1 /* 2 * Kprobes-based tracing events 3 * 4 * Created by Masami Hiramatsu <mhiramat@redhat.com> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 */ 19 20 #include <linux/module.h> 21 #include <linux/uaccess.h> 22 23 #include "trace_probe.h" 24 25 #define KPROBE_EVENT_SYSTEM "kprobes" 26 27 /** 28 * Kprobe event core functions 29 */ 30 31 struct trace_probe { 32 struct list_head list; 33 struct kretprobe rp; /* Use rp.kp for kprobe use */ 34 unsigned long nhit; 35 unsigned int flags; /* For TP_FLAG_* */ 36 const char *symbol; /* symbol name */ 37 struct ftrace_event_class class; 38 struct ftrace_event_call call; 39 ssize_t size; /* trace entry size */ 40 unsigned int nr_args; 41 struct probe_arg args[]; 42 }; 43 44 #define SIZEOF_TRACE_PROBE(n) \ 45 (offsetof(struct trace_probe, args) + \ 46 (sizeof(struct probe_arg) * (n))) 47 48 49 static __kprobes int trace_probe_is_return(struct trace_probe *tp) 50 { 51 return tp->rp.handler != NULL; 52 } 53 54 static __kprobes const char *trace_probe_symbol(struct trace_probe *tp) 55 { 56 return tp->symbol ? tp->symbol : "unknown"; 57 } 58 59 static __kprobes unsigned long trace_probe_offset(struct trace_probe *tp) 60 { 61 return tp->rp.kp.offset; 62 } 63 64 static __kprobes bool trace_probe_is_enabled(struct trace_probe *tp) 65 { 66 return !!(tp->flags & (TP_FLAG_TRACE | TP_FLAG_PROFILE)); 67 } 68 69 static __kprobes bool trace_probe_is_registered(struct trace_probe *tp) 70 { 71 return !!(tp->flags & TP_FLAG_REGISTERED); 72 } 73 74 static __kprobes bool trace_probe_has_gone(struct trace_probe *tp) 75 { 76 return !!(kprobe_gone(&tp->rp.kp)); 77 } 78 79 static __kprobes bool trace_probe_within_module(struct trace_probe *tp, 80 struct module *mod) 81 { 82 int len = strlen(mod->name); 83 const char *name = trace_probe_symbol(tp); 84 return strncmp(mod->name, name, len) == 0 && name[len] == ':'; 85 } 86 87 static __kprobes bool trace_probe_is_on_module(struct trace_probe *tp) 88 { 89 return !!strchr(trace_probe_symbol(tp), ':'); 90 } 91 92 static int register_probe_event(struct trace_probe *tp); 93 static void unregister_probe_event(struct trace_probe *tp); 94 95 static DEFINE_MUTEX(probe_lock); 96 static LIST_HEAD(probe_list); 97 98 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs); 99 static int kretprobe_dispatcher(struct kretprobe_instance *ri, 100 struct pt_regs *regs); 101 102 /* 103 * Allocate new trace_probe and initialize it (including kprobes). 104 */ 105 static struct trace_probe *alloc_trace_probe(const char *group, 106 const char *event, 107 void *addr, 108 const char *symbol, 109 unsigned long offs, 110 int nargs, bool is_return) 111 { 112 struct trace_probe *tp; 113 int ret = -ENOMEM; 114 115 tp = kzalloc(SIZEOF_TRACE_PROBE(nargs), GFP_KERNEL); 116 if (!tp) 117 return ERR_PTR(ret); 118 119 if (symbol) { 120 tp->symbol = kstrdup(symbol, GFP_KERNEL); 121 if (!tp->symbol) 122 goto error; 123 tp->rp.kp.symbol_name = tp->symbol; 124 tp->rp.kp.offset = offs; 125 } else 126 tp->rp.kp.addr = addr; 127 128 if (is_return) 129 tp->rp.handler = kretprobe_dispatcher; 130 else 131 tp->rp.kp.pre_handler = kprobe_dispatcher; 132 133 if (!event || !is_good_name(event)) { 134 ret = -EINVAL; 135 goto error; 136 } 137 138 tp->call.class = &tp->class; 139 tp->call.name = kstrdup(event, GFP_KERNEL); 140 if (!tp->call.name) 