1 /* 2 * Kernel Probes (KProbes) 3 * kernel/kprobes.c 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 18 * 19 * Copyright (C) IBM Corporation, 2002, 2004 20 * 21 * 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel 22 * Probes initial implementation (includes suggestions from 23 * Rusty Russell). 24 * 2004-Aug Updated by Prasanna S Panchamukhi <prasanna@in.ibm.com> with 25 * hlists and exceptions notifier as suggested by Andi Kleen. 26 * 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes 27 * interface to access function arguments. 28 * 2004-Sep Prasanna S Panchamukhi <prasanna@in.ibm.com> Changed Kprobes 29 * exceptions notifier to be first on the priority list. 30 * 2005-May Hien Nguyen <hien@us.ibm.com>, Jim Keniston 31 * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi 32 * <prasanna@in.ibm.com> added function-return probes. 33 */ 34 #include <linux/kprobes.h> 35 #include <linux/hash.h> 36 #include <linux/init.h> 37 #include <linux/slab.h> 38 #include <linux/stddef.h> 39 #include <linux/module.h> 40 #include <linux/moduleloader.h> 41 #include <linux/kallsyms.h> 42 #include <linux/freezer.h> 43 #include <linux/seq_file.h> 44 #include <linux/debugfs.h> 45 #include <linux/kdebug.h> 46 #include <linux/memory.h> 47 48 #include <asm-generic/sections.h> 49 #include <asm/cacheflush.h> 50 #include <asm/errno.h> 51 #include <asm/uaccess.h> 52 53 #define KPROBE_HASH_BITS 6 54 #define KPROBE_TABLE_SIZE (1 << KPROBE_HASH_BITS) 55 56 57 /* 58 * Some oddball architectures like 64bit powerpc have function descriptors 59 * so this must be overridable. 60 */ 61 #ifndef kprobe_lookup_name 62 #define kprobe_lookup_name(name, addr) \ 63 addr = ((kprobe_opcode_t *)(kallsyms_lookup_name(name))) 64 #endif 65 66 static int kprobes_initialized; 67 static struct hlist_head kprobe_table[KPROBE_TABLE_SIZE]; 68 static struct hlist_head kretprobe_inst_table[KPROBE_TABLE_SIZE]; 69 70 /* NOTE: change this value only with kprobe_mutex held */ 71 static bool kprobes_all_disarmed; 72 73 static DEFINE_MUTEX(kprobe_mutex); /* Protects kprobe_table */ 74 static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL; 75 static struct { 76 spinlock_t lock ____cacheline_aligned_in_smp; 77 } kretprobe_table_locks[KPROBE_TABLE_SIZE]; 78 79 static spinlock_t *kretprobe_table_lock_ptr(unsigned long hash) 80 { 81 return &(kretprobe_table_locks[hash].lock); 82 } 83 84 /* 85 * Normally, functions that we'd want to prohibit kprobes in, are marked 86 * __kprobes. But, there are cases where such functions already belong to 87 * a different section (__sched for preempt_schedule) 88 * 89 * For such cases, we now have a blacklist 90 */ 91 static struct kprobe_blackpoint kprobe_blacklist[] = { 92 {"preempt_schedule",}, 93 {NULL} /* Terminator */ 94 }; 95 96 #ifdef __ARCH_WANT_KPROBES_INSN_SLOT 97 /* 98 * kprobe->ainsn.insn points to the copy of the instruction to be 99 * single-stepped. x86_64, POWER4 and above have no-exec support and 100 * stepping on the instruction on a vmalloced/kmalloced/data page 101 * is a recipe for disaster 102 */ 103 #define INSNS_PER_PAGE (PAGE_SIZE/(MAX_INSN_SIZE * sizeof(kprobe_opcode_t))) 104 105 struct kprobe_insn_page { 106 struct hlist_node hlist; 107 kprobe_opcode_t *insns; /* Page of instruction slots */ 108 char slot_used[INSNS_PER_PAGE]; 109 int nused; 110 int ngarbage; 111 }; 112 113 enum kprobe_slot_state { 114 SLOT_CLEAN = 0, 115 SLOT_DIRTY = 1, 116 SLOT_USED = 2, 117 }; 118 119 static DEFINE_MUTEX(kprobe_insn_mutex); /* Protects kprobe_insn_pages */ 120 static struct hlist_head kprobe_insn_pages; 121 static int kprobe_garbage_slots; 122 static int collect_garbage_slots(void); 123 124 static int __kprobes check_safety(void) 125 { 126 int ret = 0; 127 #if defined(CONFIG_PREEMPT) && defined(CONFIG_FREEZER) 128 ret = freeze_processes(); 129 if (ret == 0) { 130 struct task_struct *p, *q; 131 do_each_thread(p, q) { 132 if (p != current && p->state == TASK_RUNNING && 133 p->pid != 0) { 134 printk("Check failed: %s is running\n",p->comm); 135 ret = -1; 136 goto loop_end; 137 } 138 } while_each_thread(p, q); 139 } 140 loop_end: 141 thaw_processes(); 142 #else 143 synchronize_sched(); 144 #endif 145 return ret; 146 } 147 148 /** 149 * __get_insn_slot() - Find a slot on an executable page for an instruction. 150 * We allocate an executable page if there's no room on existing ones. 151 */ 152 static kprobe_opcode_t __kprobes *__get_insn_slot(void) 153 { 154 struct kprobe_insn_page *kip; 155 struct hlist_node *pos; 156 157 retry: 158 hlist_for_each_entry(kip, pos, &kprobe_insn_pages, hlist) { 159 if (kip->nused < INSNS_PER_PAGE) { 160 int i; 161 for (i = 0; i < INSNS_PER_PAGE; i++) { 162 if (kip->slot_used[i] == SLOT_CLEAN) { 163 kip->slot_used[i] = SLOT_USED; 164 kip->nused++; 165 return kip->insns + (i * MAX_INSN_SIZE); 166 } 167 } 168 /* Surprise! No unused slots. Fix kip->nused. */ 169 kip->nused = INSNS_PER_PAGE; 170 } 171 } 172 173 /* If there are any garbage slots, collect it and try again. */ 174 if (kprobe_garbage_slots && collect_garbage_slots() == 0) { 175 goto retry; 176 } 177 /* All out of space. Need to allocate a new page. Use slot 0. */ 178 kip = kmalloc(sizeof(struct kprobe_insn_page), GFP_KERNEL); 179 if (!kip) 180 return NULL; 181 182 /* 183 * Use module_alloc so this page is within +/- 2GB of where the 184 * kernel image and loaded module images reside. This is required 185 * so x86_64 can correctly handle the %rip-relative fixups. 