2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Kernel Probes (KProbes)
|
|
|
|
* kernel/kprobes.c
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*
|
|
|
|
* Copyright (C) IBM Corporation, 2002, 2004
|
|
|
|
*
|
|
|
|
* 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel
|
|
|
|
* Probes initial implementation (includes suggestions from
|
|
|
|
* Rusty Russell).
|
|
|
|
* 2004-Aug Updated by Prasanna S Panchamukhi <prasanna@in.ibm.com> with
|
|
|
|
* hlists and exceptions notifier as suggested by Andi Kleen.
|
|
|
|
* 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
|
|
|
|
* interface to access function arguments.
|
|
|
|
* 2004-Sep Prasanna S Panchamukhi <prasanna@in.ibm.com> Changed Kprobes
|
|
|
|
* exceptions notifier to be first on the priority list.
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
* 2005-May Hien Nguyen <hien@us.ibm.com>, Jim Keniston
|
|
|
|
* <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
|
|
|
|
* <prasanna@in.ibm.com> added function-return probes.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
#include <linux/kprobes.h>
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
#include <linux/hash.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/module.h>
|
2005-06-28 06:17:01 +08:00
|
|
|
#include <linux/moduleloader.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <asm/cacheflush.h>
|
|
|
|
#include <asm/errno.h>
|
|
|
|
#include <asm/kdebug.h>
|
|
|
|
|
|
|
|
#define KPROBE_HASH_BITS 6
|
|
|
|
#define KPROBE_TABLE_SIZE (1 << KPROBE_HASH_BITS)
|
|
|
|
|
|
|
|
static struct hlist_head kprobe_table[KPROBE_TABLE_SIZE];
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
static struct hlist_head kretprobe_inst_table[KPROBE_TABLE_SIZE];
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
unsigned int kprobe_cpu = NR_CPUS;
|
|
|
|
static DEFINE_SPINLOCK(kprobe_lock);
|
2005-05-06 07:15:42 +08:00
|
|
|
static struct kprobe *curr_kprobe;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-06-28 06:17:01 +08:00
|
|
|
/*
|
|
|
|
* kprobe->ainsn.insn points to the copy of the instruction to be
|
|
|
|
* single-stepped. x86_64, POWER4 and above have no-exec support and
|
|
|
|
* stepping on the instruction on a vmalloced/kmalloced/data page
|
|
|
|
* is a recipe for disaster
|
|
|
|
*/
|
|
|
|
#define INSNS_PER_PAGE (PAGE_SIZE/(MAX_INSN_SIZE * sizeof(kprobe_opcode_t)))
|
|
|
|
|
|
|
|
struct kprobe_insn_page {
|
|
|
|
struct hlist_node hlist;
|
|
|
|
kprobe_opcode_t *insns; /* Page of instruction slots */
|
|
|
|
char slot_used[INSNS_PER_PAGE];
|
|
|
|
int nused;
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct hlist_head kprobe_insn_pages;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get_insn_slot() - Find a slot on an executable page for an instruction.
|
|
|
|
* We allocate an executable page if there's no room on existing ones.
|
|
|
|
*/
|
|
|
|
kprobe_opcode_t *get_insn_slot(void)
|
|
|
|
{
|
|
|
|
struct kprobe_insn_page *kip;
|
|
|
|
struct hlist_node *pos;
|
|
|
|
|
|
|
|
hlist_for_each(pos, &kprobe_insn_pages) {
|
|
|
|
kip = hlist_entry(pos, struct kprobe_insn_page, hlist);
|
|
|
|
if (kip->nused < INSNS_PER_PAGE) {
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < INSNS_PER_PAGE; i++) {
|
|
|
|
if (!kip->slot_used[i]) {
|
|
|
|
kip->slot_used[i] = 1;
|
|
|
|
kip->nused++;
|
|
|
|
return kip->insns + (i * MAX_INSN_SIZE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Surprise! No unused slots. Fix kip->nused. */
|
|
|
|
kip->nused = INSNS_PER_PAGE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* All out of space. Need to allocate a new page. Use slot 0.*/
|
|
|
|
kip = kmalloc(sizeof(struct kprobe_insn_page), GFP_KERNEL);
|
|
|
|
if (!kip) {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Use module_alloc so this page is within +/- 2GB of where the
|
|
|
|
* kernel image and loaded module images reside. This is required
|
|
|
|
* so x86_64 can correctly handle the %rip-relative fixups.