141 goto error; 142 143 if (!group || !is_good_name(group)) { 144 ret = -EINVAL; 145 goto error; 146 } 147 148 tp->class.system = kstrdup(group, GFP_KERNEL); 149 if (!tp->class.system) 150 goto error; 151 152 INIT_LIST_HEAD(&tp->list); 153 return tp; 154 error: 155 kfree(tp->call.name); 156 kfree(tp->symbol); 157 kfree(tp); 158 return ERR_PTR(ret); 159 } 160 161 static void free_trace_probe(struct trace_probe *tp) 162 { 163 int i; 164 165 for (i = 0; i < tp->nr_args; i++) 166 traceprobe_free_probe_arg(&tp->args[i]); 167 168 kfree(tp->call.class->system); 169 kfree(tp->call.name); 170 kfree(tp->symbol); 171 kfree(tp); 172 } 173 174 static struct trace_probe *find_trace_probe(const char *event, 175 const char *group) 176 { 177 struct trace_probe *tp; 178 179 list_for_each_entry(tp, &probe_list, list) 180 if (strcmp(tp->call.name, event) == 0 && 181 strcmp(tp->call.class->system, group) == 0) 182 return tp; 183 return NULL; 184 } 185 186 /* Enable trace_probe - @flag must be TP_FLAG_TRACE or TP_FLAG_PROFILE */ 187 static int enable_trace_probe(struct trace_probe *tp, int flag) 188 { 189 int ret = 0; 190 191 tp->flags |= flag; 192 if (trace_probe_is_enabled(tp) && trace_probe_is_registered(tp) && 193 !trace_probe_has_gone(tp)) { 194 if (trace_probe_is_return(tp)) 195 ret = enable_kretprobe(&tp->rp); 196 else 197 ret = enable_kprobe(&tp->rp.kp); 198 } 199 200 return ret; 201 } 202 203 /* Disable trace_probe - @flag must be TP_FLAG_TRACE or TP_FLAG_PROFILE */ 204 static void disable_trace_probe(struct trace_probe *tp, int flag) 205 { 206 tp->flags &= ~flag; 207 if (!trace_probe_is_enabled(tp) && trace_probe_is_registered(tp)) { 208 if (trace_probe_is_return(tp)) 209 disable_kretprobe(&tp->rp); 210 else 211 disable_kprobe(&tp->rp.kp); 212 } 213 } 214 215 /* Internal register function - just handle k*probes and flags */ 216 static int __register_trace_probe(struct trace_probe *tp) 217 { 218 int i, ret; 219 220 if (trace_probe_is_registered(tp)) 221 return -EINVAL; 222 223 for (i = 0; i < tp->nr_args; i++) 224 traceprobe_update_arg(&tp->args[i]); 225 226 /* Set/clear disabled flag according to tp->flag */ 227 if (trace_probe_is_enabled(tp)) 228 tp->rp.kp.flags &= ~KPROBE_FLAG_DISABLED; 229 else 230 tp->rp.kp.flags |= KPROBE_FLAG_DISABLED; 231 232 if (trace_probe_is_return(tp)) 233 ret = register_kretprobe(&tp->rp); 234 else 235 ret = register_kprobe(&tp->rp.kp); 236 237 if (ret == 0) 238 tp->flags |= TP_FLAG_REGISTERED; 239 else { 240 pr_warning("Could not insert probe at %s+%lu: %d\n", 241 trace_probe_symbol(tp), trace_probe_offset(tp), ret); 242 if (ret == -ENOENT && trace_probe_is_on_module(tp)) { 243 pr_warning("This probe might be able to register after" 244 "target module is loaded. Continue.\n"); 245 ret = 0; 246 } else if (ret == -EILSEQ) { 247 pr_warning("Probing address(0x%p) is not an " 248 "instruction boundary.