186 */ 187 kip->insns = module_alloc(PAGE_SIZE); 188 if (!kip->insns) { 189 kfree(kip); 190 return NULL; 191 } 192 INIT_HLIST_NODE(&kip->hlist); 193 hlist_add_head(&kip->hlist, &kprobe_insn_pages); 194 memset(kip->slot_used, SLOT_CLEAN, INSNS_PER_PAGE); 195 kip->slot_used[0] = SLOT_USED; 196 kip->nused = 1; 197 kip->ngarbage = 0; 198 return kip->insns; 199 } 200 201 kprobe_opcode_t __kprobes *get_insn_slot(void) 202 { 203 kprobe_opcode_t *ret; 204 mutex_lock(&kprobe_insn_mutex); 205 ret = __get_insn_slot(); 206 mutex_unlock(&kprobe_insn_mutex); 207 return ret; 208 } 209 210 /* Return 1 if all garbages are collected, otherwise 0. */ 211 static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) 212 { 213 kip->slot_used[idx] = SLOT_CLEAN; 214 kip->nused--; 215 if (kip->nused == 0) { 216 /* 217 * Page is no longer in use. Free it unless 218 * it's the last one. We keep the last one 219 * so as not to have to set it up again the 220 * next time somebody inserts a probe. 221 */ 222 hlist_del(&kip->hlist); 223 if (hlist_empty(&kprobe_insn_pages)) { 224 INIT_HLIST_NODE(&kip->hlist); 225 hlist_add_head(&kip->hlist, 226 &kprobe_insn_pages); 227 } else { 228 module_free(NULL, kip->insns); 229 kfree(kip); 230 } 231 return 1; 232 } 233 return 0; 234 } 235 236 static int __kprobes collect_garbage_slots(void) 237 { 238 struct kprobe_insn_page *kip; 239 struct hlist_node *pos, *next; 240 int safety; 241 242 /* Ensure no-one is preepmted on the garbages */ 243 mutex_unlock(&kprobe_insn_mutex); 244 safety = check_safety(); 245 mutex_lock(&kprobe_insn_mutex); 246 if (safety != 0) 247 return -EAGAIN; 248 249 hlist_for_each_entry_safe(kip, pos, next, &kprobe_insn_pages, hlist) { 250 int i; 251 if (kip->ngarbage == 0) 252 continue; 253 kip->ngarbage = 0; /* we will collect all garbages */ 254 for (i = 0; i < INSNS_PER_PAGE; i++) { 255 if (kip->slot_used[i] == SLOT_DIRTY && 256 collect_one_slot(kip, i)) 257 break; 258 } 259 } 260 kprobe_garbage_slots = 0; 261 return 0; 262 } 263 264 void __kprobes free_insn_slot(kprobe_opcode_t * slot, int dirty) 265 { 266 struct kprobe_insn_page *kip; 267 struct hlist_node *pos; 268 269 mutex_lock(&kprobe_insn_mutex); 270 hlist_for_each_entry(kip, pos, &kprobe_insn_pages, hlist) { 271 if (kip->insns <= slot && 272 slot < kip->insns + (INSNS_PER_PAGE * MAX_INSN_SIZE)) { 273 int i = (slot - kip->insns) / MAX_INSN_SIZE; 274 if (dirty) { 275 kip->slot_used[i] = SLOT_DIRTY; 276 kip->ngarbage++; 277 } else { 278 collect_one_slot(kip, i); 279 } 280 break; 281 } 282 } 283 284 if (dirty && ++kprobe_garbage_slots > INSNS_PER_PAGE) 285 collect_garbage_slots(); 286 287 mutex_unlock(&kprobe_insn_mutex); 288 } 289 #endif 290 291 /* We have preemption disabled.. so it is safe to use __ versions */ 292 static inline void set_kprobe_instance(struct kprobe *kp) 293 { 294 __get_cpu_var(kprobe_instance) = kp; 295 } 296 297 static inline void reset_kprobe_instance(void) 298 { 299 __get_cpu_var(kprobe_instance) = NULL; 300 } 301 302 /* 303 * This routine is called either: 304 * - under the kprobe_mutex - during kprobe_[un]register() 305 * OR 306 * - with preemption disabled - from arch/xxx/kernel/kprobes.c 307 */ 308 struct kprobe __kprobes *get_kprobe(void *addr) 309 { 310 struct hlist_head *head; 311 struct hlist_node *node; 312 struct kprobe *p; 313 314 head = &kprobe_table[hash_ptr(addr, KPROBE_HASH_BITS)]; 315 hlist_for_each_entry_rcu(p, node, head, hlist) { 316 if (p->addr == addr) 317 return p; 318 } 319 return NULL; 320 } 321 322 /* Arm a kprobe with text_mutex */ 323 static void __kprobes arm_kprobe(struct kprobe *kp) 324 { 325 mutex_lock(&text_mutex); 326 arch_arm_kprobe(kp); 327 mutex_unlock(&text_mutex); 328 } 329 330 /* Disarm a kprobe with text_mutex */ 331 static void __kprobes disarm_kprobe(struct kprobe *kp) 332 { 333 mutex_lock(&text_mutex); 334 arch_disarm_kprobe(kp); 335 mutex_unlock(&text_mutex); 336 } 337 338 /* 339 * Aggregate handlers for multiple kprobes support - these handlers 340 * take care of invoking the individual kprobe handlers on p->list 341 */ 342 static int __kprobes aggr_pre_handler(struct kprobe *p, struct pt_regs *regs) 343 { 344 struct kprobe *kp; 345 346 list_for_each_entry_rcu(kp, &p->list, list) { 347 if (kp->pre_handler && likely(!kprobe_disabled(kp))) { 348 set_kprobe_instance(kp); 349 if (kp->pre_handler(kp, regs)) 350 return 1; 351 } 352 reset_kprobe_instance(); 353 } 354 return 0; 355 } 356 357 static void __kprobes aggr_post_handler(struct kprobe *p, struct pt_regs *regs, 358 unsigned long flags) 359 { 360 struct kprobe *kp; 361 362 list_for_each_entry_rcu(kp, &p->list, list) { 363 if (kp->post_handler && likely(!kprobe_disabled(kp))) { 364 set_kprobe_instance(kp); 365 kp->post_handler(kp, regs, flags); 366 reset_kprobe_instance(); 367 } 368 } 369 } 370 371 static int __kprobes aggr_fault_handler(struct kprobe *p, struct pt_regs *regs, 372 int trapnr) 373 { 374 struct kprobe *cur = __get_cpu_var(kprobe_instance); 375 376 /* 377 * if we faulted "during" the execution of a user specified 378 * probe handler, invoke just that probe's fault handler 379 */ 380 if (cur && cur->fault_handler) { 381 if (cur->fault_handler(cur, regs, trapnr)) 382 return 1; 383 } 