1 /* 2 * Kernel Probes (KProbes) 3 * kernel/kprobes.c 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 18 * 19 * Copyright (C) IBM Corporation, 2002, 2004 20 * 21 * 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel 22 * Probes initial implementation (includes suggestions from 23 * Rusty Russell). 24 * 2004-Aug Updated by Prasanna S Panchamukhi <prasanna@in.ibm.com> with 25 * hlists and exceptions notifier as suggested by Andi Kleen. 26 * 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes 27 * interface to access function arguments. 28 * 2004-Sep Prasanna S Panchamukhi <prasanna@in.ibm.com> Changed Kprobes 29 * exceptions notifier to be first on the priority list. 30 * 2005-May Hien Nguyen <hien@us.ibm.com>, Jim Keniston 31 * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi 32 * <prasanna@in.ibm.com> added function-return probes. 33 */ 34 #include <linux/kprobes.h> 35 #include <linux/hash.h> 36 #include <linux/init.h> 37 #include <linux/slab.h> 38 #include <linux/stddef.h> 39 #include <linux/export.h> 40 #include <linux/moduleloader.h> 41 #include <linux/kallsyms.h> 42 #include <linux/freezer.h> 43 #include <linux/seq_file.h> 44 #include <linux/debugfs.h> 45 #include <linux/sysctl.h> 46 #include <linux/kdebug.h> 47 #include <linux/memory.h> 48 #include <linux/ftrace.h> 49 #include <linux/cpu.h> 50 #include <linux/jump_label.h> 51 52 #include <asm-generic/sections.h> 53 #include <asm/cacheflush.h> 54 #include <asm/errno.h> 55 #include <asm/uaccess.h> 56 57 #define KPROBE_HASH_BITS 6 58 #define KPROBE_TABLE_SIZE (1 << KPROBE_HASH_BITS) 59 60 61 /* 62 * Some oddball architectures like 64bit powerpc have function descriptors 63 * so this must be overridable. 64 */ 65 #ifndef kprobe_lookup_name 66 #define kprobe_lookup_name(name, addr) \ 67 addr = ((kprobe_opcode_t *)(kallsyms_lookup_name(name))) 68 #endif 69 70 static int kprobes_initialized; 71 static struct hlist_head kprobe_table[KPROBE_TABLE_SIZE]; 72 static struct hlist_head kretprobe_inst_table[KPROBE_TABLE_SIZE]; 73 74 /* NOTE: change this value only with kprobe_mutex held */ 75 static bool kprobes_all_disarmed; 76 77 /* This protects kprobe_table and optimizing_list */ 78 static DEFINE_MUTEX(kprobe_mutex); 79 static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL; 80 static struct { 81 raw_spinlock_t lock ____cacheline_aligned_in_smp; 82 } kretprobe_table_locks[KPROBE_TABLE_SIZE]; 83 84 static raw_spinlock_t *kretprobe_table_lock_ptr(unsigned long hash) 85 { 86 return &(kretprobe_table_locks[hash].lock); 87 } 88 89 /* 90 * Normally, functions that we'd want to prohibit kprobes in, are marked 91 * __kprobes. But, there are cases where such functions already belong to 92 * a different section (__sched for preempt_schedule) 93 * 94 * For such cases, we now have a blacklist 95 */ 96 static struct kprobe_blackpoint kprobe_blacklist[] = { 97 {"preempt_schedule",}, 98 {"native_get_debugreg",}, 99 {"irq_entries_start",}, 100 {"common_interrupt",}, 101 {"mcount",}, /* mcount can be called from everywhere */ 102 {NULL} /* Terminator */ 103 }; 104 105 #ifdef __ARCH_WANT_KPROBES_INSN_SLOT 106 /* 107 * kprobe->ainsn.insn points to the copy of the instruction to be 108 * single-stepped. x86_64, POWER4 and above have no-exec support and 109 * stepping on the instruction on a vmalloced/kmalloced/data page 110 * is a recipe for disaster 111 */ 112 struct kprobe_insn_page { 113 struct list_head list; 114 kprobe_opcode_t *insns; /* Page of instruction slots */ 115 int nused; 116 int ngarbage; 117 char slot_used[]; 118 }; 119 120 #define KPROBE_INSN_PAGE_SIZE(slots) \ 121 (offsetof(struct kprobe_insn_page, slot_used) + \ 122 (sizeof(char) * (slots))) 123 124 struct kprobe_insn_cache { 125 struct list_head pages; /* list of kprobe_insn_page */ 126 size_t insn_size; /* size of instruction slot */ 127 int nr_garbage; 128 }; 129 130 static int slots_per_page(struct kprobe_insn_cache *c) 131 { 132 return PAGE_SIZE/(c->insn_size * sizeof(kprobe_opcode_t)); 133 } 134 135 enum kprobe_slot_state { 136 SLOT_CLEAN = 0, 137 SLOT_DIRTY = 1, 138 SLOT_USED = 2, 139 }; 140 141 static DEFINE_MUTEX(kprobe_insn_mutex); /* Protects kprobe_insn_slots */ 142 static struct kprobe_insn_cache kprobe_insn_slots = { 143 .pages = LIST_HEAD_INIT(kprobe_insn_slots.pages), 144 .insn_size = MAX_INSN_SIZE, 145 .nr_garbage = 0, 146 }; 147 static int __kprobes collect_garbage_slots(struct kprobe_insn_cache *c); 148 149 /** 150 * __get_insn_slot() - Find a slot on an executable page for an instruction. 151 * We allocate an executable page if there's no room on existing ones. 152 */ 153 static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) 154 { 155 struct kprobe_insn_page *kip; 156 157 retry: 158 list_for_each_entry(kip, &c->pages, list) { 159 if (kip->nused < slots_per_page(c)) { 160 int i; 161 for (i = 0; i < slots_per_page(c); i++) { 162 if (kip->slot_used[i] == SLOT_CLEAN) { 163 kip->slot_used[i] = SLOT_USED; 164 kip->nused++; 165 return kip->insns + (i * c->insn_size); 166 } 167 } 168 /* kip->nused is broken. Fix it. */ 169 kip->nused = slots_per_page(c); 170 WARN_ON(1); 171 } 172 } 173 174 /* If there are any garbage slots, collect it and try again. */ 175 if (c->nr_garbage && collect_garbage_slots(c) == 0) 176 goto retry; 177 178 /* All out of space. Need to allocate a new page. */ 179 kip = kmalloc(KPROBE_INSN_PAGE_SIZE(slots_per_page(c)), GFP_KERNEL); 180 if (!kip) 181 return NULL; 182 183 /* 184 * Use module_alloc so this page is within +/- 2GB of where the 185 * kernel image and loaded module images reside. This is required 186 * so x86_64 can correctly handle the %rip-relative fixups. 187 */ 188 kip->insns = module_alloc(PAGE_SIZE); 189 if (!kip->insns) { 190 kfree(kip); 191 return NULL; 192 } 193 INIT_LIST_HEAD(&kip->list); 194 memset(kip->slot_used, SLOT_CLEAN, slots_per_page(c)); 195 kip->slot_used[0] = SLOT_USED; 196 kip->nused = 1; 197 kip->ngarbage = 0; 198 list_add(&kip->list, &c->pages); 199 return kip->insns; 200 } 201 202 203 kprobe_opcode_t __kprobes *get_insn_slot(void) 204 { 205 kprobe_opcode_t *ret = NULL; 206 207 mutex_lock(&kprobe_insn_mutex); 208 ret = __get_insn_slot(&kprobe_insn_slots); 209 mutex_unlock(&kprobe_insn_mutex); 210 211 return ret; 212 } 213 214 /* Return 1 if all garbages are collected, otherwise 0. */ 215 static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) 216 { 217 kip->slot_used[idx] = SLOT_CLEAN; 218 kip->nused--; 219 if (kip->nused == 0) { 220 /* 221 * Page is no longer in use. Free it unless 222 * it's the last one. We keep the last one 223 * so as not to have to set it up again the 224 * next time somebody inserts a probe. 225 */ 226 if (!list_is_singular(&kip->list)) { 227 list_del(&kip->list); 228 module_free(NULL, kip->insns); 229 kfree(kip); 230 } 231 return 1; 232 } 233 return 0; 234 } 235 236 static int __kprobes collect_garbage_slots(struct kprobe_insn_cache *c) 237 { 238 struct kprobe_insn_page *kip, *next; 239 240 /* Ensure no-one is interrupted on the garbages */ 241 synchronize_sched(); 242 243 list_for_each_entry_safe(kip, next, &c->pages, list) { 244 int i; 245 if (kip->ngarbage == 0) 246 continue; 247 kip->ngarbage = 0; /* we will collect all garbages */ 248 for (i = 0; i < slots_per_page(c); i++) { 249 if (kip->slot_used[i] == SLOT_DIRTY && 250 collect_one_slot(kip, i)) 251 break; 252 } 253 } 254 c->nr_garbage = 0; 255 return 0; 256 } 257 258 static void __kprobes __free_insn_slot(struct kprobe_insn_cache *c, 259 kprobe_opcode_t *slot, int dirty) 260 { 261 struct kprobe_insn_page *kip; 262 263 list_for_each_entry(kip, &c->pages, list) { 264 long idx = ((long)slot - (long)kip->insns) / 265 (c->insn_size * sizeof(kprobe_opcode_t)); 266 if (idx >= 0 && idx < slots_per_page(c)) { 267 WARN_ON(kip->slot_used[idx] != SLOT_USED); 268 if (dirty) { 269 kip->slot_used[idx] = SLOT_DIRTY; 270 kip->ngarbage++; 271 if (++c->nr_garbage > slots_per_page(c)) 272 collect_garbage_slots(c); 273 } else 274 collect_one_slot(kip, idx); 275 return; 276 } 277 } 278 /* Could not free this slot. */ 279 WARN_ON(1); 280 } 281 282 void __kprobes free_insn_slot(kprobe_opcode_t * slot, int dirty) 283 { 284 mutex_lock(&kprobe_insn_mutex); 285 __free_insn_slot(&kprobe_insn_slots, slot, dirty); 286 mutex_unlock(&kprobe_insn_mutex); 287 } 288 #ifdef CONFIG_OPTPROBES 289 /* For optimized_kprobe buffer */ 290 static DEFINE_MUTEX(kprobe_optinsn_mutex); /* Protects kprobe_optinsn_slots */ 291 static struct kprobe_insn_cache