[mirror_ubuntu-zesty-kernel.git] / samples / kprobes / kprobe_example.c

/*
 * NOTE: This example is works on x86 and powerpc.
 * Here's a sample kernel module showing the use of kprobes to dump a
 * stack trace and selected registers when _do_fork() is called.
 *
 * For more information on theory of operation of kprobes, see
 * Documentation/kprobes.txt
 *
 * You will see the trace data in /var/log/messages and on the console
 * whenever _do_fork() is invoked to create a new process.
 */

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/kprobes.h>

#define MAX_SYMBOL_LEN	64
static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
module_param_string(symbol, symbol, sizeof(symbol), 0644);

/* For each probe you need to allocate a kprobe structure */
static struct kprobe kp = {
	.symbol_name	= symbol,
};

/* kprobe pre_handler: called just before the probed instruction is executed */
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
{
#ifdef CONFIG_X86
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, ip = %lx,"
			" flags = 0x%lx\n",
		p->symbol_name, p->addr, regs->ip, regs->flags);
#endif
#ifdef CONFIG_PPC
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, nip = 0x%lx,"
			" msr = 0x%lx\n",
		p->symbol_name, p->addr, regs->nip, regs->msr);
#endif
#ifdef CONFIG_MIPS
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, epc = 0x%lx,"
			" status = 0x%lx\n",
		p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status);
#endif
#ifdef CONFIG_TILEGX
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
			" ex1 = 0x%lx\n",
		p->symbol_name, p->addr, regs->pc, regs->ex1);
#endif
#ifdef CONFIG_ARM64
	pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
			" pstate = 0x%lx\n",
		p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
#endif

	/* A dump_stack() here will give a stack backtrace */
	return 0;
}

/* kprobe post_handler: called after the probed instruction is executed */
static void handler_post(struct kprobe *p, struct pt_regs *regs,
				unsigned long flags)
{
#ifdef CONFIG_X86
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, flags = 0x%lx\n",
		p->symbol_name, p->addr, regs->flags);
#endif
#ifdef CONFIG_PPC
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, msr = 0x%lx\n",
		p->symbol_name, p->addr, regs->msr);
#endif
#ifdef CONFIG_MIPS
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, status = 0x%lx\n",
		p->symbol_name, p->addr, regs->cp0_status);
#endif
#ifdef CONFIG_TILEGX
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, ex1 = 0x%lx\n",
		p->symbol_name, p->addr, regs->ex1);
#endif
#ifdef CONFIG_ARM64
	pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n",
		p->symbol_name, p->addr, (long)regs->pstate);
#endif
}

/*
 * fault_handler: this is called if an exception is generated for any
 * instruction within the pre- or post-handler, or when Kprobes
 * single-steps the probed instruction.
 */
static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
	printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
		p->addr, trapnr);
	/* Return 0 because we don't handle the fault. */
	return 0;
}

static int __init kprobe_init(void)
{
	int ret;
	kp.pre_handler = handler_pre;
	kp.post_handler = handler_post;
	kp.fault_handler = handler_fault;

	ret = register_kprobe(&kp);
	if (ret < 0) {
		printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
		return ret;
	}
	printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
	return 0;
}

static void __exit kprobe_exit(void)
{
	unregister_kprobe(&kp);
	printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
}

