding a task pointer
* Adding architecture specific initialization via arch_init()
* Removing extern definitions for the architecture trampoline functions
(this isn't needed anymore since the architecture handles the
initialization of the kprobe in the return probe trampoline function.)
Signed-off-by: Rusty Lynch <rusty.lynch@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-28 05:17:08 +07:00
|
|
|
kprobe_opcode_t *ret_addr;
|
|
|
|
struct task_struct *task;
|
2019-02-23 23:49:52 +07:00
|
|
|
void *fp;
|
2020-05-28 21:35:11 +07:00
|
|
|
char data[];
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
};
|
|
|
|
|
2007-10-16 15:27:49 +07:00
|
|
|
struct kretprobe_blackpoint {
|
|
|
|
const char *name;
|
|
|
|
void *addr;
|
|
|
|
};
|
2008-04-28 16:14:26 +07:00
|
|
|
|
2014-04-17 15:17:05 +07:00
|
|
|
struct kprobe_blacklist_entry {
|
|
|
|
struct list_head list;
|
2008-04-28 16:14:26 +07:00
|
|
|
unsigned long start_addr;
|
2014-04-17 15:17:05 +07:00
|
|
|
unsigned long end_addr;
|
2008-04-28 16:14:26 +07:00
|
|
|
};
|
|
|
|
|
2009-01-30 05:25:08 +07:00
|
|
|
#ifdef CONFIG_KPROBES
|
|
|
|
DECLARE_PER_CPU(struct kprobe *, current_kprobe);
|
|
|
|
DECLARE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
|
|
|
|
|
2009-02-21 04:42:57 +07:00
|
|
|
/*
|
|
|
|
* For #ifdef avoidance:
|
|
|
|
*/
|
|
|
|
static inline int kprobes_built_in(void)
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2009-01-30 05:25:08 +07:00
|
|
|
#ifdef CONFIG_KRETPROBES
|
|
|
|
extern void arch_prepare_kretprobe(struct kretprobe_instance *ri,
|
|
|
|
struct pt_regs *regs);
|
|
|
|
extern int arch_trampoline_kprobe(struct kprobe *p);
|
|
|
|
#else /* CONFIG_KRETPROBES */
|
|
|
|
static inline void arch_prepare_kretprobe(struct kretprobe *rp,
|
|
|
|
struct pt_regs *regs)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
static inline int arch_trampoline_kprobe(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_KRETPROBES */
|
|
|
|
|
2007-10-16 15:27:49 +07:00
|
|
|
extern struct kretprobe_blackpoint kretprobe_blacklist[];
|
|
|
|
|
2007-05-08 14:28:27 +07:00
|
|
|
static inline void kretprobe_assert(struct kretprobe_instance *ri,
|
|
|
|
unsigned long orig_ret_address, unsigned long trampoline_address)
|
|
|
|
{
|
|
|
|
if (!orig_ret_address || (orig_ret_address == trampoline_address)) {
|
|
|
|
printk("kretprobe BUG!: Processing kretprobe %p @ %p\n",
|
|
|
|
ri->rp, ri->rp->kp.addr);
|
|
|
|
BUG();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-01-30 19:32:53 +07:00
|
|
|
#ifdef CONFIG_KPROBES_SANITY_TEST
|
|
|
|
extern int init_test_probes(void);
|
|
|
|
#else
|
|
|
|
static inline int init_test_probes(void)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_KPROBES_SANITY_TEST */
|
|
|
|
|
2005-04-17 05:20:36 +07:00
|
|
|
extern int arch_prepare_kprobe(struct kprobe *p);
|
2005-06-23 14:09:25 +07:00
|
|
|
extern void arch_arm_kprobe(struct kprobe *p);
|
|
|
|