|
|
|
|
*/
|
|
|
|
kip->insns = module_alloc(PAGE_SIZE);
|
|
|
|
if (!kip->insns) {
|
|
|
|
kfree(kip);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
INIT_HLIST_NODE(&kip->hlist);
|
|
|
|
hlist_add_head(&kip->hlist, &kprobe_insn_pages);
|
|
|
|
memset(kip->slot_used, 0, INSNS_PER_PAGE);
|
|
|
|
kip->slot_used[0] = 1;
|
|
|
|
kip->nused = 1;
|
|
|
|
return kip->insns;
|
|
|
|
}
|
|
|
|
|
|
|
|
void free_insn_slot(kprobe_opcode_t *slot)
|
|
|
|
{
|
|
|
|
struct kprobe_insn_page *kip;
|
|
|
|
struct hlist_node *pos;
|
|
|
|
|
|
|
|
hlist_for_each(pos, &kprobe_insn_pages) {
|
|
|
|
kip = hlist_entry(pos, struct kprobe_insn_page, hlist);
|
|
|
|
if (kip->insns <= slot &&
|
|
|
|
slot < kip->insns + (INSNS_PER_PAGE * MAX_INSN_SIZE)) {
|
|
|
|
int i = (slot - kip->insns) / MAX_INSN_SIZE;
|
|
|
|
kip->slot_used[i] = 0;
|
|
|
|
kip->nused--;
|
|
|
|
if (kip->nused == 0) {
|
|
|
|
/*
|
|
|
|
* Page is no longer in use. Free it unless
|
|
|
|
* it's the last one. We keep the last one
|
|
|
|
* so as not to have to set it up again the
|
|
|
|
* next time somebody inserts a probe.
|
|
|
|
*/
|
|
|
|
hlist_del(&kip->hlist);
|
|
|
|
if (hlist_empty(&kprobe_insn_pages)) {
|
|
|
|
INIT_HLIST_NODE(&kip->hlist);
|
|
|
|
hlist_add_head(&kip->hlist,
|
|
|
|
&kprobe_insn_pages);
|
|
|
|
} else {
|
|
|
|
module_free(NULL, kip->insns);
|
|
|
|
kfree(kip);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Locks kprobe: irqs must be disabled */
|
|
|
|
void lock_kprobes(void)
|
|
|
|
{
|
|
|
|
spin_lock(&kprobe_lock);
|
|
|
|
kprobe_cpu = smp_processor_id();
|
|
|
|
}
|
|
|
|
|
|
|
|
void unlock_kprobes(void)
|
|
|
|
{
|
|
|
|
kprobe_cpu = NR_CPUS;
|
|
|
|
spin_unlock(&kprobe_lock);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* You have to be holding the kprobe_lock */
|
|
|
|
struct kprobe *get_kprobe(void *addr)
|
|
|
|
{
|
|
|
|
struct hlist_head *head;
|
|
|
|
struct hlist_node *node;
|
|
|
|
|
|
|
|
head = &kprobe_table[hash_ptr(addr, KPROBE_HASH_BITS)];
|
|
|
|
hlist_for_each(node, head) {
|
|
|
|
struct kprobe *p = hlist_entry(node, struct kprobe, hlist);
|
|
|
|
if (p->addr == addr)
|
|
|
|
return p;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2005-05-06 07:15:42 +08:00
|
|
|
/*
|
|
|
|
* Aggregate handlers for multiple kprobes support - these handlers
|
|
|
|
* take care of invoking the individual kprobe handlers on p->list
|
|
|
|
*/
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
static int aggr_pre_handler(struct kprobe *p, struct pt_regs *regs)
|
2005-05-06 07:15:42 +08:00
|
|
|
{
|
|
|
|
struct kprobe *kp;
|
|
|
|
|
|
|
|
list_for_each_entry(kp, &p->list, list) {
|
|
|
|
if (kp->pre_handler) {
|
|
|
|
curr_kprobe = kp;
|
2005-06-23 15:09:41 +08:00
|
|
|
if (kp->pre_handler(kp, regs))
|
|
|
|
return 1;
|
2005-05-06 07:15:42 +08:00
|
|
|
}
|
2005-06-23 15:09:41 +08:00
|
|
|
curr_kprobe = NULL;
|
2005-05-06 07:15:42 +08:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
static void aggr_post_handler(struct kprobe *p, struct pt_regs *regs,
|
|
|
|
unsigned long flags)
|
2005-05-06 07:15:42 +08:00
|
|
|
{
|
|
|
|
struct kprobe *kp;
|
|
|
|
|
|
|
|
list_for_each_entry(kp, &p->list, list) {
|
|
|
|
if (kp->post_handler) {
|
|
|
|
curr_kprobe = kp;
|
|
|
|
kp->post_handler(kp, regs, flags);
|
|
|
|
curr_kprobe = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
static int aggr_fault_handler(struct kprobe *p, struct pt_regs *regs,