kprobe_optinsn_slots = { 292 .pages = LIST_HEAD_INIT(kprobe_optinsn_slots.pages), 293 /* .insn_size is initialized later */ 294 .nr_garbage = 0, 295 }; 296 /* Get a slot for optimized_kprobe buffer */ 297 kprobe_opcode_t __kprobes *get_optinsn_slot(void) 298 { 299 kprobe_opcode_t *ret = NULL; 300 301 mutex_lock(&kprobe_optinsn_mutex); 302 ret = __get_insn_slot(&kprobe_optinsn_slots); 303 mutex_unlock(&kprobe_optinsn_mutex); 304 305 return ret; 306 } 307 308 void __kprobes free_optinsn_slot(kprobe_opcode_t * slot, int dirty) 309 { 310 mutex_lock(&kprobe_optinsn_mutex); 311 __free_insn_slot(&kprobe_optinsn_slots, slot, dirty); 312 mutex_unlock(&kprobe_optinsn_mutex); 313 } 314 #endif 315 #endif 316 317 /* We have preemption disabled.. so it is safe to use __ versions */ 318 static inline void set_kprobe_instance(struct kprobe *kp) 319 { 320 __this_cpu_write(kprobe_instance, kp); 321 } 322 323 static inline void reset_kprobe_instance(void) 324 { 325 __this_cpu_write(kprobe_instance, NULL); 326 } 327 328 /* 329 * This routine is called either: 330 * - under the kprobe_mutex - during kprobe_[un]register() 331 * OR 332 * - with preemption disabled - from arch/xxx/kernel/kprobes.c 333 */ 334 struct kprobe __kprobes *get_kprobe(void *addr) 335 { 336 struct hlist_head *head; 337 struct kprobe *p; 338 339 head = &kprobe_table[hash_ptr(addr, KPROBE_HASH_BITS)]; 340 hlist_for_each_entry_rcu(p, head, hlist) { 341 if (p->addr == addr) 342 return p; 343 } 344 345 return NULL; 346 } 347 348 static int __kprobes aggr_pre_handler(struct kprobe *p, struct pt_regs *regs); 349 350 /* Return true if the kprobe is an aggregator */ 351 static inline int kprobe_aggrprobe(struct kprobe *p) 352 { 353 return p->pre_handler == aggr_pre_handler; 354 } 355 356 /* Return true(!0) if the kprobe is unused */ 357 static inline int kprobe_unused(struct kprobe *p) 358 { 359 return kprobe_aggrprobe(p) && kprobe_disabled(p) && 360 list_empty(&p->list); 361 } 362 363 /* 364 * Keep all fields in the kprobe consistent 365 */ 366 static inline void copy_kprobe(struct kprobe *ap, struct kprobe *p) 367 { 368 memcpy(&p->opcode, &ap->opcode, sizeof(kprobe_opcode_t)); 369 memcpy(&p->ainsn, &ap->ainsn, sizeof(struct arch_specific_insn)); 370 } 371 372 #ifdef CONFIG_OPTPROBES 373 /* NOTE: change this value only with kprobe_mutex held */ 374 static bool kprobes_allow_optimization; 375 376 /* 377 * Call all pre_handler on the list, but ignores its return value. 378 * This must be called from arch-dep optimized caller. 379 */ 380 void __kprobes opt_pre_handler(struct kprobe *p, struct pt_regs *regs) 381 { 382 struct kprobe *kp; 383 384 list_for_each_entry_rcu(kp, &p->list, list) { 385 if (kp->pre_handler && likely(!kprobe_disabled(kp))) { 386 set_kprobe_instance(kp); 387 kp->pre_handler(kp, regs); 388 } 389 reset_kprobe_instance(); 390 } 391 } 392 393 /* Free optimized instructions and optimized_kprobe */ 394 static __kprobes void free_aggr_kprobe(struct kprobe *p) 395 { 396 struct optimized_kprobe *op; 397 398 op = container_of(p, struct optimized_kprobe, kp); 399 arch_remove_optimized_kprobe(op); 400 arch_remove_kprobe(p); 401 kfree(op); 402 } 403 404 /* Return true(!0) if the kprobe is ready for optimization. */ 405 static inline int kprobe_optready(struct kprobe *p) 406 { 407 struct optimized_kprobe *op; 408 409 if (kprobe_aggrprobe(p)) { 410 op = container_of(p, struct optimized_kprobe, kp); 411 return arch_prepared_optinsn(&op->optinsn); 412 } 413 414 return 0; 415 } 416 417 /* Return true(!0) if the kprobe is disarmed. Note: p must be on hash list */ 418 static inline int kprobe_disarmed(struct kprobe *p) 419 { 420 struct optimized_kprobe *op; 421 422 /* If kprobe is not aggr/opt probe, just return kprobe is disabled */ 423 if (!kprobe_aggrprobe(p)) 424 return kprobe_disabled(p); 425 426 op = container_of(p, struct optimized_kprobe, kp); 427 428 return kprobe_disabled(p) && list_empty(&op->list); 429 } 430 431 /* Return true(!0) if the probe is queued on (un)optimizing lists */ 432 static int __kprobes kprobe_queued(struct kprobe *p) 433 { 434 struct optimized_kprobe *op; 435 436 if (kprobe_aggrprobe(p)) { 437 op = container_of(p, struct optimized_kprobe, kp); 438 if (!list_empty(&op->list)) 439 return 1; 440 } 441 return 0; 442 } 443 444 /* 445 * Return an optimized kprobe whose optimizing code replaces 446 * instructions including addr (exclude breakpoint). 447 */ 448 static struct kprobe *__kprobes get_optimized_kprobe(unsigned long addr) 449 { 450 int i; 451 struct kprobe *p = NULL; 452 struct optimized_kprobe *op; 453 454 /* Don't check i == 0, since that is a breakpoint case. */ 455 for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH; i++) 456 p = get_kprobe((void *)(addr - i)); 457 458 if (p && kprobe_optready(p)) { 459 op = container_of(p, struct optimized_kprobe, kp); 460 if (arch_within_optimized_kprobe(op, addr)) 461 return p; 462 } 463 464 return NULL; 465 } 466 467 /* Optimization staging list, protected by kprobe_mutex */ 468 static LIST_HEAD(optimizing_list); 469 static LIST_HEAD(unoptimizing_list); 470 471 static void kprobe_optimizer(struct work_struct *work); 472 static DECLARE_DELAYED_WORK(optimizing_work, kprobe_optimizer); 473 #define OPTIMIZE_DELAY 5 474 475 /* 476 * Optimize (replace a breakpoint with a jump) kprobes listed on 477 * optimizing_list. 478 */ 479 static __kprobes void do_optimize_kprobes(void) 480 { 481 /* Optimization never be done when disarmed */ 482 if (kprobes_all_disarmed || !kprobes_allow_optimization || 483 list_empty(&optimizing_list)) 484 return; 485 486 /* 487 * The optimization/unoptimization refers online_cpus via 488 * stop_machine() and cpu-hotplug modifies online_cpus. 489 * And same time, text_mutex will be held in cpu-hotplug and here. 490 * This combination can cause a deadlock (cpu-hotplug try to lock 491 * text_mutex but stop_machine can not be done because online_cpus 492 * has been changed) 493 * To avoid this deadlock, we need to call get_online_cpus() 494 * for preventing cpu-hotplug outside of text_mutex locking. 495 */ 496 get_online_cpus(); 497 mutex_lock(&text_mutex); 498 arch_optimize_kprobes(&optimizing_list); 499 mutex_unlock(&text_mutex); 500 put_online_cpus(); 501 } 502 503 /* 504 * Unoptimize (replace a jump with a breakpoint and remove the breakpoint 505 * if need) kprobes listed on unoptimizing_list. 506 */ 507 static __kprobes void do_unoptimize_kprobes(struct list_head *free_list) 508 { 509 struct optimized_kprobe *op, *tmp; 510 511 /* Unoptimization must be done anytime */ 512 if (list_empty(&unoptimizing_list)) 513 return; 514 515 /* Ditto to do_optimize_kprobes */ 516 get_online_cpus(); 517 mutex_lock(&text_mutex); 518 arch_unoptimize_kprobes(&unoptimizing_list, free_list); 519 /* Loop free_list for disarming */ 520 list_for_each_entry_safe(op, tmp, free_list, list) { 521 /* Disarm probes if marked disabled */ 522 if (kprobe_disabled(&op->kp)) 523 arch_disarm_kprobe(&op->kp); 524 if (kprobe_unused(&op->kp)) { 525 /* 526 * Remove unused probes from hash list. After waiting 527 * for synchronization, these probes are reclaimed. 528 * (reclaiming is done by do_free_cleaned_kprobes.) 529 */ 530 hlist_del_rcu(&op->kp.hlist); 531 } else 532 list_del_init(&op->list); 533 } 534 mutex_unlock(&text_mutex); 535 put_online_cpus(); 536 } 537 538 /* Reclaim all kprobes on the free_list */ 539 static __kprobes void do_free_cleaned_kprobes(struct list_head *free_list) 540 { 541 struct optimized_kprobe *op, *tmp; 542 543 list_for_each_entry_safe(op, tmp, free_list, list) { 544 BUG_ON(!kprobe_unused(&op->kp)); 545 list_del_init(&op->list); 546 free_aggr_kprobe(&op->kp); 547 } 548 } 549 550 /* Start optimizer after OPTIMIZE_DELAY passed */ 551 static __kprobes void kick_kprobe_optimizer(void) 552 { 553 schedule_delayed_work(&optimizing_work, OPTIMIZE_DELAY); 554 } 555 556 /* Kprobe jump optimizer */ 557 static __kprobes void kprobe_optimizer(struct work_struct *work) 558 { 559 LIST_HEAD(free_list); 560 561 mutex_lock(&kprobe_mutex); 562 /* Lock modules while optimizing kprobes */ 563 mutex_lock(&module_mutex); 564 565 /* 566 * Step 1: Unoptimize kprobes and collect cleaned (unused and disarmed) 567 * kprobes before waiting for quiesence period. 