extern void arch_disarm_kprobe(struct kprobe *p);
|
2005-07-06 08:54:50 +07:00
|
|
|
extern int arch_init_kprobes(void);
|
2005-12-12 15:37:34 +07:00
|
|
|
extern void kprobes_inc_nmissed_count(struct kprobe *p);
|
2014-04-17 15:16:58 +07:00
|
|
|
extern bool arch_within_kprobe_blacklist(unsigned long addr);
|
2018-12-17 15:20:55 +07:00
|
|
|
extern int arch_populate_kprobe_blacklist(void);
|
2017-07-08 00:07:24 +07:00
|
|
|
extern bool arch_kprobe_on_func_entry(unsigned long offset);
|
|
|
|
extern bool kprobe_on_func_entry(kprobe_opcode_t *addr, const char *sym, unsigned long offset);
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2015-07-31 10:32:40 +07:00
|
|
|
extern bool within_kprobe_blacklist(unsigned long addr);
|
2018-12-17 15:20:55 +07:00
|
|
|
extern int kprobe_add_ksym_blacklist(unsigned long entry);
|
|
|
|
extern int kprobe_add_area_blacklist(unsigned long start, unsigned long end);
|
2015-07-31 10:32:40 +07:00
|
|
|
|
2013-09-12 04:24:11 +07:00
|
|
|
struct kprobe_insn_cache {
|
|
|
|
struct mutex mutex;
|
2013-09-12 04:24:13 +07:00
|
|
|
void *(*alloc)(void); /* allocate insn page */
|
|
|
|
void (*free)(void *); /* free insn page */
|
2020-05-28 15:00:58 +07:00
|
|
|
const char *sym; /* symbol for insn pages */
|
2013-09-12 04:24:11 +07:00
|
|
|
struct list_head pages; /* list of kprobe_insn_page */
|
|
|
|
size_t insn_size; /* size of instruction slot */
|
|
|
|
int nr_garbage;
|
|
|
|
};
|
|
|
|
|
2017-01-08 21:58:09 +07:00
|
|
|
#ifdef __ARCH_WANT_KPROBES_INSN_SLOT
|
2013-09-12 04:24:11 +07:00
|
|
|
extern kprobe_opcode_t *__get_insn_slot(struct kprobe_insn_cache *c);
|
|
|
|
extern void __free_insn_slot(struct kprobe_insn_cache *c,
|
|
|
|
kprobe_opcode_t *slot, int dirty);
|
2017-01-08 21:58:09 +07:00
|
|
|
/* sleep-less address checking routine */
|
|
|
|
extern bool __is_insn_slot_addr(struct kprobe_insn_cache *c,
|
|
|
|
unsigned long addr);
|
2013-09-12 04:24:11 +07:00
|
|
|
|
|
|
|
#define DEFINE_INSN_CACHE_OPS(__name) \
|
|
|
|
extern struct kprobe_insn_cache kprobe_##__name##_slots; \
|
|
|
|
\
|
|
|
|
static inline kprobe_opcode_t *get_##__name##_slot(void) \
|
|
|
|
{ \
|
|
|
|
return __get_insn_slot(&kprobe_##__name##_slots); \
|
|
|
|
} \
|
|
|
|
\
|
|
|
|
static inline void free_##__name##_slot(kprobe_opcode_t *slot, int dirty)\
|
|
|
|
{ \
|
|
|
|
__free_insn_slot(&kprobe_##__name##_slots, slot, dirty); \
|
|
|
|
} \
|
2017-01-08 21:58:09 +07:00
|
|
|
\
|
|
|
|
static inline bool is_kprobe_##__name##_slot(unsigned long addr) \
|
|
|
|
{ \
|
|
|
|
return __is_insn_slot_addr(&kprobe_##__name##_slots, addr); \
|
|
|
|
}
|
2020-05-28 15:00:58 +07:00
|
|
|
#define KPROBE_INSN_PAGE_SYM "kprobe_insn_page"
|
|
|
|
#define KPROBE_OPTINSN_PAGE_SYM "kprobe_optinsn_page"
|
|
|
|
int kprobe_cache_get_kallsym(struct kprobe_insn_cache *c, unsigned int *symnum,
|
|
|
|
unsigned long *value, char *type, char *sym);
|
2017-01-08 21:58:09 +07:00
|
|
|