384 return 0; 385 } 386 387 static int __kprobes aggr_break_handler(struct kprobe *p, struct pt_regs *regs) 388 { 389 struct kprobe *cur = __get_cpu_var(kprobe_instance); 390 int ret = 0; 391 392 if (cur && cur->break_handler) { 393 if (cur->break_handler(cur, regs)) 394 ret = 1; 395 } 396 reset_kprobe_instance(); 397 return ret; 398 } 399 400 /* Walks the list and increments nmissed count for multiprobe case */ 401 void __kprobes kprobes_inc_nmissed_count(struct kprobe *p) 402 { 403 struct kprobe *kp; 404 if (p->pre_handler != aggr_pre_handler) { 405 p->nmissed++; 406 } else { 407 list_for_each_entry_rcu(kp, &p->list, list) 408 kp->nmissed++; 409 } 410 return; 411 } 412 413 void __kprobes recycle_rp_inst(struct kretprobe_instance *ri, 414 struct hlist_head *head) 415 { 416 struct kretprobe *rp = ri->rp; 417 418 /* remove rp inst off the rprobe_inst_table */ 419 hlist_del(&ri->hlist); 420 INIT_HLIST_NODE(&ri->hlist); 421 if (likely(rp)) { 422 spin_lock(&rp->lock); 423 hlist_add_head(&ri->hlist, &rp->free_instances); 424 spin_unlock(&rp->lock); 425 } else 426 /* Unregistering */ 427 hlist_add_head(&ri->hlist, head); 428 } 429 430 void __kprobes kretprobe_hash_lock(struct task_struct *tsk, 431 struct hlist_head **head, unsigned long *flags) 432 { 433 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS); 434 spinlock_t *hlist_lock; 435 436 *head = &kretprobe_inst_table[hash]; 437 hlist_lock = kretprobe_table_lock_ptr(hash); 438 spin_lock_irqsave(hlist_lock, *flags); 439 } 440 441 static void __kprobes kretprobe_table_lock(unsigned long hash, 442 unsigned long *flags) 443 { 444 spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash); 445 spin_lock_irqsave(hlist_lock, *flags); 446 } 447 448 void __kprobes kretprobe_hash_unlock(struct task_struct *tsk, 449 unsigned long *flags) 450 { 451 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS); 452 spinlock_t *hlist_lock; 453 454 hlist_lock = kretprobe_table_lock_ptr(hash); 455 spin_unlock_irqrestore(hlist_lock, *flags); 456 } 457 458 void __kprobes kretprobe_table_unlock(unsigned long hash, unsigned long *flags) 459 { 460 spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash); 461 spin_unlock_irqrestore(hlist_lock, *flags); 462 } 463 464 /* 465 * This function is called from finish_task_switch when task tk becomes dead, 466 * so that we can recycle any function-return probe instances associated 467 * with this task. These left over instances represent probed functions 468 * that have been called but will never return. 469 */ 470 void __kprobes kprobe_flush_task(struct task_struct *tk) 471 { 472 struct kretprobe_instance *ri; 473 struct hlist_head *head, empty_rp; 474 struct hlist_node *node, *tmp; 475 unsigned long hash, flags = 0; 476 477 if (unlikely(!kprobes_initialized)) 478 /* Early boot. kretprobe_table_locks not yet initialized. */ 479 return; 480 481 hash = hash_ptr(tk, KPROBE_HASH_BITS); 482 head = &kretprobe_inst_table[hash]; 483 kretprobe_table_lock(hash, &flags); 484 hlist_for_each_entry_safe(ri, node, tmp, head, hlist) { 485 if (ri->task == tk) 486 recycle_rp_inst(ri, &empty_rp); 487 } 488 kretprobe_table_unlock(hash, &flags); 489 INIT_HLIST_HEAD(&empty_rp); 490 hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) { 491 hlist_del(&ri->hlist); 492 kfree(ri); 493 } 494 } 495 496 static inline void free_rp_inst(struct kretprobe *rp) 497 { 498 struct kretprobe_instance *ri; 499 struct hlist_node *pos, *next; 500 501 hlist_for_each_entry_safe(ri, pos, next, &rp->free_instances, hlist) { 502 hlist_del(&ri->hlist); 503 kfree(ri); 504 } 505 } 506 507 static void __kprobes cleanup_rp_inst(struct kretprobe *rp) 508 { 509 unsigned long flags, hash; 510 struct kretprobe_instance *ri; 511 struct hlist_node *pos, *next; 512 struct hlist_head *head; 513 514 /* No race here */ 515 for (hash = 0; hash < KPROBE_TABLE_SIZE; hash++) { 516 kretprobe_table_lock(hash, &flags); 517 head = &kretprobe_inst_table[hash]; 518 hlist_for_each_entry_safe(ri, pos, next, head, hlist) { 519 if (ri->rp == rp) 520 ri->rp = NULL; 521 } 522 kretprobe_table_unlock(hash, &flags); 523 } 524 free_rp_inst(rp); 525 } 526 527 /* 528 * Keep all fields in the kprobe consistent 529 */ 530 static inline void copy_kprobe(struct kprobe *old_p, struct kprobe *p) 531 { 532 memcpy(&p->opcode, &old_p->opcode, sizeof(kprobe_opcode_t)); 533 memcpy(&p->ainsn, &old_p->ainsn, sizeof(struct arch_specific_insn)); 534 } 535 536 /* 537 * Add the new probe to ap->list. Fail if this is the 538 * second jprobe at the address - two jprobes can't coexist 539 */ 540 static int __kprobes add_new_kprobe(struct kprobe *ap, struct kprobe *p) 541 { 542 BUG_ON(kprobe_gone(ap) || kprobe_gone(p)); 543 if (p->break_handler) { 544 if (ap->break_handler) 545 return -EEXIST; 546 list_add_tail_rcu(&p->list, &ap->list); 547 ap->break_handler = aggr_break_handler; 548 } else 549 list_add_rcu(&p->list, &ap->list); 550 if (p->post_handler && !ap->post_handler) 551 ap->post_handler = aggr_post_handler; 552 553 if (kprobe_disabled(ap) && !kprobe_disabled(p)) { 554 ap->flags &= ~KPROBE_FLAG_DISABLED; 555 if (!kprobes_all_disarmed) 556 /* Arm the breakpoint again. */ 557 arm_kprobe(ap); 558 } 559 return 0; 560 } 561 562 /* 563 * Fill in the required fields of the "manager kprobe". Replace the 564 * earlier kprobe in the hlist with the manager