|
|
|
|
int trapnr)
|
2005-05-06 07:15:42 +08:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* if we faulted "during" the execution of a user specified
|
|
|
|
* probe handler, invoke just that probe's fault handler
|
|
|
|
*/
|
|
|
|
if (curr_kprobe && curr_kprobe->fault_handler) {
|
|
|
|
if (curr_kprobe->fault_handler(curr_kprobe, regs, trapnr))
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-06-23 15:09:41 +08:00
|
|
|
static int aggr_break_handler(struct kprobe *p, struct pt_regs *regs)
|
|
|
|
{
|
|
|
|
struct kprobe *kp = curr_kprobe;
|
|
|
|
if (curr_kprobe && kp->break_handler) {
|
|
|
|
if (kp->break_handler(kp, regs)) {
|
|
|
|
curr_kprobe = NULL;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
curr_kprobe = NULL;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
struct kprobe trampoline_p = {
|
|
|
|
.addr = (kprobe_opcode_t *) &kretprobe_trampoline,
|
|
|
|
.pre_handler = trampoline_probe_handler,
|
|
|
|
.post_handler = trampoline_post_handler
|
|
|
|
};
|
|
|
|
|
|
|
|
struct kretprobe_instance *get_free_rp_inst(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
struct hlist_node *node;
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
hlist_for_each_entry(ri, node, &rp->free_instances, uflist)
|
|
|
|
return ri;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct kretprobe_instance *get_used_rp_inst(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
struct hlist_node *node;
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
hlist_for_each_entry(ri, node, &rp->used_instances, uflist)
|
|
|
|
return ri;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct kretprobe_instance *get_rp_inst(void *sara)
|
|
|
|
{
|
|
|
|
struct hlist_head *head;
|
|
|
|
struct hlist_node *node;
|
|
|
|
struct task_struct *tsk;
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
|
|
|
|
tsk = arch_get_kprobe_task(sara);
|
|
|
|
head = &kretprobe_inst_table[hash_ptr(tsk, KPROBE_HASH_BITS)];
|
|
|
|
hlist_for_each_entry(ri, node, head, hlist) {
|
|
|
|
if (ri->stack_addr == sara)
|
|
|
|
return ri;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
void add_rp_inst(struct kretprobe_instance *ri)
|
|
|
|
{
|
|
|
|
struct task_struct *tsk;
|
|
|
|
/*
|
|
|
|
* Remove rp inst off the free list -
|
|
|
|
* Add it back when probed function returns
|
|
|
|
*/
|
|
|
|
hlist_del(&ri->uflist);
|
|
|
|
tsk = arch_get_kprobe_task(ri->stack_addr);
|
|
|
|
/* Add rp inst onto table */
|
|
|
|
INIT_HLIST_NODE(&ri->hlist);
|
|
|
|
hlist_add_head(&ri->hlist,
|
|
|
|
&kretprobe_inst_table[hash_ptr(tsk, KPROBE_HASH_BITS)]);
|
|
|
|
|
|
|
|
/* Also add this rp inst to the used list. */
|
|
|
|
INIT_HLIST_NODE(&ri->uflist);
|
|
|
|
hlist_add_head(&ri->uflist, &ri->rp->used_instances);
|
|
|
|
}
|
|
|
|
|
|
|
|
void recycle_rp_inst(struct kretprobe_instance *ri)
|
|
|
|
{
|
|
|
|
/* remove rp inst off the rprobe_inst_table */
|
|
|
|
hlist_del(&ri->hlist);
|
|
|
|
if (ri->rp) {
|
|
|
|
/* remove rp inst off the used list */
|
|
|
|
hlist_del(&ri->uflist);
|
|
|
|
/* put rp inst back onto the free list */
|
|
|
|
INIT_HLIST_NODE(&ri->uflist);
|
|
|
|
hlist_add_head(&ri->uflist, &ri->rp->free_instances);
|
|
|
|
} else
|
|
|
|
/* Unregistering */
|
|
|
|
kfree(ri);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct hlist_head * kretprobe_inst_table_head(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
