Linux Audio

Check our new training course

Open Menu / samples / kprobes / kprobe_example.c
Loading...
v3.5.6
 
  1/*
  2 * NOTE: This example is works on x86 and powerpc.
  3 * Here's a sample kernel module showing the use of kprobes to dump a
  4 * stack trace and selected registers when do_fork() is called.
  5 *
  6 * For more information on theory of operation of kprobes, see
  7 * Documentation/kprobes.txt
  8 *
  9 * You will see the trace data in /var/log/messages and on the console
 10 * whenever do_fork() is invoked to create a new process.
 11 */
 12
 13#include <linux/kernel.h>
 14#include <linux/module.h>
 15#include <linux/kprobes.h>
 16
 
 
 
 
 17/* For each probe you need to allocate a kprobe structure */
 18static struct kprobe kp = {
 19	.symbol_name	= "do_fork",
 20};
 21
 22/* kprobe pre_handler: called just before the probed instruction is executed */
 23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 24{
 25#ifdef CONFIG_X86
 26	printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
 27			" flags = 0x%lx\n",
 28		p->addr, regs->ip, regs->flags);
 29#endif
 30#ifdef CONFIG_PPC
 31	printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
 32			" msr = 0x%lx\n",
 33		p->addr, regs->nip, regs->msr);
 34#endif
 35#ifdef CONFIG_MIPS
 36	printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
 37			" status = 0x%lx\n",
 38		p->addr, regs->cp0_epc, regs->cp0_status);
 
 
 
 
 
 
 
 
 39#endif
 40
 41	/* A dump_stack() here will give a stack backtrace */
 42	return 0;
 43}
 44
 45/* kprobe post_handler: called after the probed instruction is executed */
 46static void handler_post(struct kprobe *p, struct pt_regs *regs,
 47				unsigned long flags)
 48{
 49#ifdef CONFIG_X86
 50	printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
 51		p->addr, regs->flags);
 52#endif
 53#ifdef CONFIG_PPC
 54	printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
 55		p->addr, regs->msr);
 56#endif
 57#ifdef CONFIG_MIPS
 58	printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
 59		p->addr, regs->cp0_status);
 
 
 
 
 
 
 
 
 60#endif
 61}
 62
 63/*
 64 * fault_handler: this is called if an exception is generated for any
 65 * instruction within the pre- or post-handler, or when Kprobes
 66 * single-steps the probed instruction.
 67 */
 68static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
 69{
 70	printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
 71		p->addr, trapnr);
 72	/* Return 0 because we don't handle the fault. */
 73	return 0;
 74}
 75
 76static int __init kprobe_init(void)
 77{
 78	int ret;
 79	kp.pre_handler = handler_pre;
 80	kp.post_handler = handler_post;
 81	kp.fault_handler = handler_fault;
 82
 83	ret = register_kprobe(&kp);
 84	if (ret < 0) {
 85		printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
 86		return ret;
 87	}
 88	printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
 89	return 0;
 90}
 91
 92static void __exit kprobe_exit(void)
 93{
 94	unregister_kprobe(&kp);
 95	printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
 96}
 97
 98module_init(kprobe_init)
 99module_exit(kprobe_exit)
100MODULE_LICENSE("GPL");
v5.4
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 * NOTE: This example is works on x86 and powerpc.
  4 * Here's a sample kernel module showing the use of kprobes to dump a
  5 * stack trace and selected registers when _do_fork() is called.
  6 *
  7 * For more information on theory of operation of kprobes, see
  8 * Documentation/kprobes.txt
  9 *
 10 * You will see the trace data in /var/log/messages and on the console
 11 * whenever _do_fork() is invoked to create a new process.
 12 */
 13
 14#include <linux/kernel.h>
 15#include <linux/module.h>
 16#include <linux/kprobes.h>
 17
 18#define MAX_SYMBOL_LEN	64
 19static char symbol[MAX_SYMBOL_LEN] = "_do_fork";
 20module_param_string(symbol, symbol, sizeof(symbol), 0644);
 21
 22/* For each probe you need to allocate a kprobe structure */
 23static struct kprobe kp = {
 24	.symbol_name	= symbol,
 25};
 26
 27/* kprobe pre_handler: called just before the probed instruction is executed */
 28static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 29{
 30#ifdef CONFIG_X86
 31	pr_info("<%s> pre_handler: p->addr = 0x%p, ip = %lx, flags = 0x%lx\n",
 32		p->symbol_name, p->addr, regs->ip, regs->flags);
 