kprobe 565 */ 566 static inline void add_aggr_kprobe(struct kprobe *ap, struct kprobe *p) 567 { 568 copy_kprobe(p, ap); 569 flush_insn_slot(ap); 570 ap->addr = p->addr; 571 ap->flags = p->flags; 572 ap->pre_handler = aggr_pre_handler; 573 ap->fault_handler = aggr_fault_handler; 574 /* We don't care the kprobe which has gone. */ 575 if (p->post_handler && !kprobe_gone(p)) 576 ap->post_handler = aggr_post_handler; 577 if (p->break_handler && !kprobe_gone(p)) 578 ap->break_handler = aggr_break_handler; 579 580 INIT_LIST_HEAD(&ap->list); 581 list_add_rcu(&p->list, &ap->list); 582 583 hlist_replace_rcu(&p->hlist, &ap->hlist); 584 } 585 586 /* 587 * This is the second or subsequent kprobe at the address - handle 588 * the intricacies 589 */ 590 static int __kprobes register_aggr_kprobe(struct kprobe *old_p, 591 struct kprobe *p) 592 { 593 int ret = 0; 594 struct kprobe *ap = old_p; 595 596 if (old_p->pre_handler != aggr_pre_handler) { 597 /* If old_p is not an aggr_probe, create new aggr_kprobe. */ 598 ap = kzalloc(sizeof(struct kprobe), GFP_KERNEL); 599 if (!ap) 600 return -ENOMEM; 601 add_aggr_kprobe(ap, old_p); 602 } 603 604 if (kprobe_gone(ap)) { 605 /* 606 * Attempting to insert new probe at the same location that 607 * had a probe in the module vaddr area which already 608 * freed. So, the instruction slot has already been 609 * released. We need a new slot for the new probe. 610 */ 611 ret = arch_prepare_kprobe(ap); 612 if (ret) 613 /* 614 * Even if fail to allocate new slot, don't need to 615 * free aggr_probe. It will be used next time, or 616 * freed by unregister_kprobe. 617 */ 618 return ret; 619 620 /* 621 * Clear gone flag to prevent allocating new slot again, and 622 * set disabled flag because it is not armed yet. 623 */ 624 ap->flags = (ap->flags & ~KPROBE_FLAG_GONE) 625 | KPROBE_FLAG_DISABLED; 626 } 627 628 copy_kprobe(ap, p); 629 return add_new_kprobe(ap, p); 630 } 631 632 /* Try to disable aggr_kprobe, and return 1 if succeeded.*/ 633 static int __kprobes try_to_disable_aggr_kprobe(struct kprobe *p) 634 { 635 struct kprobe *kp; 636 637 list_for_each_entry_rcu(kp, &p->list, list) { 638 if (!kprobe_disabled(kp)) 639 /* 640 * There is an active probe on the list. 641 * We can't disable aggr_kprobe. 642 */ 643 return 0; 644 } 645 p->flags |= KPROBE_FLAG_DISABLED; 646 return 1; 647 } 648 649 static int __kprobes in_kprobes_functions(unsigned long addr) 650 { 651 struct kprobe_blackpoint *kb; 652 653 if (addr >= (unsigned long)__kprobes_text_start && 654 addr < (unsigned long)__kprobes_text_end) 655 return -EINVAL; 656 /* 657 * If there exists a kprobe_blacklist, verify and 658 * fail any probe registration in the prohibited area 659 */ 660 for (kb = kprobe_blacklist; kb->name != NULL; kb++) { 661 if (kb->start_addr) { 662 if (addr >= kb->start_addr && 663 addr < (kb->start_addr + kb->range)) 664 return -EINVAL; 665 } 666 } 667 return 0; 668 } 669 670 /* 671 * If we have a symbol_name argument, look it up and add the offset field 672 * to it. This way, we can specify a relative address to a symbol. 673 */ 674 static kprobe_opcode_t __kprobes *kprobe_addr(struct kprobe *p) 675 { 676 kprobe_opcode_t *addr = p->addr; 677 if (p->symbol_name) { 678 if (addr) 679 return NULL; 680 kprobe_lookup_name(p->symbol_name, addr); 681 } 682 683 if (!addr) 684 return NULL; 685 return (kprobe_opcode_t *)(((char *)addr) + p->offset); 686 } 687 688 int __kprobes register_kprobe(struct kprobe *p) 689 { 690 int ret = 0; 691 struct kprobe *old_p; 692 struct module *probed_mod; 693 kprobe_opcode_t *addr; 694 695 addr = kprobe_addr(p); 696 if (!addr) 697 return -EINVAL; 698 p->addr = addr; 699 700 preempt_disable(); 701 if (!__kernel_text_address((unsigned long) p->addr) || 702 in_kprobes_functions((unsigned long) p->addr)) { 703 preempt_enable(); 704 return -EINVAL; 705 } 706 707 /* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */ 708 p->flags &= KPROBE_FLAG_DISABLED; 709 710 /* 711 * Check if are we probing a module. 712 */ 713 probed_mod = __module_text_address((unsigned long) p->addr); 714 if (probed_mod) { 715 /* 716 * We must hold a refcount of the probed module while updating 717 * its code to prohibit unexpected unloading. 718 */ 719 if (unlikely(!try_module_get(probed_mod))) { 720 preempt_enable(); 721 return -EINVAL; 722 } 723 /* 724 * If the module freed .init.text, we couldn't insert 725 * kprobes in there. 726 */ 727 if (within_module_init((unsigned long)p->addr, probed_mod) && 728 probed_mod->state != MODULE_STATE_COMING) { 729 module_put(probed_mod); 730 preempt_enable(); 731 return -EINVAL; 732 } 733 } 734 preempt_enable(); 735 736 p->nmissed = 0; 737 INIT_LIST_HEAD(&p->list); 738 mutex_lock(&kprobe_mutex); 739 old_p = get_kprobe(p->addr); 740 if (old_p) { 741 ret = register_aggr_kprobe(old_p, p); 742 goto out; 743 } 744 745 mutex_lock(&text_mutex); 746 ret = arch_prepare_kprobe(p); 747 if (ret) 748 goto out_unlock_text; 749 750 INIT_HLIST_NODE(&p->hlist); 751 hlist_add_head_rcu(&p->hlist, 752 &kprobe_table[hash_ptr(p->addr, KPROBE_HASH_BITS)]); 753 754 if (!kprobes_all_disarmed && !kprobe_disabled(p)) 755 arch_arm_kprobe(p); 756 757 out_unlock_text: 758 mutex_unlock(&text_mutex); 759 out: 760 mutex_unlock(&kprobe_mutex); 761 762 if (probed_mod) 763 module_put(probed_mod); 764 765 return ret; 766 } 767 EXPORT_SYMBOL_GPL(register_kprobe); 768 769 /* Check passed kprobe is valid and return kprobe in kprobe_table. */ 770 static struct kprobe * __kprobes __get_valid_kprobe(struct kprobe *p) 771 { 772 struct kprobe *old_p, *list_p; 773 774 old_p = get_kprobe(p->addr); 775 if (unlikely(!old_p)) 776 return NULL; 777 778 if (p != old_p) { 779 list_for_each_entry_rcu(list_p, &old_p->list, list) 780 if (list_p == p) 781 /* kprobe p is a valid probe */ 782 goto valid; 783 return NULL; 784 } 785 valid: 786 return old_p; 787 } 788 789 /* 790 * Unregister a kprobe without a scheduler synchronization. 