module_init(kprobe_init)
module_exit(kprobe_exit)
MODULE_LICENSE("GPL");
Commit	Line	Data
804defea AM	1	/*
	2	* NOTE: This example is works on x86 and powerpc.
	3	* Here's a sample kernel module showing the use of kprobes to dump a
54aea454	4	* stack trace and selected registers when _do_fork() is called.
804defea AM	5	*
	6	* For more information on theory of operation of kprobes, see
	7	* Documentation/kprobes.txt
	8	*
	9	* You will see the trace data in /var/log/messages and on the console
54aea454	10	* whenever _do_fork() is invoked to create a new process.
804defea AM	11	*/
	12
	13	#include <linux/kernel.h>
	14	#include <linux/module.h>
	15	#include <linux/kprobes.h>
	16
d04659ac HS	17	#define MAX_SYMBOL_LEN 64
	18	static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
	19	module_param_string(symbol, symbol, sizeof(symbol), 0644);
	20
804defea AM	21	/* For each probe you need to allocate a kprobe structure */
804defea AM	22	static struct kprobe kp = {
d04659ac	23	.symbol_name = symbol,
804defea AM	24	};
	25
	26	/* kprobe pre_handler: called just before the probed instruction is executed */
	27	static int handler_pre(struct kprobe p, struct pt_regs regs)
	28	{
	29	#ifdef CONFIG_X86
ea9b5013	30	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, ip = %lx,"
804defea	31	" flags = 0x%lx\n",
ea9b5013	32	p->symbol_name, p->addr, regs->ip, regs->flags);
804defea AM	33	#endif
804defea AM	34	#ifdef CONFIG_PPC
ea9b5013	35	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, nip = 0x%lx,"
804defea	36	" msr = 0x%lx\n",
ea9b5013	37	p->symbol_name, p->addr, regs->nip, regs->msr);
804defea	38	#endif
8a149237	39	#ifdef CONFIG_MIPS
ea9b5013	40	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, epc = 0x%lx,"
8a149237	41	" status = 0x%lx\n",
ea9b5013	42	p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status);
8a149237	43	#endif
3fa17c39	44	#ifdef CONFIG_TILEGX
ea9b5013	45	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
3fa17c39	46	" ex1 = 0x%lx\n",
ea9b5013	47	p->symbol_name, p->addr, regs->pc, regs->ex1);
3fa17c39	48	#endif
af78cede SP	49	#ifdef CONFIG_ARM64
	50	pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
	51	" pstate = 0x%lx\n",
	52	p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
	53	#endif
804defea AM	54
	55	/* A dump_stack() here will give a stack backtrace */
	56	return 0;
	57	}
	58
	59	/* kprobe post_handler: called after the probed instruction is executed */
	60	static void handler_post(struct kprobe p, struct pt_regs regs,
	61	unsigned long flags)
	62	{
	63	#ifdef CONFIG_X86
ea9b5013 HS	64	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, flags = 0x%lx\n",
ea9b5013 HS	65	p->symbol_name, p->addr, regs->flags);
804defea AM	66	#endif
804defea AM	67	#ifdef CONFIG_PPC
ea9b5013 HS	68	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, msr = 0x%lx\n",
ea9b5013 HS	69	p->symbol_name, p->addr, regs->msr);
804defea	70	#endif
8a149237	71	#ifdef CONFIG_MIPS
ea9b5013 HS	72	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, status = 0x%lx\n",
ea9b5013 HS	73	p->symbol_name, p->addr, regs->cp0_status);
8a149237	74	#endif
3fa17c39	75	#ifdef CONFIG_TILEGX
ea9b5013 HS	76	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, ex1 = 0x%lx\n",
ea9b5013 HS	77	p->symbol_name, p->addr, regs->ex1);
3fa17c39	78	#endif
af78cede SP	79	#ifdef CONFIG_ARM64
	80	pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n",
	81	p->symbol_name, p->addr, (long)regs->pstate);
	82	#endif
804defea AM	83	}
	84
	85	/*
	86	* fault_handler: this is called if an exception is generated for any
	87	* instruction within the pre- or post-handler, or when Kprobes
	88	* single-steps the probed instruction.
	89	*/
	90	static int handler_fault(struct kprobe p, struct pt_regs regs, int trapnr)
	91	{
	92	printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
	93	p->addr, trapnr);
	94	/* Return 0 because we don't handle the fault. */
	95	return 0;
	96	}
	97
	98	static int __init kprobe_init(void)
	99	{
	100	int ret;
	101	kp.pre_handler = handler_pre;
	102	kp.post_handler = handler_post;
	103	kp.fault_handler = handler_fault;
	104
	105	ret = register_kprobe(&kp);
	106	if (ret < 0) {
	107	printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
	108	return ret;
	109	}
	110	printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
	111	return 0;
	112	}
	113
	114	static void __exit kprobe_exit(void)
	115	{
	116	unregister_kprobe(&kp);
	117	printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
	118	}
	119
	120	module_init(kprobe_init)
	121	module_exit(kprobe_exit)
	122	MODULE_LICENSE("GPL");