Loading...
1/*
2 * NOTE: This example is works on x86 and powerpc.
3 * Here's a sample kernel module showing the use of kprobes to dump a
4 * stack trace and selected registers when do_fork() is called.
5 *
6 * For more information on theory of operation of kprobes, see
7 * Documentation/kprobes.txt
8 *
9 * You will see the trace data in /var/log/messages and on the console
10 * whenever do_fork() is invoked to create a new process.
11 */
12
13#include <linux/kernel.h>
14#include <linux/module.h>
15#include <linux/kprobes.h>
16
17/* For each probe you need to allocate a kprobe structure */
18static struct kprobe kp = {
19 .symbol_name = "do_fork",
20};
21
22/* kprobe pre_handler: called just before the probed instruction is executed */
23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
24{
25#ifdef CONFIG_X86
26 printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
27 " flags = 0x%lx\n",
28 p->addr, regs->ip, regs->flags);
29#endif
30#ifdef CONFIG_PPC
31 printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
32 " msr = 0x%lx\n",
33 p->addr, regs->nip, regs->msr);
34#endif
35#ifdef CONFIG_MIPS
36 printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
37 " status = 0x%lx\n",
38 p->addr, regs->cp0_epc, regs->cp0_status);
39#endif
40#ifdef CONFIG_TILEGX
41 printk(KERN_INFO "pre_handler: p->addr = 0x%p, pc = 0x%lx,"
42 " ex1 = 0x%lx\n",
43 p->addr, regs->pc, regs->ex1);
44#endif
45
46 /* A dump_stack() here will give a stack backtrace */
47 return 0;
48}
49
50/* kprobe post_handler: called after the probed instruction is executed */
51static void handler_post(struct kprobe *p, struct pt_regs *regs,
52 unsigned long flags)
53{
54#ifdef CONFIG_X86
55 printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
56 p->addr, regs->flags);
57#endif
58#ifdef CONFIG_PPC
59 printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
60 p->addr, regs->msr);
61#endif
62#ifdef CONFIG_MIPS
63 printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
64 p->addr, regs->cp0_status);
65#endif
66#ifdef CONFIG_TILEGX
67 printk(KERN_INFO "post_handler: p->addr = 0x%p, ex1 = 0x%lx\n",
68 p->addr, regs->ex1);
69#endif
70}
71
72/*
73 * fault_handler: this is called if an exception is generated for any
74 * instruction within the pre- or post-handler, or when Kprobes
75 * single-steps the probed instruction.
76 */
77static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
78{
79 printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
80 p->addr, trapnr);
81 /* Return 0 because we don't handle the fault. */
82 return 0;
83}
84
85static int __init kprobe_init(void)
86{
87 int ret;
88 kp.pre_handler = handler_pre;
89 kp.post_handler = handler_post;
90 kp.fault_handler = handler_fault;
91
92 ret = register_kprobe(&kp);
93 if (ret < 0) {
94 printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
95 return ret;
96 }
97 printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
98 return 0;
99}
100
101static void __exit kprobe_exit(void)
102{
103 unregister_kprobe(&kp);
104 printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
105}
106
107module_init(kprobe_init)
108module_exit(kprobe_exit)
109MODULE_LICENSE("GPL");
1/*
2 * NOTE: This example is works on x86 and powerpc.
3 * Here's a sample kernel module showing the use of kprobes to dump a
4 * stack trace and selected registers when do_fork() is called.
5 *
6 * For more information on theory of operation of kprobes, see
7 * Documentation/kprobes.txt
8 *
9 * You will see the trace data in /var/log/messages and on the console
10 * whenever do_fork() is invoked to create a new process.
11 */
12
13#include <linux/kernel.h>
14#include <linux/module.h>
15#include <linux/kprobes.h>
16
17/* For each probe you need to allocate a kprobe structure */
18static struct kprobe kp = {
19 .symbol_name = "do_fork",
20};
21
22/* kprobe pre_handler: called just before the probed instruction is executed */
23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
24{
25#ifdef CONFIG_X86
26 printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
27 " flags = 0x%lx\n",
28 p->addr, regs->ip, regs->flags);
29#endif
30#ifdef CONFIG_PPC
31 printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
32 " msr = 0x%lx\n",
33 p->addr, regs->nip, regs->msr);
34#endif
35#ifdef CONFIG_MIPS
36 printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
37 " status = 0x%lx\n",
38 p->addr, regs->cp0_epc, regs->cp0_status);
39#endif
40
41 /* A dump_stack() here will give a stack backtrace */
42 return 0;
43}
44
45/* kprobe post_handler: called after the probed instruction is executed */
46static void handler_post(struct kprobe *p, struct pt_regs *regs,
47 unsigned long flags)
48{
49#ifdef CONFIG_X86
50 printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
51 p->addr, regs->flags);
52#endif
53#ifdef CONFIG_PPC
54 printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
55 p->addr, regs->msr);
56#endif
57#ifdef CONFIG_MIPS
58 printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
59 p->addr, regs->cp0_status);
60#endif
61}
62
63/*
64 * fault_handler: this is called if an exception is generated for any
65 * instruction within the pre- or post-handler, or when Kprobes
66 * single-steps the probed instruction.
67 */
68static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
69{
70 printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
71 p->addr, trapnr);
72 /* Return 0 because we don't handle the fault. */
73 return 0;
74}
75
76static int __init kprobe_init(void)
77{
78 int ret;
79 kp.pre_handler = handler_pre;
80 kp.post_handler = handler_post;
81 kp.fault_handler = handler_fault;
82
83 ret = register_kprobe(&kp);
84 if (ret < 0) {
85 printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
86 return ret;
87 }
88 printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
89 return 0;
90}
91
92static void __exit kprobe_exit(void)
93{
94 unregister_kprobe(&kp);
95 printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
96}
97
98module_init(kprobe_init)
99module_exit(kprobe_exit)
100MODULE_LICENSE("GPL");