568 */ 569 do_unoptimize_kprobes(&free_list); 570 571 /* 572 * Step 2: Wait for quiesence period to ensure all running interrupts 573 * are done. Because optprobe may modify multiple instructions 574 * there is a chance that Nth instruction is interrupted. In that 575 * case, running interrupt can return to 2nd-Nth byte of jump 576 * instruction. This wait is for avoiding it. 577 */ 578 synchronize_sched(); 579 580 /* Step 3: Optimize kprobes after quiesence period */ 581 do_optimize_kprobes(); 582 583 /* Step 4: Free cleaned kprobes after quiesence period */ 584 do_free_cleaned_kprobes(&free_list); 585 586 mutex_unlock(&module_mutex); 587 mutex_unlock(&kprobe_mutex); 588 589 /* Step 5: Kick optimizer again if needed */ 590 if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) 591 kick_kprobe_optimizer(); 592 } 593 594 /* Wait for completing optimization and unoptimization */ 595 static __kprobes void wait_for_kprobe_optimizer(void) 596 { 597 mutex_lock(&kprobe_mutex); 598 599 while (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) { 600 mutex_unlock(&kprobe_mutex); 601 602 /* this will also make optimizing_work execute immmediately */ 603 flush_delayed_work(&optimizing_work); 604 /* @optimizing_work might not have been queued yet, relax */ 605 cpu_relax(); 606 607 mutex_lock(&kprobe_mutex); 608 } 609 610 mutex_unlock(&kprobe_mutex); 611 } 612 613 /* Optimize kprobe if p is ready to be optimized */ 614 static __kprobes void optimize_kprobe(struct kprobe *p) 615 { 616 struct optimized_kprobe *op; 617 618 /* Check if the kprobe is disabled or not ready for optimization. */ 619 if (!kprobe_optready(p) || !kprobes_allow_optimization || 620 (kprobe_disabled(p) || kprobes_all_disarmed)) 621 return; 622 623 /* Both of break_handler and post_handler are not supported. */ 624 if (p->break_handler || p->post_handler) 625 return; 626 627 op = container_of(p, struct optimized_kprobe, kp); 628 629 /* Check there is no other kprobes at the optimized instructions */ 630 if (arch_check_optimized_kprobe(op) < 0) 631 return; 632 633 /* Check if it is already optimized. */ 634 if (op->kp.flags & KPROBE_FLAG_OPTIMIZED) 635 return; 636 op->kp.flags |= KPROBE_FLAG_OPTIMIZED; 637 638 if (!list_empty(&op->list)) 639 /* This is under unoptimizing. Just dequeue the probe */ 640 list_del_init(&op->list); 641 else { 642 list_add(&op->list, &optimizing_list); 643 kick_kprobe_optimizer(); 644 } 645 } 646 647 /* Short cut to direct unoptimizing */ 648 static __kprobes void force_unoptimize_kprobe(struct optimized_kprobe *op) 649 { 650 get_online_cpus(); 651 arch_unoptimize_kprobe(op); 652 put_online_cpus(); 653 if (kprobe_disabled(&op->kp)) 654 arch_disarm_kprobe(&op->kp); 655 } 656 657 /* Unoptimize a kprobe if p is optimized */ 658 static __kprobes void unoptimize_kprobe(struct kprobe *p, bool force) 659 { 660 struct optimized_kprobe *op; 661 662 if (!kprobe_aggrprobe(p) || kprobe_disarmed(p)) 663 return; /* This is not an optprobe nor optimized */ 664 665 op = container_of(p, struct optimized_kprobe, kp); 666 if (!kprobe_optimized(p)) { 667 /* Unoptimized or unoptimizing case */ 668 if (force && !list_empty(&op->list)) { 669 /* 670 * Only if this is unoptimizing kprobe and forced, 671 * forcibly unoptimize it. (No need to unoptimize 672 * unoptimized kprobe again :) 673 */ 674 list_del_init(&op->list); 675 force_unoptimize_kprobe(op); 676 } 677 return; 678 } 679 680 op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; 681 if (!list_empty(&op->list)) { 682 /* Dequeue from the optimization queue */ 683 list_del_init(&op->list); 684 return; 685 } 686 /* Optimized kprobe case */ 687 if (force) 688 /* Forcibly update the code: this is a special case */ 689 force_unoptimize_kprobe(op); 690 else { 691 list_add(&op->list, &unoptimizing_list); 692 kick_kprobe_optimizer(); 693 } 694 } 695 696 /* Cancel unoptimizing for reusing */ 697 static void reuse_unused_kprobe(struct kprobe *ap) 698 { 699 struct optimized_kprobe *op; 700 701 BUG_ON(!kprobe_unused(ap)); 702 /* 703 * Unused kprobe MUST be on the way of delayed unoptimizing (means 704 * there is still a relative jump) and disabled. 705 */ 706 op = container_of(ap, struct optimized_kprobe, kp); 707 if (unlikely(list_empty(&op->list))) 708 printk(KERN_WARNING "Warning: found a stray unused " 709 "aggrprobe@%p\n", ap->addr); 710 /* Enable the probe again */ 711 ap->flags &= ~KPROBE_FLAG_DISABLED; 712 /* Optimize it again (remove from op->list) */ 713 BUG_ON(!kprobe_optready(ap)); 714 optimize_kprobe(ap); 715 } 716 717 /* Remove optimized instructions */ 718 static void __kprobes kill_optimized_kprobe(struct kprobe *p) 719 { 720 struct optimized_kprobe *op; 721 722 op = container_of(p, struct optimized_kprobe, kp); 723 if (!list_empty(&op->list)) 724 /* Dequeue from the (un)optimization queue */ 725 list_del_init(&op->list); 726 727 op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; 728 /* Don't touch the code, because it is already freed. */ 729 arch_remove_optimized_kprobe(op); 730 } 731 732 /* Try to prepare optimized instructions */ 733 static __kprobes void prepare_optimized_kprobe(struct kprobe *p) 734 { 735 struct optimized_kprobe *op; 736 737 op = container_of(p, struct optimized_kprobe, kp); 738 arch_prepare_optimized_kprobe(op); 739 } 740 741 /* Allocate new optimized_kprobe and try to prepare optimized instructions */ 742 static __kprobes struct kprobe *alloc_aggr_kprobe(struct kprobe *p) 743 { 744 struct optimized_kprobe *op; 745 746 op = kzalloc(sizeof(struct optimized_kprobe), GFP_KERNEL); 747 if (!op) 748 return NULL; 749 750 INIT_LIST_HEAD(&op->list); 751 op->kp.addr = p->addr; 752 arch_prepare_optimized_kprobe(op); 753 754 return &op->kp; 755 } 756 757 static void __kprobes init_aggr_kprobe(struct kprobe *ap, struct kprobe *p); 758 759 /* 760 * Prepare an optimized_kprobe and optimize it 761 * NOTE: p must be a normal registered kprobe 762 */ 763 static __kprobes void try_to_optimize_kprobe(struct kprobe *p) 764 { 765 struct kprobe *ap; 766 struct optimized_kprobe *op; 767 768 /* Impossible to optimize ftrace-based kprobe */ 769 if (kprobe_ftrace(p)) 770 return; 771 772 /* For preparing optimization, jump_label_text_reserved() is called */ 773 jump_label_lock(); 774 mutex_lock(&text_mutex); 775 776 ap = alloc_aggr_kprobe(p); 777 if (!ap) 778 goto out; 779 780 op = container_of(ap, struct optimized_kprobe, kp); 781 if (!arch_prepared_optinsn(&op->optinsn)) { 782 /* If failed to setup optimizing, fallback to kprobe */ 783 arch_remove_optimized_kprobe(op); 784 kfree(op); 785 goto out; 786 } 787 788 init_aggr_kprobe(ap, p); 789 optimize_kprobe(ap); /* This just kicks optimizer thread */ 790 791 out: 792 mutex_unlock(&text_mutex); 793 jump_label_unlock(); 794 } 795 796 #ifdef CONFIG_SYSCTL 797 static void __kprobes optimize_all_kprobes(void) 798 { 799 struct hlist_head *head; 800 struct kprobe *p; 801 unsigned int i; 802 803 mutex_lock(&kprobe_mutex); 804 /* If optimization is already allowed, just return */ 805 if (kprobes_allow_optimization) 806 goto out; 807 808 kprobes_allow_optimization = true; 809 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 810 head = &kprobe_table[i]; 811 hlist_for_each_entry_rcu(p, head, hlist) 812 if (!kprobe_disabled(p)) 813 optimize_kprobe(p); 814 } 815 printk(KERN_INFO "Kprobes globally optimized\n"); 816 out: 817 mutex_unlock(&kprobe_mutex); 818 } 819 820 static void __kprobes unoptimize_all_kprobes(void) 821 { 822 struct hlist_head *head; 823 struct kprobe *p; 824 unsigned int i; 825 826 mutex_lock(&kprobe_mutex); 827 /* If optimization is already prohibited, just return */ 828 if (!kprobes_allow_optimization) { 829 mutex_unlock(&kprobe_mutex); 830 return; 831 } 832 833 kprobes_allow_optimization = false; 834 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 835 head = &kprobe_table[i]; 836 hlist_for_each_entry_rcu(p, head, hlist) { 837 if (!kprobe_disabled(p)) 838 unoptimize_kprobe(p, false); 839 } 840 } 841 mutex_unlock(&kprobe_mutex); 842 843 /* Wait for unoptimizing completion */ 844 wait_for_kprobe_optimizer(); 845 printk(KERN_INFO "Kprobes globally unoptimized\n"); 846 } 847 848 static DEFINE_MUTEX(kprobe_sysctl_mutex); 849 int sysctl_kprobes_optimization; 850 int proc_kprobes_optimization_handler(struct ctl_table *table, int write, 851 void __user *buffer, size_t *length, 852 loff_t *ppos) 853 { 854 int ret; 855 856 mutex_lock(&kprobe_sysctl_mutex); 857 sysctl_kprobes_optimization = kprobes_allow_optimization ? 