791 */ 792 static int __kprobes __unregister_kprobe_top(struct kprobe *p) 793 { 794 struct kprobe *old_p, *list_p; 795 796 old_p = __get_valid_kprobe(p); 797 if (old_p == NULL) 798 return -EINVAL; 799 800 if (old_p == p || 801 (old_p->pre_handler == aggr_pre_handler && 802 list_is_singular(&old_p->list))) { 803 /* 804 * Only probe on the hash list. Disarm only if kprobes are 805 * enabled and not gone - otherwise, the breakpoint would 806 * already have been removed. We save on flushing icache. 807 */ 808 if (!kprobes_all_disarmed && !kprobe_disabled(old_p)) 809 disarm_kprobe(p); 810 hlist_del_rcu(&old_p->hlist); 811 } else { 812 if (p->break_handler && !kprobe_gone(p)) 813 old_p->break_handler = NULL; 814 if (p->post_handler && !kprobe_gone(p)) { 815 list_for_each_entry_rcu(list_p, &old_p->list, list) { 816 if ((list_p != p) && (list_p->post_handler)) 817 goto noclean; 818 } 819 old_p->post_handler = NULL; 820 } 821 noclean: 822 list_del_rcu(&p->list); 823 if (!kprobe_disabled(old_p)) { 824 try_to_disable_aggr_kprobe(old_p); 825 if (!kprobes_all_disarmed && kprobe_disabled(old_p)) 826 disarm_kprobe(old_p); 827 } 828 } 829 return 0; 830 } 831 832 static void __kprobes __unregister_kprobe_bottom(struct kprobe *p) 833 { 834 struct kprobe *old_p; 835 836 if (list_empty(&p->list)) 837 arch_remove_kprobe(p); 838 else if (list_is_singular(&p->list)) { 839 /* "p" is the last child of an aggr_kprobe */ 840 old_p = list_entry(p->list.next, struct kprobe, list); 841 list_del(&p->list); 842 arch_remove_kprobe(old_p); 843 kfree(old_p); 844 } 845 } 846 847 int __kprobes register_kprobes(struct kprobe **kps, int num) 848 { 849 int i, ret = 0; 850 851 if (num <= 0) 852 return -EINVAL; 853 for (i = 0; i < num; i++) { 854 ret = register_kprobe(kps[i]); 855 if (ret < 0) { 856 if (i > 0) 857 unregister_kprobes(kps, i); 858 break; 859 } 860 } 861 return ret; 862 } 863 EXPORT_SYMBOL_GPL(register_kprobes); 864 865 void __kprobes unregister_kprobe(struct kprobe *p) 866 { 867 unregister_kprobes(&p, 1); 868 } 869 EXPORT_SYMBOL_GPL(unregister_kprobe); 870 871 void __kprobes unregister_kprobes(struct kprobe **kps, int num) 872 { 873 int i; 874 875 if (num <= 0) 876 return; 877 mutex_lock(&kprobe_mutex); 878 for (i = 0; i < num; i++) 879 if (__unregister_kprobe_top(kps[i]) < 0) 880 kps[i]->addr = NULL; 881 mutex_unlock(&kprobe_mutex); 882 883 synchronize_sched(); 884 for (i = 0; i < num; i++) 885 if (kps[i]->addr) 886 __unregister_kprobe_bottom(kps[i]); 887 } 888 EXPORT_SYMBOL_GPL(unregister_kprobes); 889 890 static struct notifier_block kprobe_exceptions_nb = { 891 .notifier_call = kprobe_exceptions_notify, 892 .priority = 0x7fffffff /* we need to be notified first */ 893 }; 894 895 unsigned long __weak arch_deref_entry_point(void *entry) 896 { 897 return (unsigned long)entry; 898 } 899 900 int __kprobes register_jprobes(struct jprobe **jps, int num) 901 { 902 struct jprobe *jp; 903 int ret = 0, i; 904 905 if (num <= 0) 906 return -EINVAL; 907 for (i = 0; i < num; i++) { 908 unsigned long addr; 909 jp = jps[i]; 910 addr = arch_deref_entry_point(jp->entry); 911 912 if (!kernel_text_address(addr)) 913 ret = -EINVAL; 914 else { 915 /* Todo: Verify probepoint is a function entry point */ 916 jp->kp.pre_handler = setjmp_pre_handler; 917 jp->kp.break_handler = longjmp_break_handler; 918 ret = register_kprobe(&jp->kp); 919 } 920 if (ret < 0) { 921 if (i > 0) 922 unregister_jprobes(jps, i); 923 break; 924 } 925 } 926 return ret; 927 } 928 EXPORT_SYMBOL_GPL(register_jprobes); 929 930 int __kprobes register_jprobe(struct jprobe *jp) 931 { 932 return register_jprobes(&jp, 1); 933 } 934 EXPORT_SYMBOL_GPL(register_jprobe); 935 936 void __kprobes unregister_jprobe(struct jprobe *jp) 937 { 938 unregister_jprobes(&jp, 1); 939 } 940 EXPORT_SYMBOL_GPL(unregister_jprobe); 941 942 void __kprobes unregister_jprobes(struct jprobe **jps, int num) 943 { 944 int i; 945 946 if (num <= 0) 947 return; 948 mutex_lock(&kprobe_mutex); 949 for (i = 0; i < num; i++) 950 if (__unregister_kprobe_top(&jps[i]->kp) < 0) 951 jps[i]->kp.addr = NULL; 952 mutex_unlock(&kprobe_mutex); 953 954 synchronize_sched(); 955 for (i = 0; i < num; i++) { 956 if (jps[i]->kp.addr) 957 __unregister_kprobe_bottom(&jps[i]->kp); 958 } 959 } 960 EXPORT_SYMBOL_GPL(unregister_jprobes); 961 962 #ifdef CONFIG_KRETPROBES 963 /* 964 * This kprobe pre_handler is registered with every kretprobe. When probe 965 * hits it will set up the return probe. 