Linux Audio

Check our new training course

Open Menu / samples / kprobes / kprobe_example.c
Loading...
v6.13.7
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
 
  3 * Here's a sample kernel module showing the use of kprobes to dump a
  4 * stack trace and selected registers when kernel_clone() is called.
  5 *
  6 * For more information on theory of operation of kprobes, see
  7 * Documentation/trace/kprobes.rst
  8 *
  9 * You will see the trace data in /var/log/messages and on the console
 10 * whenever kernel_clone() is invoked to create a new process.
 11 */
 12
 13#define pr_fmt(fmt) "%s: " fmt, __func__
 14
 15#include <linux/kernel.h>
 16#include <linux/module.h>
 17#include <linux/kprobes.h>
 18
 19static char symbol[KSYM_NAME_LEN] = "kernel_clone";
 20module_param_string(symbol, symbol, KSYM_NAME_LEN, 0644);
 21
 22/* For each probe you need to allocate a kprobe structure */
 23static struct kprobe kp = {
 24	.symbol_name	= symbol,
 25};
 26
 27/* kprobe pre_handler: called just before the probed instruction is executed */
 28static int __kprobes handler_pre(struct kprobe *p, struct pt_regs *regs)
 29{
 30#ifdef CONFIG_X86
 31	pr_info("<%s> p->addr = 0x%p, ip = %lx, flags = 0x%lx\n",
 32		p->symbol_name, p->addr, regs->ip, regs->flags);
 
 33#endif
 34#ifdef CONFIG_PPC
 35	pr_info("<%s> p->addr = 0x%p, nip = 0x%lx, msr = 0x%lx\n",
 36		p->symbol_name, p->addr, regs->nip, regs->msr);
 
 37#endif
 38#ifdef CONFIG_MIPS
 39	pr_info("<%s> p->addr = 0x%p, epc = 0x%lx, status = 0x%lx\n",
 40		p->symbol_name, p->addr, regs->cp0_epc, regs->cp0_status);
 41#endif
 42#ifdef CONFIG_ARM64
 43	pr_info("<%s> p->addr = 0x%p, pc = 0x%lx, pstate = 0x%lx\n",
 44		p->symbol_name, p->addr, (long)regs->pc, (long)regs->pstate);
 45#endif
 46#ifdef CONFIG_ARM
 47	pr_info("<%s> p->addr = 0x%p, pc = 0x%lx, cpsr = 0x%lx\n",
 48		p->symbol_name, p->addr, (long)regs->ARM_pc, (long)regs->ARM_cpsr);
 49#endif
 50#ifdef CONFIG_RISCV
 51	pr_info("<%s> p->addr = 0x%p, pc = 0x%lx, status = 0x%lx\n",
 52		p->symbol_name, p->addr, regs->epc, regs->status);
 53#endif
 54#ifdef CONFIG_S390
 55	pr_info("<%s> p->addr, 0x%p, ip = 0x%lx, flags = 0x%lx\n",
 56		p->symbol_name, p->addr, regs->psw.addr, regs->flags);
 57#endif
 58#ifdef CONFIG_LOONGARCH
 59	pr_info("<%s> p->addr = 0x%p, era = 0x%lx, estat = 0x%lx\n",
 60		p->symbol_name, p->addr, regs->csr_era, regs->csr_estat);
 61#endif
 62
 63	/* A dump_stack() here will give a stack backtrace */
 64	return 0;
 65}
 66
 67/* kprobe post_handler: called after the probed instruction is executed */
 68static void __kprobes handler_post(struct kprobe *p, struct pt_regs *regs,
 69				unsigned long flags)
 70{
 71#ifdef CONFIG_X86
 72	pr_info("<%s> p->addr = 0x%p, flags = 0x%lx\n",
 73		p->symbol_name, p->addr, regs->flags);
 74#endif
 75#ifdef CONFIG_PPC
 76	pr_info("<%s> p->addr = 0x%p, msr = 0x%lx\n",
 77		p->symbol_name, p->addr, regs->msr);
 78#endif
 79#ifdef CONFIG_MIPS
 80	pr_info("<%s> p->addr = 0x%p, status = 0x%lx\n",
 81		p->symbol_name, p->addr, regs->cp0_status);
 82#endif
 83#ifdef CONFIG_ARM64
 84	pr_info("<%s> p->addr = 0x%p, pstate = 0x%lx\n",
 85		p->symbol_name, p->addr, (long)regs->pstate);
 86#endif
 87#ifdef CONFIG_ARM
 88	pr_info("<%s> p->addr = 0x%p, cpsr = 0x%lx\n",
 89		p->symbol_name, p->addr, (long)regs->ARM_cpsr);
 90#endif
 91#ifdef CONFIG_RISCV
 92	pr_info("<%s> p->addr = 0x%p, status = 0x%lx\n",
 93		p->symbol_name, p->addr, regs->status);
 94#endif
 95#ifdef CONFIG_S390
 96	pr_info("<%s> p->addr, 0x%p, flags = 0x%lx\n",
 97		p->symbol_name, p->addr, regs->flags);
 98#endif
 99#ifdef CONFIG_LOONGARCH
100	pr_info("<%s> p->addr = 0x%p, estat = 0x%lx\n",
101		p->symbol_name, p->addr, regs->csr_estat);
102#endif
103}
104
 