1 : 0; 858 ret = proc_dointvec_minmax(table, write, buffer, length, ppos); 859 860 if (sysctl_kprobes_optimization) 861 optimize_all_kprobes(); 862 else 863 unoptimize_all_kprobes(); 864 mutex_unlock(&kprobe_sysctl_mutex); 865 866 return ret; 867 } 868 #endif /* CONFIG_SYSCTL */ 869 870 /* Put a breakpoint for a probe. Must be called with text_mutex locked */ 871 static void __kprobes __arm_kprobe(struct kprobe *p) 872 { 873 struct kprobe *_p; 874 875 /* Check collision with other optimized kprobes */ 876 _p = get_optimized_kprobe((unsigned long)p->addr); 877 if (unlikely(_p)) 878 /* Fallback to unoptimized kprobe */ 879 unoptimize_kprobe(_p, true); 880 881 arch_arm_kprobe(p); 882 optimize_kprobe(p); /* Try to optimize (add kprobe to a list) */ 883 } 884 885 /* Remove the breakpoint of a probe. Must be called with text_mutex locked */ 886 static void __kprobes __disarm_kprobe(struct kprobe *p, bool reopt) 887 { 888 struct kprobe *_p; 889 890 unoptimize_kprobe(p, false); /* Try to unoptimize */ 891 892 if (!kprobe_queued(p)) { 893 arch_disarm_kprobe(p); 894 /* If another kprobe was blocked, optimize it. */ 895 _p = get_optimized_kprobe((unsigned long)p->addr); 896 if (unlikely(_p) && reopt) 897 optimize_kprobe(_p); 898 } 899 /* TODO: reoptimize others after unoptimized this probe */ 900 } 901 902 #else /* !CONFIG_OPTPROBES */ 903 904 #define optimize_kprobe(p) do {} while (0) 905 #define unoptimize_kprobe(p, f) do {} while (0) 906 #define kill_optimized_kprobe(p) do {} while (0) 907 #define prepare_optimized_kprobe(p) do {} while (0) 908 #define try_to_optimize_kprobe(p) do {} while (0) 909 #define __arm_kprobe(p) arch_arm_kprobe(p) 910 #define __disarm_kprobe(p, o) arch_disarm_kprobe(p) 911 #define kprobe_disarmed(p) kprobe_disabled(p) 912 #define wait_for_kprobe_optimizer() do {} while (0) 913 914 /* There should be no unused kprobes can be reused without optimization */ 915 static void reuse_unused_kprobe(struct kprobe *ap) 916 { 917 printk(KERN_ERR "Error: There should be no unused kprobe here.\n"); 918 BUG_ON(kprobe_unused(ap)); 919 } 920 921 static __kprobes void free_aggr_kprobe(struct kprobe *p) 922 { 923 arch_remove_kprobe(p); 924 kfree(p); 925 } 926 927 static __kprobes struct kprobe *alloc_aggr_kprobe(struct kprobe *p) 928 { 929 return kzalloc(sizeof(struct kprobe), GFP_KERNEL); 930 } 931 #endif /* CONFIG_OPTPROBES */ 932 933 #ifdef CONFIG_KPROBES_ON_FTRACE 934 static struct ftrace_ops kprobe_ftrace_ops __read_mostly = { 935 .func = kprobe_ftrace_handler, 936 .flags = FTRACE_OPS_FL_SAVE_REGS, 937 }; 938 static int kprobe_ftrace_enabled; 939 940 /* Must ensure p->addr is really on ftrace */ 941 static int __kprobes prepare_kprobe(struct kprobe *p) 942 { 943 if (!kprobe_ftrace(p)) 944 return arch_prepare_kprobe(p); 945 946 return arch_prepare_kprobe_ftrace(p); 947 } 948 949 /* Caller must lock kprobe_mutex */ 950 static void __kprobes arm_kprobe_ftrace(struct kprobe *p) 951 { 952 int ret; 953 954 ret = ftrace_set_filter_ip(&kprobe_ftrace_ops, 955 (unsigned long)p->addr, 0, 0); 956 WARN(ret < 0, "Failed to arm kprobe-ftrace at %p (%d)\n", p->addr, ret); 957 kprobe_ftrace_enabled++; 958 if (kprobe_ftrace_enabled == 1) { 959 ret = register_ftrace_function(&kprobe_ftrace_ops); 960 WARN(ret < 0, "Failed to init kprobe-ftrace (%d)\n", ret); 961 } 962 } 963 964 /* Caller must lock kprobe_mutex */ 965 static void __kprobes disarm_kprobe_ftrace(struct kprobe *p) 966 { 967 int ret; 968 969 kprobe_ftrace_enabled--; 970 if (kprobe_ftrace_enabled == 0) { 971 ret = unregister_ftrace_function(&kprobe_ftrace_ops); 972 WARN(ret < 0, "Failed to init kprobe-ftrace (%d)\n", ret); 973 } 974 ret = ftrace_set_filter_ip(&kprobe_ftrace_ops, 975 (unsigned long)p->addr, 1, 0); 976 WARN(ret < 0, "Failed to disarm kprobe-ftrace at %p (%d)\n", p->addr, ret); 977 } 978 #else /* !CONFIG_KPROBES_ON_FTRACE */ 979 #define prepare_kprobe(p) arch_prepare_kprobe(p) 980 #define arm_kprobe_ftrace(p) do {} while (0) 981 #define disarm_kprobe_ftrace(p) do {} while (0) 982 #endif 983 984 /* Arm a kprobe with text_mutex */ 985 static void __kprobes arm_kprobe(struct kprobe *kp) 986 { 987 if (unlikely(kprobe_ftrace(kp))) { 988 arm_kprobe_ftrace(kp); 989 return; 990 } 991 /* 992 * Here, since __arm_kprobe() doesn't use stop_machine(), 993 * this doesn't cause deadlock on text_mutex. So, we don't 994 * need get_online_cpus(). 995 */ 996 mutex_lock(&text_mutex); 997 __arm_kprobe(kp); 998 mutex_unlock(&text_mutex); 999 } 1000 1001 /* Disarm a kprobe with text_mutex */ 1002 static void __kprobes disarm_kprobe(struct kprobe *kp, bool reopt) 1003 { 1004 if (unlikely(kprobe_ftrace(kp))) { 1005 disarm_kprobe_ftrace(kp); 1006 return; 1007 } 1008 /* Ditto */ 1009 mutex_lock(&text_mutex); 1010 __disarm_kprobe(kp, reopt); 1011 mutex_unlock(&text_mutex); 1012 } 1013 1014 /* 1015 * Aggregate handlers for multiple kprobes support - these handlers 1016 * take care of invoking the individual kprobe handlers on p->list 1017 */ 1018 static int __kprobes aggr_pre_handler(struct kprobe *p, struct pt_regs *regs) 1019 { 1020 struct kprobe *kp; 1021 1022 list_for_each_entry_rcu(kp, &p->list, list) { 1023 if (kp->pre_handler && likely(!kprobe_disabled(kp))) { 1024 set_kprobe_instance(kp); 1025 if (kp->pre_handler(kp, regs)) 1026 return 1; 1027 } 1028 reset_kprobe_instance(); 1029 } 1030 return 0; 1031 } 1032 1033 static void __kprobes aggr_post_handler(struct kprobe *p, struct pt_regs *regs, 1034 unsigned long flags) 1035 { 1036 struct kprobe *kp; 1037 1038 list_for_each_entry_rcu(kp, &p->list, list) { 1039 if (kp->post_handler && likely(!kprobe_disabled(kp))) { 1040 set_kprobe_instance(kp); 1041 kp->post_handler(kp, regs, flags); 1042 reset_kprobe_instance(); 1043 } 1044 } 1045 } 1046 1047 static int __kprobes aggr_fault_handler(struct kprobe *p, struct pt_regs *regs, 1048 int trapnr) 1049 { 1050 struct kprobe *cur = __this_cpu_read(kprobe_instance); 1051 1052 /* 1053 * if we faulted "during" the execution of a user specified 1054 * probe handler, invoke just that probe's fault handler 1055 */ 1056 if (cur && cur->fault_handler) { 1057 if (cur->fault_handler(cur, regs, trapnr)) 1058 return 1; 1059 } 1060 return 0; 1061 } 1062 1063 static int __kprobes aggr_break_handler(struct kprobe *p, struct pt_regs *regs) 1064 { 1065 struct kprobe *cur = __this_cpu_read(kprobe_instance); 1066 int ret = 0; 1067 1068 if (cur && cur->break_handler) { 1069 if (cur->break_handler(cur, regs)) 1070 ret = 1; 1071 } 1072 reset_kprobe_instance(); 1073 return ret; 1074 } 1075 1076 /* Walks the list and increments nmissed count for multiprobe case */ 1077 void __kprobes kprobes_inc_nmissed_count(struct kprobe *p) 1078 { 1079 struct kprobe *kp; 1080 if (!kprobe_aggrprobe(p)) { 1081 p->nmissed++; 1082 } else { 1083 list_for_each_entry_rcu(kp, &p->list, list) 1084 kp->nmissed++; 1085 } 1086 return; 1087 } 1088 1089 void __kprobes recycle_rp_inst(struct kretprobe_instance *ri, 1090 struct hlist_head *head) 1091 { 1092 struct kretprobe *rp = ri->rp; 1093 1094 /* remove rp inst off the rprobe_inst_table */ 1095 hlist_del(&ri->hlist); 1096 INIT_HLIST_NODE(&ri->hlist); 1097 if (likely(rp)) { 1098 raw_spin_lock(&rp->lock); 1099 hlist_add_head(&ri->hlist, &rp->free_instances); 1100 raw_spin_unlock(&rp->lock); 1101 } else 1102 /* Unregistering */ 1103 hlist_add_head(&ri->hlist, head); 1104 } 1105 1106 void __kprobes kretprobe_hash_lock(struct task_struct *tsk, 1107 struct hlist_head **head, unsigned long *flags) 1108 __acquires(hlist_lock) 1109 { 1110 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS); 1111 raw_spinlock_t *hlist_lock; 1112 1113 *head = &kretprobe_inst_table[hash]; 1114 hlist_lock = kretprobe_table_lock_ptr(hash); 1115 raw_spin_lock_irqsave(hlist_lock, *flags); 1116 } 1117 1118 static void __kprobes kretprobe_table_lock(unsigned long hash, 1119 unsigned long *flags) 1120 __acquires(hlist_lock) 1121 { 1122 raw_spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash); 1123 raw_spin_lock_irqsave(hlist_lock, *flags); 1124 } 1125 1126 void __kprobes kretprobe_hash_unlock(struct task_struct *tsk, 1127 unsigned long *flags) 1128 __releases(hlist_lock) 1129 { 1130 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS); 1131 raw_spinlock_t *hlist_lock; 1132 1133 hlist_lock = kretprobe_table_lock_ptr(hash); 1134 raw_spin_unlock_irqrestore(hlist_lock, *flags); 1135 } 1136 1137 static void __kprobes kretprobe_table_unlock(unsigned long hash, 1138 unsigned long *flags) 1139 __releases(hlist_lock) 1140 { 1141 raw_spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash); 1142 raw_spin_unlock_irqrestore(hlist_lock, *flags); 1143 } 1144 1145 /* 1146 * This function is called from finish_task_switch when task tk becomes dead, 1147 * so that we can recycle any function-return probe instances associated 1148 * with this task. These left over instances represent probed functions 1149 * that have been called but will never return. 