#else /* __ARCH_WANT_KPROBES_INSN_SLOT */
|
|
|
|
#define DEFINE_INSN_CACHE_OPS(__name) \
|
|
|
|
static inline bool is_kprobe_##__name##_slot(unsigned long addr) \
|
|
|
|
{ \
|
|
|
|
return 0; \
|
|
|
|
}
|
|
|
|
#endif
|
2013-09-12 04:24:11 +07:00
|
|
|
|
|
|
|
DEFINE_INSN_CACHE_OPS(insn);
|
|
|
|
|
2010-02-25 20:34:07 +07:00
|
|
|
#ifdef CONFIG_OPTPROBES
|
|
|
|
/*
|
|
|
|
* Internal structure for direct jump optimized probe
|
|
|
|
*/
|
|
|
|
struct optimized_kprobe {
|
|
|
|
struct kprobe kp;
|
|
|
|
struct list_head list; /* list for optimizing queue */
|
|
|
|
struct arch_optimized_insn optinsn;
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Architecture dependent functions for direct jump optimization */
|
|
|
|
extern int arch_prepared_optinsn(struct arch_optimized_insn *optinsn);
|
|
|
|
extern int arch_check_optimized_kprobe(struct optimized_kprobe *op);
|
2015-01-05 18:29:32 +07:00
|
|
|
extern int arch_prepare_optimized_kprobe(struct optimized_kprobe *op,
|
|
|
|
struct kprobe *orig);
|
2010-02-25 20:34:07 +07:00
|
|
|
extern void arch_remove_optimized_kprobe(struct optimized_kprobe *op);
|
2010-12-03 16:54:28 +07:00
|
|
|
extern void arch_optimize_kprobes(struct list_head *oplist);
|
2010-12-03 16:54:34 +07:00
|
|
|
extern void arch_unoptimize_kprobes(struct list_head *oplist,
|
|
|
|
struct list_head *done_list);
|
2010-02-25 20:34:07 +07:00
|
|
|
extern void arch_unoptimize_kprobe(struct optimized_kprobe *op);
|
|
|
|
extern int arch_within_optimized_kprobe(struct optimized_kprobe *op,
|
|
|
|
unsigned long addr);
|
|
|
|
|
|
|
|
extern void opt_pre_handler(struct kprobe *p, struct pt_regs *regs);
|
2010-02-25 20:34:15 +07:00
|
|
|
|
2013-09-12 04:24:11 +07:00
|
|
|
DEFINE_INSN_CACHE_OPS(optinsn);
|
|
|
|
|
2010-02-25 20:34:15 +07:00
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
extern int sysctl_kprobes_optimization;
|
|
|
|
extern int proc_kprobes_optimization_handler(struct ctl_table *table,
|
2020-04-24 13:43:38 +07:00
|
|
|
int write, void *buffer,
|
2010-02-25 20:34:15 +07:00
|
|
|
size_t *length, loff_t *ppos);
|
|
|
|
#endif
|
2017-05-17 15:19:49 +07:00
|
|
|
extern void wait_for_kprobe_optimizer(void);
|
|
|
|
#else
|
|
|
|
static inline void wait_for_kprobe_optimizer(void) { }
|
2010-02-25 20:34:07 +07:00
|
|
|
#endif /* CONFIG_OPTPROBES */
|
2012-09-28 15:15:20 +07:00
|
|
|
#ifdef CONFIG_KPROBES_ON_FTRACE
|
2012-06-05 17:28:32 +07:00
|
|
|
extern void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip,
|
2012-06-05 17:28:38 +07:00
|
|
|
struct ftrace_ops *ops, struct pt_regs *regs);
|
2012-06-05 17:28:32 +07:00
|
|
|
extern int arch_prepare_kprobe_ftrace(struct kprobe *p);
|
|
|
|
#endif
|
|
|
|
|
2014-10-15 17:17:34 +07:00
|
|
|
int arch_check_ftrace_location(struct kprobe *p);
|
2010-02-25 20:34:07 +07:00
|
|
|
|
2005-11-07 16:00:14 +07:00
|
|
|
/* Get the kprobe at this addr (if any) - called with preemption disabled */
|