return &kretprobe_inst_table[hash_ptr(tsk, KPROBE_HASH_BITS)];
|
|
|
|
}
|
|
|
|
|
|
|
|
struct kretprobe_instance *get_rp_inst_tsk(struct task_struct *tk)
|
|
|
|
{
|
|
|
|
struct task_struct *tsk;
|
|
|
|
struct hlist_head *head;
|
|
|
|
struct hlist_node *node;
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
|
|
|
|
head = &kretprobe_inst_table[hash_ptr(tk, KPROBE_HASH_BITS)];
|
|
|
|
|
|
|
|
hlist_for_each_entry(ri, node, head, hlist) {
|
|
|
|
tsk = arch_get_kprobe_task(ri->stack_addr);
|
|
|
|
if (tsk == tk)
|
|
|
|
return ri;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This function is called from do_exit or do_execv when task tk's stack is
|
|
|
|
* about to be recycled. Recycle any function-return probe instances
|
|
|
|
* associated with this task. These represent probed functions that have
|
|
|
|
* been called but may never return.
|
|
|
|
*/
|
|
|
|
void kprobe_flush_task(struct task_struct *tk)
|
|
|
|
{
|
2005-06-23 15:09:26 +08:00
|
|
|
unsigned long flags = 0;
|
|
|
|
spin_lock_irqsave(&kprobe_lock, flags);
|
|
|
|
arch_kprobe_flush_task(tk);
|
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This kprobe pre_handler is registered with every kretprobe. When probe
|
|
|
|
* hits it will set up the return probe.
|
|
|
|
*/
|
|
|
|
static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
|
|
|
|
{
|
|
|
|
struct kretprobe *rp = container_of(p, struct kretprobe, kp);
|
|
|
|
|
|
|
|
/*TODO: consider to only swap the RA after the last pre_handler fired */
|
|
|
|
arch_prepare_kretprobe(rp, regs);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void free_rp_inst(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
while ((ri = get_free_rp_inst(rp)) != NULL) {
|
|
|
|
hlist_del(&ri->uflist);
|
|
|
|
kfree(ri);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-06-23 15:09:41 +08:00
|
|
|
/*
|
|
|
|
* Keep all fields in the kprobe consistent
|
|
|
|
*/
|
|
|
|
static inline void copy_kprobe(struct kprobe *old_p, struct kprobe *p)
|
|
|
|
{
|
|
|
|
memcpy(&p->opcode, &old_p->opcode, sizeof(kprobe_opcode_t));
|
|
|
|
memcpy(&p->ainsn, &old_p->ainsn, sizeof(struct arch_specific_insn));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add the new probe to old_p->list. Fail if this is the
|
|
|
|
* second jprobe at the address - two jprobes can't coexist
|
|
|
|
*/
|
|
|
|
static int add_new_kprobe(struct kprobe *old_p, struct kprobe *p)
|
|
|
|
{
|
|
|
|
struct kprobe *kp;
|
|
|
|
|
|
|
|
if (p->break_handler) {
|
|
|
|
list_for_each_entry(kp, &old_p->list, list) {
|
|
|
|
if (kp->break_handler)
|
|
|
|
return -EEXIST;
|
|
|
|
}
|
|
|
|
list_add_tail(&p->list, &old_p->list);
|
|
|
|
} else
|
|
|
|
list_add(&p->list, &old_p->list);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-05-06 07:15:42 +08:00
|
|
|
/*
|
|
|
|
* Fill in the required fields of the "manager kprobe". Replace the
|
|
|
|
* earlier kprobe in the hlist with the manager kprobe
|
|
|
|
*/
|
|
|
|
static inline void add_aggr_kprobe(struct kprobe *ap, struct kprobe *p)
|
|
|
|
{
|
2005-06-23 15:09:41 +08:00
|
|
|
copy_kprobe(p, ap);
|
2005-05-06 07:15:42 +08:00
|
|
|
ap->addr = p->addr;
|
|
|
|
ap->pre_handler = aggr_pre_handler;
|
|
|
|
ap->post_handler = aggr_post_handler;
|
|
|
|
ap->fault_handler = aggr_fault_handler;
|
2005-06-23 15:09:41 +08:00
|
|
|
ap->break_handler = aggr_break_handler;
|
2005-05-06 07:15:42 +08:00
|
|
|
|
|