966 */ 967 static int __kprobes pre_handler_kretprobe(struct kprobe *p, 968 struct pt_regs *regs) 969 { 970 struct kretprobe *rp = container_of(p, struct kretprobe, kp); 971 unsigned long hash, flags = 0; 972 struct kretprobe_instance *ri; 973 974 /*TODO: consider to only swap the RA after the last pre_handler fired */ 975 hash = hash_ptr(current, KPROBE_HASH_BITS); 976 spin_lock_irqsave(&rp->lock, flags); 977 if (!hlist_empty(&rp->free_instances)) { 978 ri = hlist_entry(rp->free_instances.first, 979 struct kretprobe_instance, hlist); 980 hlist_del(&ri->hlist); 981 spin_unlock_irqrestore(&rp->lock, flags); 982 983 ri->rp = rp; 984 ri->task = current; 985 986 if (rp->entry_handler && rp->entry_handler(ri, regs)) 987 return 0; 988 989 arch_prepare_kretprobe(ri, regs); 990 991 /* XXX(hch): why is there no hlist_move_head? */ 992 INIT_HLIST_NODE(&ri->hlist); 993 kretprobe_table_lock(hash, &flags); 994 hlist_add_head(&ri->hlist, &kretprobe_inst_table[hash]); 995 kretprobe_table_unlock(hash, &flags); 996 } else { 997 rp->nmissed++; 998 spin_unlock_irqrestore(&rp->lock, flags); 999 } 1000 return 0; 1001 } 1002 1003 int __kprobes register_kretprobe(struct kretprobe *rp) 1004 { 1005 int ret = 0; 1006 struct kretprobe_instance *inst; 1007 int i; 1008 void *addr; 1009 1010 if (kretprobe_blacklist_size) { 1011 addr = kprobe_addr(&rp->kp); 1012 if (!addr) 1013 return -EINVAL; 1014 1015 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) { 1016 if (kretprobe_blacklist[i].addr == addr) 1017 return -EINVAL; 1018 } 1019 } 1020 1021 rp->kp.pre_handler = pre_handler_kretprobe; 1022 rp->kp.post_handler = NULL; 1023 rp->kp.fault_handler = NULL; 1024 rp->kp.break_handler = NULL; 1025 1026 /* Pre-allocate memory for max kretprobe instances */ 1027 if (rp->maxactive <= 0) { 1028 #ifdef CONFIG_PREEMPT 1029 rp->maxactive = max(10, 2 * NR_CPUS); 1030 #else 1031 rp->maxactive = NR_CPUS; 1032 #endif 1033 } 1034 spin_lock_init(&rp->lock); 1035 INIT_HLIST_HEAD(&rp->free_instances); 1036 for (i = 0; i < rp->maxactive; i++) { 1037 inst = kmalloc(sizeof(struct kretprobe_instance) + 1038 rp->data_size, GFP_KERNEL); 1039 if (inst == NULL) { 1040 free_rp_inst(rp); 1041 return -ENOMEM; 1042 } 1043 INIT_HLIST_NODE(&inst->hlist); 1044 hlist_add_head(&inst->hlist, &rp->free_instances); 1045 } 1046 1047 rp->nmissed = 0; 1048 /* Establish function entry probe point */ 1049 ret = register_kprobe(&rp->kp); 1050 if (ret != 0) 1051 free_rp_inst(rp); 1052 return ret; 1053 } 1054 EXPORT_SYMBOL_GPL(register_kretprobe); 1055 1056 int __kprobes register_kretprobes(struct kretprobe **rps, int num) 1057 { 1058 int ret = 0, i; 1059 1060 if (num <= 0) 1061 return -EINVAL; 1062 for (i = 0; i < num; i++) { 1063 ret = register_kretprobe(rps[i]); 1064 if (ret < 0) { 1065 if (i > 0) 1066 unregister_kretprobes(rps, i); 1067 break; 1068 } 1069 } 1070 return ret; 1071 } 1072 EXPORT_SYMBOL_GPL(register_kretprobes); 1073 1074 void __kprobes unregister_kretprobe(struct kretprobe *rp) 1075 { 1076 unregister_kretprobes(&rp, 1); 1077 } 1078 EXPORT_SYMBOL_GPL(unregister_kretprobe); 1079 1080 void __kprobes unregister_kretprobes(struct kretprobe **rps, int num) 1081 { 1082 int i; 1083 1084 if (num <= 0) 1085 return; 1086 mutex_lock(&kprobe_mutex); 1087 for (i = 0; i < num; i++) 1088 if (__unregister_kprobe_top(&rps[i]->kp) < 0) 1089 rps[i]->kp.addr = NULL; 1090 mutex_unlock(&kprobe_mutex); 1091 1092 synchronize_sched(); 1093 for (i = 0; i < num; i++) { 1094 if (rps[i]->kp.addr) { 1095 __unregister_kprobe_bottom(&rps[i]->kp); 1096 cleanup_rp_inst(rps[i]); 1097 } 1098 } 1099 } 1100 EXPORT_SYMBOL_GPL(unregister_kretprobes); 1101 1102 #else /* CONFIG_KRETPROBES */ 1103 int __kprobes register_kretprobe(struct kretprobe *rp) 1104 { 1105 return -ENOSYS; 1106 } 1107 EXPORT_SYMBOL_GPL(register_kretprobe); 1108 1109 int __kprobes register_kretprobes(struct kretprobe **rps, int num) 1110 { 1111 return -ENOSYS; 1112 } 1113 EXPORT_SYMBOL_GPL(register_kretprobes); 1114 1115 void __kprobes unregister_kretprobe(struct kretprobe *rp) 1116 { 1117 } 1118 EXPORT_SYMBOL_GPL(unregister_kretprobe); 1119 1120 void __kprobes unregister_kretprobes(struct kretprobe **rps, int num) 1121 { 1122 } 1123 EXPORT_SYMBOL_GPL(unregister_kretprobes); 1124 1125 static int __kprobes pre_handler_kretprobe(struct kprobe *p, 1126 struct pt_regs *regs) 1127 { 1128 return 0; 1129 } 1130 1131 #endif /* CONFIG_KRETPROBES */ 1132 1133 /* Set the kprobe gone and remove its instruction buffer. */ 1134 static void __kprobes kill_kprobe(struct kprobe *p) 1135 { 1136 struct kprobe *kp; 1137 1138 p->flags |= KPROBE_FLAG_GONE; 1139 if (p->pre_handler == aggr_pre_handler) { 1140 /* 1141 * If this is an aggr_kprobe, we have to list all the 1142 * chained probes and mark them GONE. 1143 */ 1144 list_for_each_entry_rcu(kp, &p->list, list) 1145 kp->flags |= KPROBE_FLAG_GONE; 1146 p->post_handler = NULL; 1147 p->break_handler = NULL; 1148 } 1149 /* 1150 * Here, we can remove insn_slot safely, because no thread calls 1151 * the original probed function (which will be freed soon) any more. 1152 */ 1153 arch_remove_kprobe(p); 1154 } 1155 1156 /* Module notifier call back, checking kprobes on the module */ 1157 static int __kprobes kprobes_module_callback(struct notifier_block *nb, 1158 unsigned long val, void *data) 1159 { 1160 struct module *mod = data; 1161 struct hlist_head *head; 1162 struct hlist_node *node; 1163 struct kprobe *p; 1164 unsigned int i; 1165 int checkcore = (val == MODULE_STATE_GOING); 1166 1167 if (val != MODULE_STATE_GOING && val != MODULE_STATE_LIVE) 1168 return NOTIFY_DONE; 1169 1170 /* 1171 * When MODULE_STATE_GOING was notified, both of module .text and 1172 * .init.text sections would be freed. When MODULE_STATE_LIVE was 1173 * notified, only .init.text section would be freed. We need to 1174 * disable kprobes which have been inserted in the sections. 