1150 */ 1151 void __kprobes kprobe_flush_task(struct task_struct *tk) 1152 { 1153 struct kretprobe_instance *ri; 1154 struct hlist_head *head, empty_rp; 1155 struct hlist_node *tmp; 1156 unsigned long hash, flags = 0; 1157 1158 if (unlikely(!kprobes_initialized)) 1159 /* Early boot. kretprobe_table_locks not yet initialized. */ 1160 return; 1161 1162 INIT_HLIST_HEAD(&empty_rp); 1163 hash = hash_ptr(tk, KPROBE_HASH_BITS); 1164 head = &kretprobe_inst_table[hash]; 1165 kretprobe_table_lock(hash, &flags); 1166 hlist_for_each_entry_safe(ri, tmp, head, hlist) { 1167 if (ri->task == tk) 1168 recycle_rp_inst(ri, &empty_rp); 1169 } 1170 kretprobe_table_unlock(hash, &flags); 1171 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { 1172 hlist_del(&ri->hlist); 1173 kfree(ri); 1174 } 1175 } 1176 1177 static inline void free_rp_inst(struct kretprobe *rp) 1178 { 1179 struct kretprobe_instance *ri; 1180 struct hlist_node *next; 1181 1182 hlist_for_each_entry_safe(ri, next, &rp->free_instances, hlist) { 1183 hlist_del(&ri->hlist); 1184 kfree(ri); 1185 } 1186 } 1187 1188 static void __kprobes cleanup_rp_inst(struct kretprobe *rp) 1189 { 1190 unsigned long flags, hash; 1191 struct kretprobe_instance *ri; 1192 struct hlist_node *next; 1193 struct hlist_head *head; 1194 1195 /* No race here */ 1196 for (hash = 0; hash < KPROBE_TABLE_SIZE; hash++) { 1197 kretprobe_table_lock(hash, &flags); 1198 head = &kretprobe_inst_table[hash]; 1199 hlist_for_each_entry_safe(ri, next, head, hlist) { 1200 if (ri->rp == rp) 1201 ri->rp = NULL; 1202 } 1203 kretprobe_table_unlock(hash, &flags); 1204 } 1205 free_rp_inst(rp); 1206 } 1207 1208 /* 1209 * Add the new probe to ap->list. Fail if this is the 1210 * second jprobe at the address - two jprobes can't coexist 1211 */ 1212 static int __kprobes add_new_kprobe(struct kprobe *ap, struct kprobe *p) 1213 { 1214 BUG_ON(kprobe_gone(ap) || kprobe_gone(p)); 1215 1216 if (p->break_handler || p->post_handler) 1217 unoptimize_kprobe(ap, true); /* Fall back to normal kprobe */ 1218 1219 if (p->break_handler) { 1220 if (ap->break_handler) 1221 return -EEXIST; 1222 list_add_tail_rcu(&p->list, &ap->list); 1223 ap->break_handler = aggr_break_handler; 1224 } else 1225 list_add_rcu(&p->list, &ap->list); 1226 if (p->post_handler && !ap->post_handler) 1227 ap->post_handler = aggr_post_handler; 1228 1229 return 0; 1230 } 1231 1232 /* 1233 * Fill in the required fields of the "manager kprobe". Replace the 1234 * earlier kprobe in the hlist with the manager kprobe 1235 */ 1236 static void __kprobes init_aggr_kprobe(struct kprobe *ap, struct kprobe *p) 1237 { 1238 /* Copy p's insn slot to ap */ 1239 copy_kprobe(p, ap); 1240 flush_insn_slot(ap); 1241 ap->addr = p->addr; 1242 ap->flags = p->flags & ~KPROBE_FLAG_OPTIMIZED; 1243 ap->pre_handler = aggr_pre_handler; 1244 ap->fault_handler = aggr_fault_handler; 1245 /* We don't care the kprobe which has gone. */ 1246 if (p->post_handler && !kprobe_gone(p)) 1247 ap->post_handler = aggr_post_handler; 1248 if (p->break_handler && !kprobe_gone(p)) 1249 ap->break_handler = aggr_break_handler; 1250 1251 INIT_LIST_HEAD(&ap->list); 1252 INIT_HLIST_NODE(&ap->hlist); 1253 1254 list_add_rcu(&p->list, &ap->list); 1255 hlist_replace_rcu(&p->hlist, &ap->hlist); 1256 } 1257 1258 /* 1259 * This is the second or subsequent kprobe at the address - handle 1260 * the intricacies 1261 */ 1262 static int __kprobes register_aggr_kprobe(struct kprobe *orig_p, 1263 struct kprobe *p) 1264 { 1265 int ret = 0; 1266 struct kprobe *ap = orig_p; 1267 1268 /* For preparing optimization, jump_label_text_reserved() is called */ 1269 jump_label_lock(); 1270 /* 1271 * Get online CPUs to avoid text_mutex deadlock.with stop machine, 1272 * which is invoked by unoptimize_kprobe() in add_new_kprobe() 1273 */ 1274 get_online_cpus(); 1275 mutex_lock(&text_mutex); 1276 1277 if (!kprobe_aggrprobe(orig_p)) { 1278 /* If orig_p is not an aggr_kprobe, create new aggr_kprobe. */ 1279 ap = alloc_aggr_kprobe(orig_p); 1280 if (!ap) { 1281 ret = -ENOMEM; 1282 goto out; 1283 } 1284 init_aggr_kprobe(ap, orig_p); 1285 } else if (kprobe_unused(ap)) 1286 /* This probe is going to die. Rescue it */ 1287 reuse_unused_kprobe(ap); 1288 1289 if (kprobe_gone(ap)) { 1290 /* 1291 * Attempting to insert new probe at the same location that 1292 * had a probe in the module vaddr area which already 1293 * freed. So, the instruction slot has already been 1294 * released. We need a new slot for the new probe. 1295 */ 1296 ret = arch_prepare_kprobe(ap); 1297 if (ret) 1298 /* 1299 * Even if fail to allocate new slot, don't need to 1300 * free aggr_probe. It will be used next time, or 1301 * freed by unregister_kprobe. 1302 */ 1303 goto out; 1304 1305 /* Prepare optimized instructions if possible. */ 1306 prepare_optimized_kprobe(ap); 1307 1308 /* 1309 * Clear gone flag to prevent allocating new slot again, and 1310 * set disabled flag because it is not armed yet. 1311 */ 1312 ap->flags = (ap->flags & ~KPROBE_FLAG_GONE) 1313 | KPROBE_FLAG_DISABLED; 1314 } 1315 1316 /* Copy ap's insn slot to p */ 1317 copy_kprobe(ap, p); 1318 ret = add_new_kprobe(ap, p); 1319 1320 out: 1321 mutex_unlock(&text_mutex); 1322 put_online_cpus(); 1323 jump_label_unlock(); 1324 1325 if (ret == 0 && kprobe_disabled(ap) && !kprobe_disabled(p)) { 1326 ap->flags &= ~KPROBE_FLAG_DISABLED; 1327 if (!kprobes_all_disarmed) 1328 /* Arm the breakpoint again. */ 1329 arm_kprobe(ap); 1330 } 1331 return ret; 1332 } 1333 1334 static int __kprobes in_kprobes_functions(unsigned long addr) 1335 { 1336 struct kprobe_blackpoint *kb; 1337 1338 if (addr >= (unsigned long)__kprobes_text_start && 1339 addr < (unsigned long)__kprobes_text_end) 1340 return -EINVAL; 1341 /* 1342 * If there exists a kprobe_blacklist, verify and 1343 * fail any probe registration in the prohibited area 1344 */ 1345 for (kb = kprobe_blacklist; kb->name != NULL; kb++) { 1346 if (kb->start_addr) { 1347 if (addr >= kb->start_addr && 1348 addr < (kb->start_addr + kb->range)) 1349 return -EINVAL; 1350 } 1351 } 1352 return 0; 1353 } 1354 1355 /* 1356 * If we have a symbol_name argument, look it up and add the offset field 1357 * to it. This way, we can specify a relative address to a symbol. 1358 * This returns encoded errors if it fails to look up symbol or invalid 1359 * combination of parameters. 1360 */ 1361 static kprobe_opcode_t __kprobes *kprobe_addr(struct kprobe *p) 1362 { 1363 kprobe_opcode_t *addr = p->addr; 1364 1365 if ((p->symbol_name && p->addr) || 1366 (!p->symbol_name && !p->addr)) 1367 goto invalid; 1368 1369 if (p->symbol_name) { 1370 kprobe_lookup_name(p->symbol_name, addr); 1371 if (!addr) 1372 return ERR_PTR(-ENOENT); 1373 } 1374 1375 addr = (kprobe_opcode_t *)(((char *)addr) + p->offset); 1376 if (addr) 1377 return addr; 1378 1379 invalid: 1380 return ERR_PTR(-EINVAL); 1381 } 1382 1383 /* Check passed kprobe is valid and return kprobe in kprobe_table. */ 1384 static struct kprobe * __kprobes __get_valid_kprobe(struct kprobe *p) 1385 { 1386 struct kprobe *ap, *list_p; 1387 1388 ap = get_kprobe(p->addr); 1389 if (unlikely(!ap)) 1390 return NULL; 1391 1392 if (p != ap) { 1393 list_for_each_entry_rcu(list_p, &ap->list, list) 1394 if (list_p == p) 1395 /* kprobe p is a valid probe */ 1396 goto valid; 1397 return NULL; 1398 } 1399 valid: 1400 return ap; 1401 } 1402 1403 /* Return error if the kprobe is being re-registered */ 1404 static inline int check_kprobe_rereg(struct kprobe *p) 1405 { 1406 int ret = 0; 1407 1408 mutex_lock(&kprobe_mutex); 1409 if (__get_valid_kprobe(p)) 1410 ret = -EINVAL; 1411 mutex_unlock(&kprobe_mutex); 1412 1413 return ret; 1414 } 1415 1416 static __kprobes int check_kprobe_address_safe(struct kprobe *p, 1417 struct module **probed_mod) 1418 { 1419 int ret = 0; 1420 unsigned long ftrace_addr; 1421 1422 /* 1423 * If the address is located on a ftrace nop, set the 1424 * breakpoint to the following instruction. 