2005-04-17 05:20:36 +07:00
|
|
|
struct kprobe *get_kprobe(void *addr);
|
2008-07-25 15:46:04 +07:00
|
|
|
void kretprobe_hash_lock(struct task_struct *tsk,
|
|
|
|
struct hlist_head **head, unsigned long *flags);
|
|
|
|
void kretprobe_hash_unlock(struct task_struct *tsk, unsigned long *flags);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
struct hlist_head * kretprobe_inst_table_head(struct task_struct *tsk);
|
2005-04-17 05:20:36 +07:00
|
|
|
|
2005-11-07 16:00:07 +07:00
|
|
|
/* kprobe_running() will just return the current_kprobe on this CPU */
|
|
|
|
static inline struct kprobe *kprobe_running(void)
|
|
|
|
{
|
2010-12-07 00:16:25 +07:00
|
|
|
return (__this_cpu_read(current_kprobe));
|
2005-11-07 16:00:07 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void reset_current_kprobe(void)
|
|
|
|
{
|
2010-12-07 00:16:25 +07:00
|
|
|
__this_cpu_write(current_kprobe, NULL);
|
2005-11-07 16:00:07 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct kprobe_ctlblk *get_kprobe_ctlblk(void)
|
|
|
|
{
|
2014-04-30 02:17:40 +07:00
|
|
|
return this_cpu_ptr(&kprobe_ctlblk);
|
2005-11-07 16:00:07 +07:00
|
|
|
}
|
|
|
|
|
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave.
My test was also able to trigger lockdep output:
============================================
WARNING: possible recursive locking detected
5.6.0-rc6+ #6 Not tainted
--------------------------------------------
sched-messaging/2767 is trying to acquire lock:
ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0
but task is already holding lock:
ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(kretprobe_table_locks[i].lock));
lock(&(kretprobe_table_locks[i].lock));
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by sched-messaging/2767:
#0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
stack backtrace:
CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6
Call Trace:
dump_stack+0x96/0xe0
__lock_acquire.cold.57+0x173/0x2b7
? native_queued_spin_lock_slowpath+0x42b/0x9e0
? lockdep_hardirqs_on+0x590/0x590
? __lock_acquire+0xf63/0x4030
lock_acquire+0x15a/0x3d0
? kretprobe_hash_lock+0x52/0xa0
_raw_spin_lock_irqsave+0x36/0x70
? kretprobe_hash_lock+0x52/0xa0
kretprobe_hash_lock+0x52/0xa0
trampoline_handler+0xf8/0x940
? kprobe_fault_handler+0x380/0x380
? find_held_lock+0x3a/0x1c0
kretprobe_trampoline+0x25/0x50
? lock_acquired+0x392/0xbc0
? _raw_spin_lock_irqsave+0x50/0x70
? __get_valid_kprobe+0x1f0/0x1f0
? _raw_spin_unlock_irqrestore+0x3b/0x40
? finish_task_switch+0x4b9/0x6d0
? __switch_to_asm+0x34/0x70
? __switch_to_asm+0x40/0x70
The code within the kretprobe handler checks for probe reentrancy,
so we won't trigger any _raw_spin_lock_irqsave probe in there.
The problem is in outside kprobe_flush_task, where we call:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave
where _raw_spin_lock_irqsave triggers the kretprobe and installs
kretprobe_trampoline handler on _raw_spin_lock_irqsave return.