1175 */ 1176 mutex_lock(&kprobe_mutex); 1177 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1178 head = &kprobe_table[i]; 1179 hlist_for_each_entry_rcu(p, node, head, hlist) 1180 if (within_module_init((unsigned long)p->addr, mod) || 1181 (checkcore && 1182 within_module_core((unsigned long)p->addr, mod))) { 1183 /* 1184 * The vaddr this probe is installed will soon 1185 * be vfreed buy not synced to disk. Hence, 1186 * disarming the breakpoint isn't needed. 1187 */ 1188 kill_kprobe(p); 1189 } 1190 } 1191 mutex_unlock(&kprobe_mutex); 1192 return NOTIFY_DONE; 1193 } 1194 1195 static struct notifier_block kprobe_module_nb = { 1196 .notifier_call = kprobes_module_callback, 1197 .priority = 0 1198 }; 1199 1200 static int __init init_kprobes(void) 1201 { 1202 int i, err = 0; 1203 unsigned long offset = 0, size = 0; 1204 char *modname, namebuf[128]; 1205 const char *symbol_name; 1206 void *addr; 1207 struct kprobe_blackpoint *kb; 1208 1209 /* FIXME allocate the probe table, currently defined statically */ 1210 /* initialize all list heads */ 1211 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1212 INIT_HLIST_HEAD(&kprobe_table[i]); 1213 INIT_HLIST_HEAD(&kretprobe_inst_table[i]); 1214 spin_lock_init(&(kretprobe_table_locks[i].lock)); 1215 } 1216 1217 /* 1218 * Lookup and populate the kprobe_blacklist. 1219 * 1220 * Unlike the kretprobe blacklist, we'll need to determine 1221 * the range of addresses that belong to the said functions, 1222 * since a kprobe need not necessarily be at the beginning 1223 * of a function. 1224 */ 1225 for (kb = kprobe_blacklist; kb->name != NULL; kb++) { 1226 kprobe_lookup_name(kb->name, addr); 1227 if (!addr) 1228 continue; 1229 1230 kb->start_addr = (unsigned long)addr; 1231 symbol_name = kallsyms_lookup(kb->start_addr, 1232 &size, &offset, &modname, namebuf); 1233 if (!symbol_name) 1234 kb->range = 0; 1235 else 1236 kb->range = size; 1237 } 1238 1239 if (kretprobe_blacklist_size) { 1240 /* lookup the function address from its name */ 1241 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) { 1242 kprobe_lookup_name(kretprobe_blacklist[i].name, 1243 kretprobe_blacklist[i].addr); 1244 if (!kretprobe_blacklist[i].addr) 1245 printk("kretprobe: lookup failed: %s\n", 1246 kretprobe_blacklist[i].name); 1247 } 1248 } 1249 1250 /* By default, kprobes are armed */ 1251 kprobes_all_disarmed = false; 1252 1253 err = arch_init_kprobes(); 1254 if (!err) 1255 err = register_die_notifier(&kprobe_exceptions_nb); 1256 if (!err) 1257 err = register_module_notifier(&kprobe_module_nb); 1258 1259 kprobes_initialized = (err == 0); 1260 1261 if (!err) 1262 init_test_probes(); 1263 return err; 1264 } 1265 1266 #ifdef CONFIG_DEBUG_FS 1267 static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, 1268 const char *sym, int offset,char *modname) 1269 { 1270 char *kprobe_type; 1271 1272 if (p->pre_handler == pre_handler_kretprobe) 1273 kprobe_type = "r"; 1274 else if (p->pre_handler == setjmp_pre_handler) 1275 kprobe_type = "j"; 1276 else 1277 kprobe_type = "k"; 1278 if (sym) 1279 seq_printf(pi, "%p %s %s+0x%x %s %s%s\n", 1280 p->addr, kprobe_type, sym, offset, 1281 (modname ? modname : " "), 1282 (kprobe_gone(p) ? "[GONE]" : ""), 1283 ((kprobe_disabled(p) && !kprobe_gone(p)) ? 1284 "[DISABLED]" : "")); 1285 else 1286 seq_printf(pi, "%p %s %p %s%s\n", 1287 p->addr, kprobe_type, p->addr, 1288 (kprobe_gone(p) ? "[GONE]" : ""), 1289 ((kprobe_disabled(p) && !kprobe_gone(p)) ? 1290 "[DISABLED]" : "")); 1291 } 1292 1293 static void __kprobes *kprobe_seq_start(struct seq_file *f, loff_t *pos) 1294 { 1295 return (*pos < KPROBE_TABLE_SIZE) ? pos : NULL; 1296 } 1297 1298 static void __kprobes *kprobe_seq_next(struct seq_file *f, void *v, loff_t *pos) 1299 { 1300 (*pos)++; 1301 if (*pos >= KPROBE_TABLE_SIZE) 1302 return NULL; 1303 return pos; 1304 } 1305 1306 static void __kprobes kprobe_seq_stop(struct seq_file *f, void *v) 1307 { 1308 /* Nothing to do */ 1309 } 1310 1311 static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) 1312 { 1313 struct hlist_head *head; 1314 struct hlist_node *node; 1315 struct kprobe *p, *kp; 1316 const char *sym = NULL; 1317 unsigned int i = *(loff_t *) v; 1318 unsigned long offset = 0; 1319 char *modname, namebuf[128]; 1320 1321 head = &kprobe_table[i]; 1322 preempt_disable(); 1323 hlist_for_each_entry_rcu(p, node, head, hlist) { 1324 sym = kallsyms_lookup((unsigned long)p->addr, NULL, 1325 &offset, &modname, namebuf); 1326 if (p->pre_handler == aggr_pre_handler) { 1327 list_for_each_entry_rcu(kp, &p->list, list) 1328 report_probe(pi, kp, sym, offset, modname); 1329 } else 1330 report_probe(pi, p, sym, offset, modname); 1331 } 1332 preempt_enable(); 1333 return 0; 1334 } 1335 1336 static struct seq_operations kprobes_seq_ops = { 1337 .start = kprobe_seq_start, 1338 .next = kprobe_seq_next, 1339 .stop = kprobe_seq_stop, 1340 .show = show_kprobe_addr 1341 }; 1342 1343 static int __kprobes kprobes_open(struct inode *inode, struct file *filp) 1344 { 1345 return seq_open(filp, &kprobes_seq_ops); 1346 } 1347 1348 static struct file_operations debugfs_kprobes_operations = { 1349 .open = kprobes_open, 1350 .read = seq_read, 1351 .llseek = seq_lseek, 1352 .release = seq_release, 1353 }; 1354 1355 /* Disable one kprobe */ 1356 int __kprobes disable_kprobe(struct kprobe *kp) 1357 { 1358 int ret = 0; 1359 struct kprobe *p; 1360 1361 mutex_lock(&kprobe_mutex); 1362 1363 /* Check whether specified probe is valid. */ 1364 p = __get_valid_kprobe(kp); 1365 if (unlikely(p == NULL)) { 1366 ret = -EINVAL; 1367 goto out; 1368 } 1369 1370 /* If the probe is already disabled (or gone), just return */ 1371 if (kprobe_disabled(kp)) 1372 goto out; 1373 1374 kp->flags |= KPROBE_FLAG_DISABLED; 1375 if (p != kp) 1376 /* When kp != p, p is always enabled. */ 1377 try_to_disable_aggr_kprobe(p); 1378 1379 if (!kprobes_all_disarmed && kprobe_disabled(p)) 1380 disarm_kprobe(p); 1381 out: 1382 mutex_unlock(&kprobe_mutex); 1383 return ret; 1384 } 1385 EXPORT_SYMBOL_GPL(disable_kprobe); 1386 1387 /* Enable one kprobe */ 1388 int __kprobes enable_kprobe(struct kprobe *kp) 1389 { 1390 int ret = 0; 1391 struct kprobe *p; 1392 1393 mutex_lock(&kprobe_mutex); 1394 1395 /* Check whether specified probe is valid. */ 1396 p = __get_valid_kprobe(kp); 1397 if (unlikely(p == NULL)) { 1398 ret = -EINVAL; 1399 goto out; 1400 } 1401 1402 if (kprobe_gone(kp)) { 1403 /* This kprobe has gone, we couldn't enable it. */ 1404 ret = -EINVAL; 1405 goto out; 1406 } 1407 1408 if (!kprobes_all_disarmed && kprobe_disabled(p)) 1409 arm_kprobe(p); 1410 1411 p->flags &= ~KPROBE_FLAG_DISABLED; 1412 if (p != kp) 1413 kp->flags &= ~KPROBE_FLAG_DISABLED; 1414 out: 1415 mutex_unlock(&kprobe_mutex); 1416 return ret; 1417 } 1418 EXPORT_SYMBOL_GPL(enable_kprobe); 1419 1420 static void __kprobes arm_all_kprobes(void) 1421 { 1422 struct hlist_head *head; 1423 struct hlist_node *node; 1424 struct kprobe *p; 1425 unsigned int i; 1426 1427 mutex_lock(&kprobe_mutex); 1428 1429 /* If kprobes are armed, just return */ 1430 if (!kprobes_all_disarmed) 1431 goto already_enabled; 1432 1433 mutex_lock(&text_mutex); 1434 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1435 head = &kprobe_table[i]; 1436 hlist_for_each_entry_rcu(p, node, head, hlist) 1437 if (!kprobe_disabled(p)) 1438 arch_arm_kprobe(p); 1439 } 1440 mutex_unlock(&text_mutex); 1441 1442 kprobes_all_disarmed = false; 1443 printk(KERN_INFO "Kprobes globally enabled\n"); 1444 1445 already_enabled: 1446 mutex_unlock(&kprobe_mutex); 1447 return; 1448 } 1449 1450 static void __kprobes disarm_all_kprobes(void) 1451 { 1452 struct hlist_head *head; 1453 struct hlist_node *node; 1454 struct kprobe *p; 1455 unsigned int i; 1456 1457 mutex_lock(&kprobe_mutex); 1458 1459 /* If kprobes are already disarmed, just return */ 1460 if (kprobes_all_disarmed) 1461 goto already_disabled; 1462 1463 kprobes_all_disarmed = true; 1464 printk(KERN_INFO "Kprobes globally disabled\n"); 1465 mutex_lock(&text_mutex); 1466 for (i = 0; i < KPROBE_TABLE_SIZE; i++) { 1467 head = &kprobe_table[i]; 1468 hlist_for_each_entry_rcu(p, node, head, hlist) { 1469 if (!arch_trampoline_kprobe(p) && !kprobe_disabled(p)) 1470 arch_disarm_kprobe(p); 1471 } 1472 } 1473 1474 mutex_unlock(&text_mutex); 1475 mutex_unlock(&kprobe_mutex); 1476 /* Allow all currently running kprobes to complete */ 1477 synchronize_sched(); 1478 return; 1479 1480 already_disabled: 1481 mutex_unlock(&kprobe_mutex); 1482 return; 1483 } 1484 1485 /* 1486 * XXX: The debugfs bool file interface doesn't allow for callbacks 1487 * when the bool state is switched. We can reuse that facility when 1488 * available 1489 */ 1490 static ssize_t read_enabled_file_bool(struct file *file, 1491 char __user *user_buf, size_t count, loff_t *ppos) 1492 { 1493 char buf[3]; 1494 1495 if (!kprobes_all_disarmed) 1496 buf[0] = '1'; 1497 else 1498 buf[0] = '0'; 1499 buf[1] = '\n'; 1500 buf[2] = 0x00; 1501 return simple_read_from_buffer(user_buf, count, ppos, buf, 2); 1502 } 1503 1504 static ssize_t write_enabled_file_bool(struct file *file, 1505 const char __user *user_buf, size_t count, loff_t *ppos) 1506 { 1507 char buf[32]; 1508 int buf_size; 1509 1510 buf_size = min(count, (sizeof(buf)-1)); 1511 if (copy_from_user(buf, user_buf, buf_size)) 1512 return -EFAULT; 1513 1514 switch (buf[0]) { 1515 case 'y': 1516 case 'Y': 1517 case '1': 1518 arm_all_kprobes(); 1519 break; 1520 case 'n': 1521 case 'N': 1522 case '0': 1523 disarm_all_kprobes(); 1524 break; 1525 } 1526 1527 return count; 1528 } 1529 1530 static struct file_operations fops_kp = { 1531 .read = read_enabled_file_bool, 1532 .write = write_enabled_file_bool, 1533 }; 1534 1535 static int __kprobes debugfs_kprobe_init(void) 1536 { 1537 struct dentry *dir, *file; 1538 unsigned int value = 1; 1539 1540 dir = debugfs_create_dir("kprobes", NULL); 1541 if (!dir) 1542 return -ENOMEM; 1543 1544 file = debugfs_create_file("list", 0444, dir, NULL, 1545 &debugfs_kprobes_operations); 1546 if (!file) { 1547 debugfs_remove(dir); 1548 return -ENOMEM; 1549 } 1550 1551 file = debugfs_create_file("enabled", 0600, dir, 1552 &value, &fops_kp); 1553 if (!file) { 1554 debugfs_remove(dir); 1555 return -ENOMEM; 1556 } 1557 1558 return 0; 1559 } 1560 1561 late_initcall(debugfs_kprobe_init); 1562 #endif /* CONFIG_DEBUG_FS */ 1563 1564 module_init(init_kprobes); 1565 1566 /* defined in arch/.../kernel/kprobes.c */ 1567 EXPORT_SYMBOL_GPL(jprobe_return); 1568