1425 */ 1426 ftrace_addr = ftrace_location((unsigned long)p->addr); 1427 if (ftrace_addr) { 1428 #ifdef CONFIG_KPROBES_ON_FTRACE 1429 /* Given address is not on the instruction boundary */ 1430 if ((unsigned long)p->addr != ftrace_addr) 1431 return -EILSEQ; 1432 p->flags |= KPROBE_FLAG_FTRACE; 1433 #else /* !CONFIG_KPROBES_ON_FTRACE */ 1434 return -EINVAL; 1435 #endif 1436 } 1437 1438 jump_label_lock(); 1439 preempt_disable(); 1440 1441 /* Ensure it is not in reserved area nor out of text */ 1442 if (!kernel_text_address((unsigned long) p->addr) || 1443 in_kprobes_functions((unsigned long) p->addr) || 1444 jump_label_text_reserved(p->addr, p->addr)) { 1445 ret = -EINVAL; 1446 goto out; 1447 } 1448 1449 /* Check if are we probing a module */ 1450 *probed_mod = __module_text_address((unsigned long) p->addr); 1451 if (*probed_mod) { 1452 /* 1453 * We must hold a refcount of the probed module while updating 1454 * its code to prohibit unexpected unloading. 1455 */ 1456 if (unlikely(!try_module_get(*probed_mod))) { 1457 ret = -ENOENT; 1458 goto out; 1459 } 1460 1461 /* 1462 * If the module freed .init.text, we couldn't insert 1463 * kprobes in there. 1464 */ 1465 if (within_module_init((unsigned long)p->addr, *probed_mod) && 1466 (*probed_mod)->state != MODULE_STATE_COMING) { 1467 module_put(*probed_mod); 1468 *probed_mod = NULL; 1469 ret = -ENOENT; 1470 } 1471 } 1472 out: 1473 preempt_enable(); 1474 jump_label_unlock(); 1475 1476 return ret; 1477 } 1478 1479 int __kprobes register_kprobe(struct kprobe *p) 1480 { 1481 int ret; 1482 struct kprobe *old_p; 1483 struct module *probed_mod; 1484 kprobe_opcode_t *addr; 1485 1486 /* Adjust probe address from symbol */ 1487 addr = kprobe_addr(p); 1488 if (IS_ERR(addr)) 1489 return PTR_ERR(addr); 1490 p->addr = addr; 1491 1492 ret = check_kprobe_rereg(p); 1493 if (ret) 1494 return ret; 1495 1496 /* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */ 1497 p->flags &= KPROBE_FLAG_DISABLED; 1498 p->nmissed = 0; 1499 INIT_LIST_HEAD(&p->list); 1500 1501 ret = check_kprobe_address_safe(p, &probed_mod); 1502 if (ret) 1503 return ret; 1504 1505 mutex_lock(&kprobe_mutex); 1506 1507 old_p = get_kprobe(p->addr); 1508 if (old_p) { 1509 /* Since this may unoptimize old_p, locking text_mutex. */ 1510 ret = register_aggr_kprobe(old_p, p); 1511 goto out; 1512 } 1513 1514 mutex_lock(&text_mutex); /* Avoiding text modification */ 1515 ret = prepare_kprobe(p); 1516 mutex_unlock(&text_mutex); 1517 if (ret) 1518 goto out; 1519 1520 INIT_HLIST_NODE(&p->hlist); 1521 hlist_add_head_rcu(&p->hlist, 1522 &kprobe_table[hash_ptr(p->addr, KPROBE_HASH_BITS)]); 1523 1524 if (!kprobes_all_disarmed && !kprobe_disabled(p)) 1525 arm_kprobe(p); 1526 1527 /* Try to optimize kprobe */ 1528 try_to_optimize_kprobe(p); 1529 1530 out: 1531 mutex_unlock(&kprobe_mutex); 1532 1533 if (probed_mod) 1534 module_put(probed_mod); 1535 1536 return ret; 1537 } 1538 EXPORT_SYMBOL_GPL(register_kprobe); 1539 1540 /* Check if all probes on the aggrprobe are disabled */ 1541 static int __kprobes aggr_kprobe_disabled(struct kprobe *ap) 1542 { 1543 struct kprobe *kp; 1544 1545 list_for_each_entry_rcu(kp, &ap->list, list) 1546 if (!kprobe_disabled(kp)) 1547 /* 1548 * There is an active probe on the list. 1549 * We can't disable this ap. 1550 */ 1551 return 0; 1552 1553 return 1; 1554 } 1555 1556 /* Disable one kprobe: Make sure called under kprobe_mutex is locked */ 1557 static struct kprobe *__kprobes __disable_kprobe(struct kprobe *p) 1558 { 1559 struct kprobe *orig_p; 1560 1561 /* Get an original kprobe for return */ 1562 orig_p = __get_valid_kprobe(p); 1563 if (unlikely(orig_p == NULL)) 1564 return NULL; 1565 1566 if (!kprobe_disabled(p)) { 1567 /* Disable probe if it is a child probe */ 1568 if (p != orig_p) 1569 p->flags |= KPROBE_FLAG_DISABLED; 1570 1571 /* Try to disarm and disable this/parent probe */ 1572 if (p == orig_p || aggr_kprobe_disabled(orig_p)) { 1573 disarm_kprobe(orig_p, true); 1574 orig_p->flags |= KPROBE_FLAG_DISABLED; 1575 } 1576 } 1577 1578 return orig_p; 1579 } 1580 1581 /* 1582 * Unregister a kprobe without a scheduler synchronization. 1583 */ 1584 static int __kprobes __unregister_kprobe_top(struct kprobe *p) 1585 { 1586 struct kprobe *ap, *list_p; 1587 1588 /* Disable kprobe. This will disarm it if needed. */ 1589 ap = __disable_kprobe(p); 1590 if (ap == NULL) 1591 return -EINVAL; 1592 1593 if (ap == p) 1594 /* 1595 * This probe is an independent(and non-optimized) kprobe 1596 * (not an aggrprobe). Remove from the hash list. 1597 */ 1598 goto disarmed; 1599 1600 /* Following process expects this probe is an aggrprobe */ 1601 WARN_ON(!kprobe_aggrprobe(ap)); 1602 1603 if (list_is_singular(&ap->list) && kprobe_disarmed(ap)) 1604 /* 1605 * !disarmed could be happen if the probe is under delayed 1606 * unoptimizing. 1607 */ 1608 goto disarmed; 1609 else { 1610 /* If disabling probe has special handlers, update aggrprobe */ 1611 if (p->break_handler && !kprobe_gone(p)) 1612 ap->break_handler = NULL; 1613 if (p->post_handler && !kprobe_gone(p)) { 1614 list_for_each_entry_rcu(list_p, &ap->list, list) { 1615 if ((list_p != p) && (list_p->post_handler)) 1616 goto noclean; 1617 } 1618 ap->post_handler = NULL; 1619 } 1620 noclean: 1621 /* 1622 * Remove from the aggrprobe: this path will do nothing in 1623 * __unregister_kprobe_bottom(). 1624 */ 1625 list_del_rcu(&p->list); 1626 if (!kprobe_disabled(ap) && !kprobes_all_disarmed) 1627 /* 1628 * Try to optimize this probe again, because post 1629 * handler may have been changed. 1630 */ 1631 optimize_kprobe(ap); 1632 } 1633 return 0; 1634 1635 disarmed: 1636 BUG_ON(!kprobe_disarmed(ap)); 1637 hlist_del_rcu(&ap->hlist); 1638 return 0; 1639 } 1640 1641 static void __kprobes __unregister_kprobe_bottom(struct kprobe *p) 1642 { 1643 struct kprobe *ap; 1644 1645 if (list_empty(&p->list)) 1646 /* This is an independent kprobe */ 1647 arch_remove_kprobe(p); 1648 else if (list_is_singular(&p->list)) { 1649 /* This is the last child of an aggrprobe */ 1650 ap = list_entry(p->list.next, struct kprobe, list); 1651 list_del(&p->list); 1652 free_aggr_kprobe(ap); 1653 } 1654 /* Otherwise, do nothing. */ 1655 } 1656 1657 int __kprobes register_kprobes(struct kprobe **kps, int num) 1658 { 1659 int i, ret = 0; 1660 1661 if (num <= 0) 1662 return -EINVAL; 1663 for (i = 0; i < num; i++) { 1664 ret = register_kprobe(kps[i]); 1665 if (ret < 0) { 1666 if (i > 0) 1667 unregister_kprobes(kps, i); 1668 break; 1669 } 1670 } 1671 return ret; 1672 } 1673 EXPORT_SYMBOL_GPL(register_kprobes); 1674 1675 void __kprobes unregister_kprobe(struct kprobe *p) 1676 { 1677 unregister_kprobes(&p, 1); 1678 } 1679 EXPORT_SYMBOL_GPL(unregister_kprobe); 1680 1681 void __kprobes unregister_kprobes(struct kprobe **kps, int num) 1682 { 1683 int i; 1684 1685 if (num <= 0) 1686 return; 1687 mutex_lock(&kprobe_mutex); 1688 for (i = 0; i < num; i++) 1689 if (__unregister_kprobe_top(kps[i]) < 0) 1690 kps[i]->addr = NULL; 1691 mutex_unlock(&kprobe_mutex); 1692 1693 synchronize_sched(); 1694 for (i = 0; i < num; i++) 1695 if (kps[i]->addr) 1696 __unregister_kprobe_bottom(kps[i]); 1697 } 1698 EXPORT_SYMBOL_GPL(unregister_kprobes); 1699 1700 static struct notifier_block kprobe_exceptions_nb = { 1701 .notifier_call = kprobe_exceptions_notify, 1702 .priority = 0x7fffffff /* we need to be notified first */ 1703 }; 1704 1705 unsigned long __weak arch_deref_entry_point(void *entry) 1706 { 1707 return (unsigned long)entry; 1708 } 1709 1710 int __kprobes register_jprobes(struct jprobe **jps, int num) 1711 { 1712 struct jprobe *jp; 1713 int ret = 0, i; 1714 1715 if (num <= 0) 1716 return -EINVAL; 1717 for (i = 0; i < num; i++) { 1718 unsigned long addr, offset; 1719 jp = jps[i]; 1720 addr = arch_deref_entry_point(jp->entry); 1721 1722 /* Verify probepoint is a function entry point */ 1723 if (kallsyms_lookup_size_offset(addr, NULL, &offset) && 1724 offset == 0) { 1725 jp->kp.pre_handler = setjmp_pre_handler; 1726 jp->kp.break_handler = longjmp_break_handler; 1727 ret = register_kprobe(&jp->kp); 1728 } else 1729 ret = -EINVAL; 1730 1731 if (ret < 0) { 1732 if (i > 0) 1733 unregister_jprobes(jps, i); 1734 break; 1735 } 1736 } 1737 return ret; 1738 } 1739 EXPORT_SYMBOL_GPL(register_jprobes); 1740 1741 int __kprobes register_jprobe(struct jprobe *jp) 1742 { 1743 return register_jprobes(&jp, 1); 1744 } 1745 EXPORT_SYMBOL_GPL(register_jprobe); 1746 1747 void __kprobes unregister_jprobe(struct jprobe *jp) 1748 { 1749 unregister_jprobes(&jp, 1); 1750 } 1751 EXPORT_SYMBOL_GPL(unregister_jprobe); 1752 1753 void __kprobes unregister_jprobes(struct jprobe **jps, int num) 1754 { 1755 int i; 1756 1757 if (num <= 0) 1758 return; 1759 mutex_lock(&kprobe_mutex); 1760 for (i = 0; i < num; i++) 1761 if (__unregister_kprobe_top(&jps[i]->kp) < 0) 1762 jps[i]->kp.addr = NULL; 1763 mutex_unlock(&kprobe_mutex); 1764 1765 synchronize_sched(); 1766 for (i = 0; i < num; i++) { 1767 if (jps[i]->kp.addr) 1768 __unregister_kprobe_bottom(&jps[i]->kp); 1769 } 1770 } 1771 EXPORT_SYMBOL_GPL(unregister_jprobes); 1772 1773 #ifdef CONFIG_KRETPROBES 1774 /* 1775 * This kprobe pre_handler is registered with every kretprobe. When probe 1776 * hits it will set up the return probe. 