The kretprobe_trampoline handler is then executed with already
locked kretprobe_table_locks, and first thing it does is to
lock kretprobe_table_locks ;-) the whole lockup path like:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed
---> kretprobe_table_locks locked
kretprobe_trampoline
trampoline_handler
kretprobe_hash_lock(current, &head, &flags); <--- deadlock
Adding kprobe_busy_begin/end helpers that mark code with fake
probe installed to prevent triggering of another kprobe within
this code.
Using these helpers in kprobe_flush_task, so the probe recursion
protection check is hit and the probe is never set to prevent
above lockup.
Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2
Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking")
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "Gustavo A . R . Silva" <gustavoars@kernel.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: "Naveen N . Rao" <naveen.n.rao@linux.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David Miller <davem@davemloft.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Reported-by: "Ziqian SUN (Zamir)" <zsun@redhat.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2020-05-12 15:03:18 +07:00
|
|
|
extern struct kprobe kprobe_busy;
|
|
|
|
void kprobe_busy_begin(void);
|
|
|
|
void kprobe_busy_end(void);
|
|
|
|
|
2017-04-19 19:51:01 +07:00
|
|
|
kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset);
|
2005-04-17 05:20:36 +07:00
|
|
|
int register_kprobe(struct kprobe *p);
|
|
|
|
void unregister_kprobe(struct kprobe *p);
|
2008-04-28 16:14:28 +07:00
|
|
|
int register_kprobes(struct kprobe **kps, int num);
|
|
|
|
void unregister_kprobes(struct kprobe **kps, int num);
|
2007-07-19 15:48:11 +07:00
|
|
|
unsigned long arch_deref_entry_point(void *);
|
2005-04-17 05:20:36 +07:00
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
int register_kretprobe(struct kretprobe *rp);
|
|
|
|
void unregister_kretprobe(struct kretprobe *rp);
|
2008-04-28 16:14:29 +07:00
|
|
|
int register_kretprobes(struct kretprobe **rps, int num);
|
|
|
|
void unregister_kretprobes(struct kretprobe **rps, int num);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
|
|
|
|
void kprobe_flush_task(struct task_struct *tk);
|
2006-10-02 16:17:35 +07:00
|
|
|
void recycle_rp_inst(struct kretprobe_instance *ri, struct hlist_head *head);
|
2008-01-30 19:32:53 +07:00
|
|
|
|
2020-09-10 15:55:05 +07:00
|
|
|
void kprobe_free_init_mem(void);
|
|
|
|
|
2009-04-07 09:01:02 +07:00
|
|
|
int disable_kprobe(struct kprobe *kp);
|
|
|
|
int enable_kprobe(struct kprobe *kp);
|
|
|
|
|
2009-08-27 04:38:30 +07:00
|
|
|
void dump_kprobe(struct kprobe *kp);
|
|
|
|
|
2018-12-05 06:34:56 +07:00
|
|
|
void *alloc_insn_page(void);
|
|
|
|
void free_insn_page(void *page);
|
|
|
|
|
2020-05-28 15:00:58 +07:00
|
|
|
int kprobe_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
|
|
|
|
char *sym);
|
|
|
|
|
|
|
|
int arch_kprobe_get_kallsym(unsigned int *symnum, unsigned long *value,
|
|
|
|
char *type, char *sym);
|
2009-02-21 04:42:57 +07:00
|
|
|
#else /* !CONFIG_KPROBES: */
|
2005-12-12 15:37:33 +07:00
|
|
|
|
2009-02-21 04:42:57 +07:00
|
|
|
static inline int kprobes_built_in(void)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
static inline int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2008-06-22 01:17:39 +07:00
|
|
|
static inline struct kprobe *get_kprobe(void *addr)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
