1*804defeaSAnanth N Mavinakayanahalli /* 2*804defeaSAnanth N Mavinakayanahalli * NOTE: This example is works on x86 and powerpc. 3*804defeaSAnanth N Mavinakayanahalli * Here's a sample kernel module showing the use of kprobes to dump a 4*804defeaSAnanth N Mavinakayanahalli * stack trace and selected registers when do_fork() is called. 5*804defeaSAnanth N Mavinakayanahalli * 6*804defeaSAnanth N Mavinakayanahalli * For more information on theory of operation of kprobes, see 7*804defeaSAnanth N Mavinakayanahalli * Documentation/kprobes.txt 8*804defeaSAnanth N Mavinakayanahalli * 9*804defeaSAnanth N Mavinakayanahalli * You will see the trace data in /var/log/messages and on the console 10*804defeaSAnanth N Mavinakayanahalli * whenever do_fork() is invoked to create a new process. 11*804defeaSAnanth N Mavinakayanahalli */ 12*804defeaSAnanth N Mavinakayanahalli 13*804defeaSAnanth N Mavinakayanahalli #include <linux/kernel.h> 14*804defeaSAnanth N Mavinakayanahalli #include <linux/module.h> 15*804defeaSAnanth N Mavinakayanahalli #include <linux/kprobes.h> 16*804defeaSAnanth N Mavinakayanahalli 17*804defeaSAnanth N Mavinakayanahalli /* For each probe you need to allocate a kprobe structure */ 18*804defeaSAnanth N Mavinakayanahalli static struct kprobe kp = { 19*804defeaSAnanth N Mavinakayanahalli .symbol_name = "do_fork", 20*804defeaSAnanth N Mavinakayanahalli }; 21*804defeaSAnanth N Mavinakayanahalli 22*804defeaSAnanth N Mavinakayanahalli /* kprobe pre_handler: called just before the probed instruction is executed */ 23*804defeaSAnanth N Mavinakayanahalli static int handler_pre(struct kprobe *p, struct pt_regs *regs) 24*804defeaSAnanth N Mavinakayanahalli { 25*804defeaSAnanth N Mavinakayanahalli #ifdef CONFIG_X86 26*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx," 27*804defeaSAnanth N Mavinakayanahalli " flags = 0x%lx\n", 28*804defeaSAnanth N Mavinakayanahalli p->addr, regs->ip, regs->flags); 29*804defeaSAnanth N Mavinakayanahalli #endif 30*804defeaSAnanth N Mavinakayanahalli #ifdef CONFIG_PPC 31*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx," 32*804defeaSAnanth N Mavinakayanahalli " msr = 0x%lx\n", 33*804defeaSAnanth N Mavinakayanahalli p->addr, regs->nip, regs->msr); 34*804defeaSAnanth N Mavinakayanahalli #endif 35*804defeaSAnanth N Mavinakayanahalli 36*804defeaSAnanth N Mavinakayanahalli /* A dump_stack() here will give a stack backtrace */ 37*804defeaSAnanth N Mavinakayanahalli return 0; 38*804defeaSAnanth N Mavinakayanahalli } 39*804defeaSAnanth N Mavinakayanahalli 40*804defeaSAnanth N Mavinakayanahalli /* kprobe post_handler: called after the probed instruction is executed */ 41*804defeaSAnanth N Mavinakayanahalli static void handler_post(struct kprobe *p, struct pt_regs *regs, 42*804defeaSAnanth N Mavinakayanahalli unsigned long flags) 43*804defeaSAnanth N Mavinakayanahalli { 44*804defeaSAnanth N Mavinakayanahalli #ifdef CONFIG_X86 45*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n", 46*804defeaSAnanth N Mavinakayanahalli p->addr, regs->flags); 47*804defeaSAnanth N Mavinakayanahalli #endif 48*804defeaSAnanth N Mavinakayanahalli #ifdef CONFIG_PPC 49*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n", 50*804defeaSAnanth N Mavinakayanahalli p->addr, regs->msr); 51*804defeaSAnanth N Mavinakayanahalli #endif 52*804defeaSAnanth N Mavinakayanahalli } 53*804defeaSAnanth N Mavinakayanahalli 54*804defeaSAnanth N Mavinakayanahalli /* 55*804defeaSAnanth N Mavinakayanahalli * fault_handler: this is called if an exception is generated for any 56*804defeaSAnanth N Mavinakayanahalli * instruction within the pre- or post-handler, or when Kprobes 57*804defeaSAnanth N Mavinakayanahalli * single-steps the probed instruction. 58*804defeaSAnanth N Mavinakayanahalli */ 59*804defeaSAnanth N Mavinakayanahalli static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr) 60*804defeaSAnanth N Mavinakayanahalli { 61*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn", 62*804defeaSAnanth N Mavinakayanahalli p->addr, trapnr); 63*804defeaSAnanth N Mavinakayanahalli /* Return 0 because we don't handle the fault. */ 64*804defeaSAnanth N Mavinakayanahalli return 0; 65*804defeaSAnanth N Mavinakayanahalli } 66*804defeaSAnanth N Mavinakayanahalli 67*804defeaSAnanth N Mavinakayanahalli static int __init kprobe_init(void) 68*804defeaSAnanth N Mavinakayanahalli { 69*804defeaSAnanth N Mavinakayanahalli int ret; 70*804defeaSAnanth N Mavinakayanahalli kp.pre_handler = handler_pre; 71*804defeaSAnanth N Mavinakayanahalli kp.post_handler = handler_post; 72*804defeaSAnanth N Mavinakayanahalli kp.fault_handler = handler_fault; 73*804defeaSAnanth N Mavinakayanahalli 74*804defeaSAnanth N Mavinakayanahalli ret = register_kprobe(&kp); 75*804defeaSAnanth N Mavinakayanahalli if (ret < 0) { 76*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "register_kprobe failed, returned %d\n", ret); 77*804defeaSAnanth N Mavinakayanahalli return ret; 78*804defeaSAnanth N Mavinakayanahalli } 79*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "Planted kprobe at %p\n", kp.addr); 80*804defeaSAnanth N Mavinakayanahalli return 0; 81*804defeaSAnanth N Mavinakayanahalli } 82*804defeaSAnanth N Mavinakayanahalli 83*804defeaSAnanth N Mavinakayanahalli static void __exit kprobe_exit(void) 84*804defeaSAnanth N Mavinakayanahalli { 85*804defeaSAnanth N Mavinakayanahalli unregister_kprobe(&kp); 86*804defeaSAnanth N Mavinakayanahalli printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr); 87*804defeaSAnanth N Mavinakayanahalli } 88*804defeaSAnanth N Mavinakayanahalli 89*804defeaSAnanth N Mavinakayanahalli module_init(kprobe_init) 90*804defeaSAnanth N Mavinakayanahalli module_exit(kprobe_exit) 91*804defeaSAnanth N Mavinakayanahalli MODULE_LICENSE("GPL"); 92