1777 */ 1778 static int __kprobes pre_handler_kretprobe(struct kprobe *p, 1779 struct pt_regs *regs) 1780 { 1781 struct kretprobe *rp = container_of(p, struct kretprobe, kp); 1782 unsigned long hash, flags = 0; 1783 struct kretprobe_instance *ri; 1784 1785 /*TODO: consider to only swap the RA after the last pre_handler fired */ 1786 hash = hash_ptr(current, KPROBE_HASH_BITS); 1787 raw_spin_lock_irqsave(&rp->lock, flags); 1788 if (!hlist_empty(&rp->free_instances)) { 1789 ri = hlist_entry(rp->free_instances.first, 1790 struct kretprobe_instance, hlist); 1791 hlist_del(&ri->hlist); 1792 raw_spin_unlock_irqrestore(&rp->lock, flags); 1793 1794 ri->rp = rp; 1795 ri->task = current; 1796 1797 if (rp->entry_handler && rp->entry_handler(ri, regs)) { 1798 raw_spin_lock_irqsave(&rp->lock, flags); 1799 hlist_add_head(&ri->hlist, &rp->free_instances); 1800 raw_spin_unlock_irqrestore(&rp->lock, flags); 1801 return 0; 1802 } 1803 1804 arch_prepare_kretprobe(ri, regs); 1805 1806 /* XXX(hch): why is there no hlist_move_head? */ 1807 INIT_HLIST_NODE(&ri->hlist); 1808 kretprobe_table_lock(hash, &flags); 1809 hlist_add_head(&ri->hlist, &kretprobe_inst_table[hash]); 1810 kretprobe_table_unlock(hash, &flags); 1811 } else { 1812 rp->nmissed++; 1813 raw_spin_unlock_irqrestore(&rp->lock, flags); 1814 } 1815 return 0; 1816 } 1817 1818 int __kprobes register_kretprobe(struct kretprobe *rp) 1819 { 1820 int ret = 0; 1821 struct kretprobe_instance *inst; 1822 int i; 1823 void *addr; 1824 1825 if (kretprobe_blacklist_size) { 1826 addr = kprobe_addr(&rp->kp); 1827 if (IS_ERR(addr)) 1828 return PTR_ERR(addr); 1829 1830 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) { 1831 if (kretprobe_blacklist[i].addr == addr) 1832 return -EINVAL; 1833 } 1834 } 1835 1836 rp->kp.pre_handler = pre_handler_kretprobe; 1837 rp->kp.post_handler = NULL; 1838 rp->kp.fault_handler = NULL; 1839 rp->kp.break_handler = NULL; 1840 1841 /* Pre-allocate memory for max kretprobe instances */ 1842 if (rp->maxactive <= 0) { 1843 #ifdef CONFIG_PREEMPT 1844 rp->maxactive = max_t(unsigned int, 10, 2*num_possible_cpus()); 1845 #else 1846 rp->maxactive = num_possible_cpus(); 1847 #endif 1848 } 1849 raw_spin_lock_init(&rp->lock); 1850 INIT_HLIST_HEAD(&rp->free_instances); 1851 for (i = 0; i < rp->maxactive; i++) { 1852 inst = kmalloc(sizeof(struct kretprobe_instance) + 1853 rp->data_size, GFP_KERNEL); 1854 if (inst == NULL) { 1855 free_rp_inst(rp); 1856 return -ENOMEM; 1857 } 1858 INIT_HLIST_NODE(&inst->hlist); 1859 hlist_add_head(&inst->hlist, &rp->free_instances); 1860 } 1861 1862 rp->nmissed = 0; 1863 /* Establish function entry probe point */ 1864 ret = register_kprobe(&rp->kp); 1865 if (ret != 0) 1866 free_rp_inst(rp); 1867 return ret; 1868 } 1869 EXPORT_SYMBOL_GPL(register_kretprobe); 1870 1871 int __kprobes register_kretprobes(struct kretprobe **rps, int num) 1872 { 1873 int ret = 0, i; 1874 1875 if (num <= 0) 1876 return -EINVAL; 1877 for (i = 0; i < num; i++) { 1878 ret = register_kretprobe(rps[i]); 1879 if (ret < 0) { 1880 if (i > 0) 1881 unregister_kretprobes(rps, i); 1882 break; 1883 } 1884 } 1885 return ret; 1886 } 1887 EXPORT_SYMBOL_GPL(register_kretprobes); 1888 1889 void __kprobes unregister_kretprobe(struct kretprobe *rp) 1890 { 1891 unregister_kretprobes(&rp, 1); 1892 } 1893 EXPORT_SYMBOL_GPL(unregister_kretprobe); 1894 1895 void __kprobes unregister_kretprobes(struct kretprobe **rps, int num) 1896 { 1897 int i; 1898 1899 if (num <= 0) 1900 return; 1901 mutex_lock(&kprobe_mutex); 1902 for (i = 0; i < num; i++) 1903 if (__unregister_kprobe_top(&rps[i]->kp) < 0) 1904 rps[i]->kp.addr = NULL; 1905 mutex_unlock(&kprobe_mutex); 1906 1907 synchronize_sched(); 1908 for (i = 0; i < num; i++) { 1909 if (rps[i]->kp.addr) { 1910 __unregister_kprobe_bottom(&rps[i]->kp); 1911 cleanup_rp_inst(rps[i]); 1912 } 1913 } 1914 } 1915 EXPORT_SYMBOL_GPL(unregister_kretprobes); 1916 1917 #else /* CONFIG_KRETPROBES */ 1918 int __kprobes register_kretprobe(struct kretprobe *rp) 1919 { 1920 return -ENOSYS; 1921 } 1922 EXPORT_SYMBOL_GPL(register_kretprobe); 1923 1924 int __kprobes register_kretprobes(struct kretprobe **rps, int num) 1925 { 1926 return -ENOSYS; 1927 } 1928 EXPORT_SYMBOL_GPL(register_kretprobes); 1929 1930 void __kprobes unregister_kretprobe(struct kretprobe *rp) 1931 { 1932 } 1933 EXPORT_SYMBOL_GPL(unregister_kretprobe); 1934 1935 void __kprobes unregister_kretprobes(struct kretprobe **rps, int num) 1936 { 1937 } 1938 EXPORT_SYMBOL_GPL(unregister_kretprobes); 1939 1940 static int __kprobes pre_handler_kretprobe(struct kprobe *p, 1941 struct pt_regs *regs) 1942 { 1943 return 0; 1944 } 1945 1946 #endif /* CONFIG_KRETPROBES */ 1947 1948 /* Set the kprobe gone and remove its instruction buffer. */ 1949 static void __kprobes kill_kprobe(struct kprobe *p) 1950 { 1951 struct kprobe *kp; 1952 1953 p->flags |= KPROBE_FLAG_GONE; 1954 if (kprobe_aggrprobe(p)) { 1955 /* 1956 * If this is an aggr_kprobe, we have to list all the 1957 * chained probes and mark them GONE. 1958 */ 1959 list_for_each_entry_rcu(kp, &p->list, list) 1960 kp->flags |= KPROBE_FLAG_GONE; 1961 p->post_handler = NULL; 1962 p->break_handler = NULL; 1963 kill_optimized_kprobe(p); 1964 } 1965 /* 1966 * Here, we can remove insn_slot safely, because no thread calls 1967 * the original probed function (which will be freed soon) any more. 1968 */ 1969 arch_remove_kprobe(p); 1970 } 1971 1972 /* Disable one kprobe */ 1973 int __kprobes disable_kprobe(struct kprobe *kp) 1974 { 1975 int ret = 0; 1976 1977 mutex_lock(&kprobe_mutex); 1978 1979 /* Disable this kprobe */ 1980 if (__disable_kprobe(kp) == NULL) 1981 ret = -EINVAL; 1982 1983 mutex_unlock(&kprobe_mutex); 1984 return ret; 1985 } 1986 EXPORT_SYMBOL_GPL(disable_kprobe); 1987 1988 /* Enable one kprobe */ 1989 int __kprobes enable_kprobe(struct kprobe *kp) 1990 { 1991 int ret = 0; 1992 struct kprobe *p; 1993 1994 mutex_lock(&kprobe_mutex); 1995 1996 /* Check whether specified probe is valid. */ 1997 p = __get_valid_kprobe(kp); 1998 if (unlikely(p == NULL)) { 1999 ret = -EINVAL; 2000 goto out; 2001 } 2002 2003 if (kprobe_gone(kp)) { 2004 /* This kprobe has gone, we couldn't enable it. */ 2005 ret = -EINVAL; 2006 goto out; 2007 } 2008 2009 if (p != kp) 2010 kp->flags &= ~KPROBE_FLAG_DISABLED; 2011 2012 if (!kprobes_all_disarmed && kprobe_disabled(p)) { 2013 p->flags &= ~KPROBE_FLAG_DISABLED; 2014 arm_kprobe(p); 2015 } 2016 out: 2017 mutex_unlock(&kprobe_mutex); 2018 return ret; 2019 } 2020 EXPORT_SYMBOL_GPL(enable_kprobe); 2021 2022 void __kprobes dump_kprobe(struct kprobe *kp) 2023 { 2024 printk(KERN_WARNING "Dumping kprobe:\n"); 2025 printk(KERN_WARNING "Name: %s\nAddress: %p\nOffset: %x\n", 2026 kp->symbol_name, kp->addr, kp->offset); 2027 } 2028 2029 /* Module notifier call back, checking kprobes on the module */ 2030 static int __kprobes kprobes_module_callback(struct notifier_block *nb, 2031 unsigned long val, void *data) 2032 { 2033 struct module *mod = data; 2034 struct hlist_head *head; 2035 struct kprobe *p; 2036 unsigned int i; 2037 int checkcore = (val == MODULE_STATE_GOING); 2038 2039 if (val != MODULE_STATE_GOING && val != MODULE_STATE_LIVE) 2040 return NOTIFY_DONE; 2041 2042 /* 2043 * When MODULE_STATE_GOING was notified, both of module .text and 2044 * .init.text sections would be freed. When MODULE_STATE_LIVE was 2045 * notified, only .init.text section would be freed. We need to 2046 * disable kprobes which have been inserted in the sections. 2047 */ 2048 mutex_lock(&kprobe_mutex); 2049 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 2050 head = &kprobe_table[i]; 2051 hlist_for_each_entry_rcu(p, head, hlist) 2052 if (within_module_init((unsigned long)p->addr, mod) || 2053 (checkcore && 2054 within_module_core((unsigned long)p->addr, mod))) { 2055 /* 2056 * The vaddr this probe is installed will soon 2057 * be vfreed buy not synced to disk. Hence, 2058 * disarming the breakpoint isn't needed. 