kprobe_example.c 3.23 KB
Newer Older
1 2 3
/*
 * NOTE: This example is works on x86 and powerpc.
 * Here's a sample kernel module showing the use of kprobes to dump a
4
 * stack trace and selected registers when _do_fork() is called.
5 6 7 8 9
 *
 * For more information on theory of operation of kprobes, see
 * Documentation/kprobes.txt
 *
 * You will see the trace data in /var/log/messages and on the console
10
 * whenever _do_fork() is invoked to create a new process.
11 12 13 14 15 16
 */

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/kprobes.h>

17 18 19 20
#define MAX_SYMBOL_LEN	64
static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
module_param_string(symbol, symbol, sizeof(symbol), 0644);

21 22
/* For each probe you need to allocate a kprobe structure */
static struct kprobe kp = {
23
	.symbol_name	= symbol,
24 25 26 27 28 29
};

/* kprobe pre_handler: called just before the probed instruction is executed */
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
{
#ifdef CONFIG_X86
30
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, ip = %lx,"
31
			" flags = 0x%lx\n",
32
		p->symbol_name, p->addr, regs->ip, regs->flags);
33 34
#endif
#ifdef CONFIG_PPC
35
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, nip = 0x%lx,"
36
			" msr = 0x%lx\n",
37
		p->symbol_name, p->addr, regs->nip, regs->msr);
38
#endif
39
#ifdef CONFIG_MIPS
40
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, epc = 0x%lx,"
41
			" status = 0x%lx\n",
42
		p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status);
43
#endif
Tony Lu's avatar
Tony Lu committed
44
#ifdef CONFIG_TILEGX
45
	printk(KERN_INFO "<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
Tony Lu's avatar
Tony Lu committed
46
			" ex1 = 0x%lx\n",
47
		p->symbol_name, p->addr, regs->pc, regs->ex1);
Tony Lu's avatar
Tony Lu committed
48
#endif
49 50 51 52 53 54 55 56 57 58

	/* A dump_stack() here will give a stack backtrace */
	return 0;
}

/* kprobe post_handler: called after the probed instruction is executed */
static void handler_post(struct kprobe *p, struct pt_regs *regs,
				unsigned long flags)
{
#ifdef CONFIG_X86
59 60
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, flags = 0x%lx\n",
		p->symbol_name, p->addr, regs->flags);
61 62
#endif
#ifdef CONFIG_PPC
63 64
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, msr = 0x%lx\n",
		p->symbol_name, p->addr, regs->msr);
65
#endif
66
#ifdef CONFIG_MIPS
67 68
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, status = 0x%lx\n",
		p->symbol_name, p->addr, regs->cp0_status);
69
#endif
Tony Lu's avatar
Tony Lu committed
70
#ifdef CONFIG_TILEGX
71 72
	printk(KERN_INFO "<%s> post_handler: p->addr = 0x%p, ex1 = 0x%lx\n",
		p->symbol_name, p->addr, regs->ex1);
Tony Lu's avatar
Tony Lu committed
73
#endif
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
}

/*
 * fault_handler: this is called if an exception is generated for any
 * instruction within the pre- or post-handler, or when Kprobes
 * single-steps the probed instruction.
 */
static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
	printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
		p->addr, trapnr);
	/* Return 0 because we don't handle the fault. */
	return 0;
}

static int __init kprobe_init(void)
{
	int ret;
	kp.pre_handler = handler_pre;
	kp.post_handler = handler_post;
	kp.fault_handler = handler_fault;

	ret = register_kprobe(&kp);
	if (ret < 0) {
		printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
		return ret;
	}
	printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
	return 0;
}

static void __exit kprobe_exit(void)
{
	unregister_kprobe(&kp);
	printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
}

module_init(kprobe_init)
module_exit(kprobe_exit)
MODULE_LICENSE("GPL");