 
 
 
 
 
 
 
 
 
 
 
 
105static int __init kprobe_init(void)
106{
107	int ret;
108	kp.pre_handler = handler_pre;
109	kp.post_handler = handler_post;
 
110
111	ret = register_kprobe(&kp);
112	if (ret < 0) {
113		pr_err("register_kprobe failed, returned %d\n", ret);
114		return ret;
115	}
116	pr_info("Planted kprobe at %p\n", kp.addr);
117	return 0;
118}
119
120static void __exit kprobe_exit(void)
121{
122	unregister_kprobe(&kp);
123	pr_info("kprobe at %p unregistered\n", kp.addr);
124}
125
126module_init(kprobe_init)
127module_exit(kprobe_exit)
128MODULE_DESCRIPTION("sample kernel module showing the use of kprobes");
129MODULE_LICENSE("GPL");
v3.15
 
  1/*
  2 * NOTE: This example is works on x86 and powerpc.
  3 * Here's a sample kernel module showing the use of kprobes to dump a
  4 * stack trace and selected registers when do_fork() is called.
  5 *
  6 * For more information on theory of operation of kprobes, see
  7 * Documentation/kprobes.txt
  8 *
  9 * You will see the trace data in /var/log/messages and on the console
 10 * whenever do_fork() is invoked to create a new process.
 11 */
 12
 
 
 13#include <linux/kernel.h>
 14#include <linux/module.h>
 15#include <linux/kprobes.h>
 16
 
 
 
 17/* For each probe you need to allocate a kprobe structure */
 18static struct kprobe kp = {
 19	.symbol_name	= "do_fork",
 20};
 21
 22/* kprobe pre_handler: called just before the probed instruction is executed */
 23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 24{
 25#ifdef CONFIG_X86
 26	printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
 27			" flags = 0x%lx\n",
 28		p->addr, regs->ip, regs->flags);
 29#endif
 30#ifdef CONFIG_PPC
 31	printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
 32			" msr = 0x%lx\n",
 33		p->addr, regs->nip, regs->msr);
 34#endif
 35#ifdef CONFIG_MIPS
 36	printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
 37			" status = 0x%lx\n",
 38		p->addr, regs->cp0_epc, regs->cp0_status);
 39#endif
 40#ifdef CONFIG_TILEGX
 41	printk(KERN_INFO "pre_handler: p->addr = 0x%p, pc = 0x%lx,"
 42			" ex1 = 0x%lx\n",
 43		p->addr, regs->pc, regs->ex1);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 44#endif
 45
 46	/* A dump_stack() here will give a stack backtrace */
 47	return 0;
 48}
 49
 50/* kprobe post_handler: called after the probed instruction is executed */
 51static void handler_post(struct kprobe *p, struct pt_regs *regs,
 52				unsigned long flags)
 53{
 54#ifdef CONFIG_X86
 55	printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
 56		p->addr, regs->flags);
 57#endif
 58#ifdef CONFIG_PPC
 59	printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
 60		p->addr, regs->msr);
 61#endif
 62#ifdef CONFIG_MIPS
 63	printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
 64		p->addr, regs->cp0_status);
 65#endif
 66#ifdef CONFIG_TILEGX
 67	printk(KERN_INFO "post_handler: p->addr = 0x%p, ex1 = 0x%lx\n",
 68		p->addr, regs->ex1);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 69#endif
 70}
 71
 72/*
 73 * fault_handler: this is called if an exception is generated for any
 74 * instruction within the pre- or post-handler, or when Kprobes
 75 * single-steps the probed instruction.
 76 */
 77static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
 78{
 79	printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
 80		p->addr, trapnr);
 81	/* Return 0 because we don't handle the fault. */
 82	return 0;
 83}
 84
 85static int __init kprobe_init(void)
 86{
 87	int ret;
 88	kp.pre_handler = handler_pre;
 89	kp.post_handler = handler_post;
 90	kp.fault_handler = handler_fault;
 91
 92	ret = register_kprobe(&kp);
 93	if (ret < 0) {
 94		printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
 95		return ret;
 96	}
 97	printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
 98	return 0;
 99}
100
101static void __exit kprobe_exit(void)
102{
103	unregister_kprobe(&kp);
104	printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
105}
106
107module_init(kprobe_init)
108module_exit(kprobe_exit)
 
109MODULE_LICENSE("GPL");