|
|
INIT_LIST_HEAD(&ap->list);
|
|
|
|
list_add(&p->list, &ap->list);
|
|
|
|
|
|
|
|
INIT_HLIST_NODE(&ap->hlist);
|
|
|
|
hlist_del(&p->hlist);
|
|
|
|
hlist_add_head(&ap->hlist,
|
|
|
|
&kprobe_table[hash_ptr(ap->addr, KPROBE_HASH_BITS)]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is the second or subsequent kprobe at the address - handle
|
|
|
|
* the intricacies
|
|
|
|
* TODO: Move kcalloc outside the spinlock
|
|
|
|
*/
|
|
|
|
static int register_aggr_kprobe(struct kprobe *old_p, struct kprobe *p)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
struct kprobe *ap;
|
|
|
|
|
2005-06-23 15:09:41 +08:00
|
|
|
if (old_p->pre_handler == aggr_pre_handler) {
|
|
|
|
copy_kprobe(old_p, p);
|
|
|
|
ret = add_new_kprobe(old_p, p);
|
2005-05-06 07:15:42 +08:00
|
|
|
} else {
|
|
|
|
ap = kcalloc(1, sizeof(struct kprobe), GFP_ATOMIC);
|
|
|
|
if (!ap)
|
|
|
|
return -ENOMEM;
|
|
|
|
add_aggr_kprobe(ap, old_p);
|
2005-06-23 15:09:41 +08:00
|
|
|
copy_kprobe(ap, p);
|
|
|
|
ret = add_new_kprobe(ap, p);
|
2005-05-06 07:15:42 +08:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* kprobe removal house-keeping routines */
|
|
|
|
static inline void cleanup_kprobe(struct kprobe *p, unsigned long flags)
|
|
|
|
{
|
2005-06-23 15:09:25 +08:00
|
|
|
arch_disarm_kprobe(p);
|
2005-05-06 07:15:42 +08:00
|
|
|
hlist_del(&p->hlist);
|
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
|
|
|
arch_remove_kprobe(p);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void cleanup_aggr_kprobe(struct kprobe *old_p,
|
|
|
|
struct kprobe *p, unsigned long flags)
|
|
|
|
{
|
|
|
|
list_del(&p->list);
|
|
|
|
if (list_empty(&old_p->list)) {
|
|
|
|
cleanup_kprobe(old_p, flags);
|
|
|
|
kfree(old_p);
|
|
|
|
} else
|
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
int register_kprobe(struct kprobe *p)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
unsigned long flags = 0;
|
2005-05-06 07:15:42 +08:00
|
|
|
struct kprobe *old_p;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if ((ret = arch_prepare_kprobe(p)) != 0) {
|
|
|
|
goto rm_kprobe;
|
|
|
|
}
|
|
|
|
spin_lock_irqsave(&kprobe_lock, flags);
|
2005-05-06 07:15:42 +08:00
|
|
|
old_p = get_kprobe(p->addr);
|
2005-06-23 15:09:36 +08:00
|
|
|
p->nmissed = 0;
|
2005-05-06 07:15:42 +08:00
|
|
|
if (old_p) {
|
|
|
|
ret = register_aggr_kprobe(old_p, p);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2005-05-06 07:15:42 +08:00
|
|
|
arch_copy_kprobe(p);
|
|
|
|
INIT_HLIST_NODE(&p->hlist);
|
2005-04-17 06:20:36 +08:00
|
|
|
hlist_add_head(&p->hlist,
|
|
|
|
&kprobe_table[hash_ptr(p->addr, KPROBE_HASH_BITS)]);
|
|
|
|
|
2005-06-23 15:09:25 +08:00
|
|
|
arch_arm_kprobe(p);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
|
|
|
rm_kprobe:
|
|
|
|
if (ret == -EEXIST)
|
|
|
|
arch_remove_kprobe(p);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void unregister_kprobe(struct kprobe *p)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
2005-05-06 07:15:42 +08:00
|
|
|
struct kprobe *old_p;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
spin_lock_irqsave(&kprobe_lock, flags);
|
2005-05-06 07:15:42 +08:00
|
|
|
old_p = get_kprobe(p->addr);
|
|
|
|
if (old_p) {
|
|
|
|
if (old_p->pre_handler == aggr_pre_handler)
|
|
|
|
cleanup_aggr_kprobe(old_p, p, flags);
|
|
|
|
else
|
|
|
|
cleanup_kprobe(p, flags);
|
|
|
|
} else
|
2005-05-06 07:15:41 +08:00