2005-11-07 16:00:07 +07:00
|
|
|
static inline struct kprobe *kprobe_running(void)
|
2005-04-17 05:20:36 +07:00
|
|
|
{
|
2005-11-07 16:00:07 +07:00
|
|
|
return NULL;
|
2005-04-17 05:20:36 +07:00
|
|
|
}
|
|
|
|
static inline int register_kprobe(struct kprobe *p)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
2008-04-28 16:14:28 +07:00
|
|
|
static inline int register_kprobes(struct kprobe **kps, int num)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
2005-04-17 05:20:36 +07:00
|
|
|
static inline void unregister_kprobe(struct kprobe *p)
|
|
|
|
{
|
|
|
|
}
|
2008-04-28 16:14:28 +07:00
|
|
|
static inline void unregister_kprobes(struct kprobe **kps, int num)
|
|
|
|
{
|
|
|
|
}
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
static inline int register_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
2008-04-28 16:14:29 +07:00
|
|
|
static inline int register_kretprobes(struct kretprobe **rps, int num)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
static inline void unregister_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
}
|
2008-04-28 16:14:29 +07:00
|
|
|
static inline void unregister_kretprobes(struct kretprobe **rps, int num)
|
|
|
|
{
|
|
|
|
}
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 14:09:19 +07:00
|
|
|
static inline void kprobe_flush_task(struct task_struct *tk)
|
|
|
|
{
|
|
|
|
}
|
2020-09-10 15:55:05 +07:00
|
|
|
static inline void kprobe_free_init_mem(void)
|
|
|
|
{
|
|
|
|
}
|
2009-04-07 09:01:02 +07:00
|
|
|
static inline int disable_kprobe(struct kprobe *kp)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
|
|
|
static inline int enable_kprobe(struct kprobe *kp)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
2019-01-27 20:03:57 +07:00
|
|
|
|
|
|
|
static inline bool within_kprobe_blacklist(unsigned long addr)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
2020-05-28 15:00:58 +07:00
|
|
|
static inline int kprobe_get_kallsym(unsigned int symnum, unsigned long *value,
|
|
|
|
char *type, char *sym)
|
|
|
|
{
|
|
|
|
return -ERANGE;
|
|
|
|
}
|
2009-02-21 04:42:57 +07:00
|
|
|
#endif /* CONFIG_KPROBES */
|
2009-04-07 09:01:02 +07:00
|
|
|
static inline int disable_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
return disable_kprobe(&rp->kp);
|
|
|
|
}
|
|
|
|
static inline int enable_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
return enable_kprobe(&rp->kp);
|
|
|
|
}
|
|
|
|
|
2017-01-08 21:58:09 +07:00
|
|
|
#ifndef CONFIG_KPROBES
|
|
|
|
static inline bool is_kprobe_insn_slot(unsigned long addr)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifndef CONFIG_OPTPROBES
|
|
|
|
static inline bool is_kprobe_optinsn_slot(unsigned long addr)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2019-07-17 06:28:00 +07:00
|
|
|
/* Returns true if kprobes handled the fault */
|
|
|
|
static nokprobe_inline bool kprobe_page_fault(struct pt_regs *regs,
|
|
|
|
unsigned int trap)
|
|
|
|
{
|
|
|
|
if (!kprobes_built_in())
|
|
|
|
return false;
|
|
|
|
if (user_mode(regs))
|
|
|
|
return false;
|
|
|
|
/*
|
|
|
|
* To be potentially processing a kprobe fault and to be allowed
|
|
|
|
* to call kprobe_running(), we have to be non-preemptible.
|
|
|
|
*/
|
|
|
|
if (preemptible())
|
|
|
|
return false;
|
|
|
|
if (!kprobe_running())
|
|
|
|
return false;
|
|
|
|
return kprobe_fault_handler(regs, trap);
|
|
|
|
}
|
|
|
|
|
2009-02-21 04:42:57 +07:00
|
|
|
#endif /* _LINUX_KPROBES_H */
|