2059 */ 2060 kill_kprobe(p); 2061 } 2062 } 2063 mutex_unlock(&kprobe_mutex); 2064 return NOTIFY_DONE; 2065 } 2066 2067 static struct notifier_block kprobe_module_nb = { 2068 .notifier_call = kprobes_module_callback, 2069 .priority = 0 2070 }; 2071 2072 static int __init init_kprobes(void) 2073 { 2074 int i, err = 0; 2075 unsigned long offset = 0, size = 0; 2076 char *modname, namebuf[128]; 2077 const char *symbol_name; 2078 void *addr; 2079 struct kprobe_blackpoint *kb; 2080 2081 /* FIXME allocate the probe table, currently defined statically */ 2082 /* initialize all list heads */ 2083 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 2084 INIT_HLIST_HEAD(&kprobe_table[i]); 2085 INIT_HLIST_HEAD(&kretprobe_inst_table[i]); 2086 raw_spin_lock_init(&(kretprobe_table_locks[i].lock)); 2087 } 2088 2089 /* 2090 * Lookup and populate the kprobe_blacklist. 2091 * 2092 * Unlike the kretprobe blacklist, we'll need to determine 2093 * the range of addresses that belong to the said functions, 2094 * since a kprobe need not necessarily be at the beginning 2095 * of a function. 2096 */ 2097 for (kb = kprobe_blacklist; kb->name != NULL; kb++) { 2098 kprobe_lookup_name(kb->name, addr); 2099 if (!addr) 2100 continue; 2101 2102 kb->start_addr = (unsigned long)addr; 2103 symbol_name = kallsyms_lookup(kb->start_addr, 2104 &size, &offset, &modname, namebuf); 2105 if (!symbol_name) 2106 kb->range = 0; 2107 else 2108 kb->range = size; 2109 } 2110 2111 if (kretprobe_blacklist_size) { 2112 /* lookup the function address from its name */ 2113 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) { 2114 kprobe_lookup_name(kretprobe_blacklist[i].name, 2115 kretprobe_blacklist[i].addr); 2116 if (!kretprobe_blacklist[i].addr) 2117 printk("kretprobe: lookup failed: %s\n", 2118 kretprobe_blacklist[i].name); 2119 } 2120 } 2121 2122 #if defined(CONFIG_OPTPROBES) 2123 #if defined(__ARCH_WANT_KPROBES_INSN_SLOT) 2124 /* Init kprobe_optinsn_slots */ 2125 kprobe_optinsn_slots.insn_size = MAX_OPTINSN_SIZE; 2126 #endif 2127 /* By default, kprobes can be optimized */ 2128 kprobes_allow_optimization = true; 2129 #endif 2130 2131 /* By default, kprobes are armed */ 2132 kprobes_all_disarmed = false; 2133 2134 err = arch_init_kprobes(); 2135 if (!err) 2136 err = register_die_notifier(&kprobe_exceptions_nb); 2137 if (!err) 2138 err = register_module_notifier(&kprobe_module_nb); 2139 2140 kprobes_initialized = (err == 0); 2141 2142 if (!err) 2143 init_test_probes(); 2144 return err; 2145 } 2146 2147 #ifdef CONFIG_DEBUG_FS 2148 static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, 2149 const char *sym, int offset, char *modname, struct kprobe *pp) 2150 { 2151 char *kprobe_type; 2152 2153 if (p->pre_handler == pre_handler_kretprobe) 2154 kprobe_type = "r"; 2155 else if (p->pre_handler == setjmp_pre_handler) 2156 kprobe_type = "j"; 2157 else 2158 kprobe_type = "k"; 2159 2160 if (sym) 2161 seq_printf(pi, "%p %s %s+0x%x %s ", 2162 p->addr, kprobe_type, sym, offset, 2163 (modname ? modname : " ")); 2164 else 2165 seq_printf(pi, "%p %s %p ", 2166 p->addr, kprobe_type, p->addr); 2167 2168 if (!pp) 2169 pp = p; 2170 seq_printf(pi, "%s%s%s%s\n", 2171 (kprobe_gone(p) ? "[GONE]" : ""), 2172 ((kprobe_disabled(p) && !kprobe_gone(p)) ? "[DISABLED]" : ""), 2173 (kprobe_optimized(pp) ? "[OPTIMIZED]" : ""), 2174 (kprobe_ftrace(pp) ? "[FTRACE]" : "")); 2175 } 2176 2177 static void __kprobes *kprobe_seq_start(struct seq_file *f, loff_t *pos) 2178 { 2179 return (*pos < KPROBE_TABLE_SIZE) ? pos : NULL; 2180 } 2181 2182 static void __kprobes *kprobe_seq_next(struct seq_file *f, void *v, loff_t *pos) 2183 { 2184 (*pos)++; 2185 if (*pos >= KPROBE_TABLE_SIZE) 2186 return NULL; 2187 return pos; 2188 } 2189 2190 static void __kprobes kprobe_seq_stop(struct seq_file *f, void *v) 2191 { 2192 /* Nothing to do */ 2193 } 2194 2195 static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) 2196 { 2197 struct hlist_head *head; 2198 struct kprobe *p, *kp; 2199 const char *sym = NULL; 2200 unsigned int i = *(loff_t *) v; 2201 unsigned long offset = 0; 2202 char *modname, namebuf[128]; 2203 2204 head = &kprobe_table[i]; 2205 preempt_disable(); 2206 hlist_for_each_entry_rcu(p, head, hlist) { 2207 sym = kallsyms_lookup((unsigned long)p->addr, NULL, 2208 &offset, &modname, namebuf); 2209 if (kprobe_aggrprobe(p)) { 2210 list_for_each_entry_rcu(kp, &p->list, list) 2211 report_probe(pi, kp, sym, offset, modname, p); 2212 } else 2213 report_probe(pi, p, sym, offset, modname, NULL); 2214 } 2215 preempt_enable(); 2216 return 0; 2217 } 2218 2219 static const struct seq_operations kprobes_seq_ops = { 2220 .start = kprobe_seq_start, 2221 .next = kprobe_seq_next, 2222 .stop = kprobe_seq_stop, 2223 .show = show_kprobe_addr 2224 }; 2225 2226 static int __kprobes kprobes_open(struct inode *inode, struct file *filp) 2227 { 2228 return seq_open(filp, &kprobes_seq_ops); 2229 } 2230 2231 static const struct file_operations debugfs_kprobes_operations = { 2232 .open = kprobes_open, 2233 .read = seq_read, 2234 .llseek = seq_lseek, 2235 .release = seq_release, 2236 }; 2237 2238 static void __kprobes arm_all_kprobes(void) 2239 { 2240 struct hlist_head *head; 2241 struct kprobe *p; 2242 unsigned int i; 2243 2244 mutex_lock(&kprobe_mutex); 2245 2246 /* If kprobes are armed, just return */ 2247 if (!kprobes_all_disarmed) 2248 goto already_enabled; 2249 2250 /* Arming kprobes doesn't optimize kprobe itself */ 2251 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 2252 head = &kprobe_table[i]; 2253 hlist_for_each_entry_rcu(p, head, hlist) 2254 if (!kprobe_disabled(p)) 2255 arm_kprobe(p); 2256 } 2257 2258 kprobes_all_disarmed = false; 2259 printk(KERN_INFO "Kprobes globally enabled\n"); 2260 2261 already_enabled: 2262 mutex_unlock(&kprobe_mutex); 2263 return; 2264 } 2265 2266 static void __kprobes disarm_all_kprobes(void) 2267 { 2268 struct hlist_head *head; 2269 struct kprobe *p; 2270 unsigned int i; 2271 2272 mutex_lock(&kprobe_mutex); 2273 2274 /* If kprobes are already disarmed, just return */ 2275 if (kprobes_all_disarmed) { 2276 mutex_unlock(&kprobe_mutex); 2277 return; 2278 } 2279 2280 kprobes_all_disarmed = true; 2281 printk(KERN_INFO "Kprobes globally disabled\n"); 2282 2283 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 2284 head = &kprobe_table[i]; 2285 hlist_for_each_entry_rcu(p, head, hlist) { 2286 if (!arch_trampoline_kprobe(p) && !kprobe_disabled(p)) 2287 disarm_kprobe(p, false); 2288 } 2289 } 2290 mutex_unlock(&kprobe_mutex); 2291 2292 /* Wait for disarming all kprobes by optimizer */ 2293 wait_for_kprobe_optimizer(); 2294 } 2295 2296 /* 2297 * XXX: The debugfs bool file interface doesn't allow for callbacks 2298 * when the bool state is switched. We can reuse that facility when 2299 * available 2300 */ 2301 static ssize_t read_enabled_file_bool(struct file *file, 2302 char __user *user_buf, size_t count, loff_t *ppos) 2303 { 2304 char buf[3]; 2305 2306 if (!kprobes_all_disarmed) 2307 buf[0] = '1'; 2308 else 2309 buf[0] = '0'; 2310 buf[1] = '\n'; 2311 buf[2] = 0x00; 2312 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 2313 } 2314 2315 static ssize_t write_enabled_file_bool(struct file *file, 2316 const char __user *user_buf, size_t count, loff_t *ppos) 2317 { 2318 char buf[32]; 2319 size_t buf_size; 2320 2321 buf_size = min(count, (sizeof(buf)-1)); 2322 if (copy_from_user(buf, user_buf, buf_size)) 2323 return -EFAULT; 2324 2325 switch (buf[0]) { 2326 case 'y': 2327 case 'Y': 2328 case '1': 2329 arm_all_kprobes(); 2330 break; 2331 case 'n': 2332 case 'N': 2333 case '0': 2334 disarm_all_kprobes(); 2335 break; 2336 } 2337 2338 return count; 2339 } 2340 2341 static const struct file_operations fops_kp = { 2342 .read = read_enabled_file_bool, 2343 .write = write_enabled_file_bool, 2344 .llseek = default_llseek, 2345 }; 2346 2347 static int __kprobes debugfs_kprobe_init(void) 2348 { 2349 struct dentry *dir, *file; 2350 unsigned int value = 1; 2351 2352 dir = debugfs_create_dir("kprobes", NULL); 2353 if (!dir) 2354 return -ENOMEM; 2355 2356 file = debugfs_create_file("list", 0444, dir, NULL, 2357 &debugfs_kprobes_operations); 2358 if (!file) { 2359 debugfs_remove(dir); 2360 return -ENOMEM; 2361 } 2362 2363 file = debugfs_create_file("enabled", 0600, dir, 2364 &value, &fops_kp); 2365 if (!file) { 2366 debugfs_remove(dir); 2367 return -ENOMEM; 2368 } 2369 2370 return 0; 2371 } 2372 2373 late_initcall(debugfs_kprobe_init); 2374 #endif /* CONFIG_DEBUG_FS */ 2375 2376 module_init(init_kprobes); 2377 2378 /* defined in arch/.../kernel/kprobes.c */ 2379 EXPORT_SYMBOL_GPL(jprobe_return); 2380