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct notifier_block kprobe_exceptions_nb = {
|
|
|
|
.notifier_call = kprobe_exceptions_notify,
|
|
|
|
.priority = 0x7fffffff /* we need to notified first */
|
|
|
|
};
|
|
|
|
|
|
|
|
int register_jprobe(struct jprobe *jp)
|
|
|
|
{
|
|
|
|
/* Todo: Verify probepoint is a function entry point */
|
|
|
|
jp->kp.pre_handler = setjmp_pre_handler;
|
|
|
|
jp->kp.break_handler = longjmp_break_handler;
|
|
|
|
|
|
|
|
return register_kprobe(&jp->kp);
|
|
|
|
}
|
|
|
|
|
|
|
|
void unregister_jprobe(struct jprobe *jp)
|
|
|
|
{
|
|
|
|
unregister_kprobe(&jp->kp);
|
|
|
|
}
|
|
|
|
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
#ifdef ARCH_SUPPORTS_KRETPROBES
|
|
|
|
|
|
|
|
int register_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
struct kretprobe_instance *inst;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
rp->kp.pre_handler = pre_handler_kretprobe;
|
|
|
|
|
|
|
|
/* Pre-allocate memory for max kretprobe instances */
|
|
|
|
if (rp->maxactive <= 0) {
|
|
|
|
#ifdef CONFIG_PREEMPT
|
|
|
|
rp->maxactive = max(10, 2 * NR_CPUS);
|
|
|
|
#else
|
|
|
|
rp->maxactive = NR_CPUS;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
INIT_HLIST_HEAD(&rp->used_instances);
|
|
|
|
INIT_HLIST_HEAD(&rp->free_instances);
|
|
|
|
for (i = 0; i < rp->maxactive; i++) {
|
|
|
|
inst = kmalloc(sizeof(struct kretprobe_instance), GFP_KERNEL);
|
|
|
|
if (inst == NULL) {
|
|
|
|
free_rp_inst(rp);
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
INIT_HLIST_NODE(&inst->uflist);
|
|
|
|
hlist_add_head(&inst->uflist, &rp->free_instances);
|
|
|
|
}
|
|
|
|
|
|
|
|
rp->nmissed = 0;
|
|
|
|
/* Establish function entry probe point */
|
|
|
|
if ((ret = register_kprobe(&rp->kp)) != 0)
|
|
|
|
free_rp_inst(rp);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
#else /* ARCH_SUPPORTS_KRETPROBES */
|
|
|
|
|
|
|
|
int register_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
return -ENOSYS;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* ARCH_SUPPORTS_KRETPROBES */
|
|
|
|
|
|
|
|
void unregister_kretprobe(struct kretprobe *rp)
|
|
|
|
{
|
|
|
|
unsigned long flags;
|
|
|
|
struct kretprobe_instance *ri;
|
|
|
|
|
|
|
|
unregister_kprobe(&rp->kp);
|
|
|
|
/* No race here */
|
|
|
|
spin_lock_irqsave(&kprobe_lock, flags);
|
|
|
|
free_rp_inst(rp);
|
|
|
|
while ((ri = get_used_rp_inst(rp)) != NULL) {
|
|
|
|
ri->rp = NULL;
|
|
|
|
hlist_del(&ri->uflist);
|
|
|
|
}
|
|
|
|
spin_unlock_irqrestore(&kprobe_lock, flags);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int __init init_kprobes(void)
|
|
|
|
{
|
|
|
|
int i, err = 0;
|
|
|
|
|
|
|
|
/* FIXME allocate the probe table, currently defined statically */
|
|
|
|
/* initialize all list heads */
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
|
2005-04-17 06:20:36 +08:00
|
|
|
INIT_HLIST_HEAD(&kprobe_table[i]);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
INIT_HLIST_HEAD(&kretprobe_inst_table[i]);
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
err = register_die_notifier(&kprobe_exceptions_nb);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
/* Register the trampoline probe for return probe */
|
|
|
|
register_kprobe(&trampoline_p);
|
2005-04-17 06:20:36 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
__initcall(init_kprobes);
|
|
|
|
|
|
|
|
EXPORT_SYMBOL_GPL(register_kprobe);
|
|
|
|
EXPORT_SYMBOL_GPL(unregister_kprobe);