 33#endif
 34#ifdef CONFIG_PPC
 35	pr_info("<%s> pre_handler: p->addr = 0x%p, nip = 0x%lx, msr = 0x%lx\n",
 36		p->symbol_name, p->addr, regs->nip, regs->msr);
 
 37#endif
 38#ifdef CONFIG_MIPS
 39	pr_info("<%s> pre_handler: p->addr = 0x%p, epc = 0x%lx, status = 0x%lx\n",
 40		p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status);
 41#endif
 42#ifdef CONFIG_ARM64
 43	pr_info("<%s> pre_handler: p->addr = 0x%p, pc = 0x%lx,"
 44			" pstate = 0x%lx\n",
 45		p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
 46#endif
 47#ifdef CONFIG_S390
 48	pr_info("<%s> pre_handler: p->addr, 0x%p, ip = 0x%lx, flags = 0x%lx\n",
 49		p->symbol_name, p->addr, regs->psw.addr, regs->flags);
 50#endif
 51
 52	/* A dump_stack() here will give a stack backtrace */
 53	return 0;
 54}
 55
 56/* kprobe post_handler: called after the probed instruction is executed */
 57static void handler_post(struct kprobe *p, struct pt_regs *regs,
 58				unsigned long flags)
 59{
 60#ifdef CONFIG_X86
 61	pr_info("<%s> post_handler: p->addr = 0x%p, flags = 0x%lx\n",
 62		p->symbol_name, p->addr, regs->flags);
 63#endif
 64#ifdef CONFIG_PPC
 65	pr_info("<%s> post_handler: p->addr = 0x%p, msr = 0x%lx\n",
 66		p->symbol_name, p->addr, regs->msr);
 67#endif
 68#ifdef CONFIG_MIPS
 69	pr_info("<%s> post_handler: p->addr = 0x%p, status = 0x%lx\n",
 70		p->symbol_name, p->addr, regs->cp0_status);
 71#endif
 72#ifdef CONFIG_ARM64
 73	pr_info("<%s> post_handler: p->addr = 0x%p, pstate = 0x%lx\n",
 74		p->symbol_name, p->addr, (long)regs->pstate);
 75#endif
 76#ifdef CONFIG_S390
 77	pr_info("<%s> pre_handler: p->addr, 0x%p, flags = 0x%lx\n",
 78		p->symbol_name, p->addr, regs->flags);
 79#endif
 80}
 81
 82/*
 83 * fault_handler: this is called if an exception is generated for any
 84 * instruction within the pre- or post-handler, or when Kprobes
 85 * single-steps the probed instruction.
 86 */
 87static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
 88{
 89	pr_info("fault_handler: p->addr = 0x%p, trap #%dn", p->addr, trapnr);
 
 90	/* Return 0 because we don't handle the fault. */
 91	return 0;
 92}
 93
 94static int __init kprobe_init(void)
 95{
 96	int ret;
 97	kp.pre_handler = handler_pre;
 98	kp.post_handler = handler_post;
 99	kp.fault_handler = handler_fault;
100
101	ret = register_kprobe(&kp);
102	if (ret < 0) {
103		pr_err("register_kprobe failed, returned %d\n", ret);
104		return ret;
105	}
106	pr_info("Planted kprobe at %p\n", kp.addr);
107	return 0;
108}
109
110static void __exit kprobe_exit(void)
111{
112	unregister_kprobe(&kp);
113	pr_info("kprobe at %p unregistered\n", kp.addr);
114}
115
116module_init(kprobe_init)
117module_exit(kprobe_exit)
118MODULE_LICENSE("GPL");