|
|
|
|
EXPORT_SYMBOL_GPL(register_jprobe);
|
|
|
|
EXPORT_SYMBOL_GPL(unregister_jprobe);
|
|
|
|
EXPORT_SYMBOL_GPL(jprobe_return);
|
[PATCH] kprobes: function-return probes
This patch adds function-return probes to kprobes for the i386
architecture. This enables you to establish a handler to be run when a
function returns.
1. API
Two new functions are added to kprobes:
int register_kretprobe(struct kretprobe *rp);
void unregister_kretprobe(struct kretprobe *rp);
2. Registration and unregistration
2.1 Register
To register a function-return probe, the user populates the following
fields in a kretprobe object and calls register_kretprobe() with the
kretprobe address as an argument:
kp.addr - the function's address
handler - this function is run after the ret instruction executes, but
before control returns to the return address in the caller.
maxactive - The maximum number of instances of the probed function that
can be active concurrently. For example, if the function is non-
recursive and is called with a spinlock or mutex held, maxactive = 1
should be enough. If the function is non-recursive and can never
relinquish the CPU (e.g., via a semaphore or preemption), NR_CPUS should
be enough. maxactive is used to determine how many kretprobe_instance
objects to allocate for this particular probed function. If maxactive <=
0, it is set to a default value (if CONFIG_PREEMPT maxactive=max(10, 2 *
NR_CPUS) else maxactive=NR_CPUS)
For example:
struct kretprobe rp;
rp.kp.addr = /* entrypoint address */
rp.handler = /*return probe handler */
rp.maxactive = /* e.g., 1 or NR_CPUS or 0, see the above explanation */
register_kretprobe(&rp);
The following field may also be of interest:
nmissed - Initialized to zero when the function-return probe is
registered, and incremented every time the probed function is entered but
there is no kretprobe_instance object available for establishing the
function-return probe (i.e., because maxactive was set too low).
2.2 Unregister
To unregiter a function-return probe, the user calls
unregister_kretprobe() with the same kretprobe object as registered
previously. If a probed function is running when the return probe is
unregistered, the function will return as expected, but the handler won't
be run.
3. Limitations
3.1 This patch supports only the i386 architecture, but patches for
x86_64 and ppc64 are anticipated soon.
3.2 Return probes operates by replacing the return address in the stack
(or in a known register, such as the lr register for ppc). This may
cause __builtin_return_address(0), when invoked from the return-probed
function, to return the address of the return-probes trampoline.
3.3 This implementation uses the "Multiprobes at an address" feature in
2.6.12-rc3-mm3.
3.4 Due to a limitation in multi-probes, you cannot currently establish
a return probe and a jprobe on the same function. A patch to remove
this limitation is being tested.
This feature is required by SystemTap (http://sourceware.org/systemtap),
and reflects ideas contributed by several SystemTap developers, including
Will Cohen and Ananth Mavinakayanahalli.
Signed-off-by: Hien Nguyen <hien@us.ibm.com>
Signed-off-by: Prasanna S Panchamukhi <prasanna@in.ibm.com>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-06-23 15:09:19 +08:00
|
|
|
EXPORT_SYMBOL_GPL(register_kretprobe);
|
|
|
|
EXPORT_SYMBOL_GPL(unregister_kretprobe);
|
|
|
|
|