\n", 249 tp->rp.kp.addr); 250 ret = -EINVAL; 251 } 252 } 253 254 return ret; 255 } 256 257 /* Internal unregister function - just handle k*probes and flags */ 258 static void __unregister_trace_probe(struct trace_probe *tp) 259 { 260 if (trace_probe_is_registered(tp)) { 261 if (trace_probe_is_return(tp)) 262 unregister_kretprobe(&tp->rp); 263 else 264 unregister_kprobe(&tp->rp.kp); 265 tp->flags &= ~TP_FLAG_REGISTERED; 266 /* Cleanup kprobe for reuse */ 267 if (tp->rp.kp.symbol_name) 268 tp->rp.kp.addr = NULL; 269 } 270 } 271 272 /* Unregister a trace_probe and probe_event: call with locking probe_lock */ 273 static int unregister_trace_probe(struct trace_probe *tp) 274 { 275 /* Enabled event can not be unregistered */ 276 if (trace_probe_is_enabled(tp)) 277 return -EBUSY; 278 279 __unregister_trace_probe(tp); 280 list_del(&tp->list); 281 unregister_probe_event(tp); 282 283 return 0; 284 } 285 286 /* Register a trace_probe and probe_event */ 287 static int register_trace_probe(struct trace_probe *tp) 288 { 289 struct trace_probe *old_tp; 290 int ret; 291 292 mutex_lock(&probe_lock); 293 294 /* Delete old (same name) event if exist */ 295 old_tp = find_trace_probe(tp->call.name, tp->call.class->system); 296 if (old_tp) { 297 ret = unregister_trace_probe(old_tp); 298 if (ret < 0) 299 goto end; 300 free_trace_probe(old_tp); 301 } 302 303 /* Register new event */ 304 ret = register_probe_event(tp); 305 if (ret) { 306 pr_warning("Failed to register probe event(%d)\n", ret); 307 goto end; 308 } 309 310 /* Register k*probe */ 311 ret = __register_trace_probe(tp); 312 if (ret < 0) 313 unregister_probe_event(tp); 314 else 315 list_add_tail(&tp->list, &probe_list); 316 317 end: 318 mutex_unlock(&probe_lock); 319 return ret; 320 } 321 322 /* Module notifier call back, checking event on the module */ 323 static int trace_probe_module_callback(struct notifier_block *nb, 324 unsigned long val, void *data) 325 { 326 struct module *mod = data; 327 struct trace_probe *tp; 328 int ret; 329 330 if (val != MODULE_STATE_COMING) 331 return NOTIFY_DONE; 332 333 /* Update probes on coming module */ 334 mutex_lock(&probe_lock); 335 list_for_each_entry(tp, &probe_list, list) { 336 if (trace_probe_within_module(tp, mod)) { 337 /* Don't need to check busy - this should have gone. */ 338 __unregister_trace_probe(tp); 339 ret = __register_trace_probe(tp); 340 if (ret) 341 pr_warning("Failed to re-register probe %s on" 342 "%s: %d\n", 343 tp->call.name, mod->name, ret); 344 } 345 } 346 mutex_unlock(&probe_lock); 347 348 return NOTIFY_DONE; 349 } 350 351 static struct notifier_block trace_probe_module_nb = { 352 .notifier_call = trace_probe_module_callback, 353 .priority = 1 /* Invoked after kprobe module callback */ 354 }; 355 356 static int create_trace_probe(int argc, char **argv) 357 { 358 /* 359 * Argument syntax: 360 * - Add kprobe: p[:[GRP/]EVENT] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS] 361 * - Add kretprobe: r[:[GRP/]EVENT] [MOD:]KSYM[+0] [FETCHARGS] 362 * Fetch args: 363 * $retval : fetch return value 364 * $stack : fetch stack address 365 * $stackN : fetch Nth of stack (N:0-) 366 * @ADDR : fetch memory at ADDR (ADDR should be in kernel) 367 * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol) 368 * %REG : fetch register REG 369 * Dereferencing memory fetch: 370 * +|-offs(ARG) : fetch memory at ARG +|- offs address. 371 * Alias name of args: 372 * NAME=FETCHARG : set NAME as alias of FETCHARG. 373 * Type of args: 374 * FETCHARG:TYPE : use TYPE instead of unsigned long. 375 */ 376 struct trace_probe *tp; 377 int i, ret = 0; 378 bool is_return = false, is_delete = false; 379 char *symbol = NULL, *event = NULL, *group = NULL; 380 char *arg; 381 unsigned long offset = 0; 382 void *addr = NULL; 383 char buf[MAX_EVENT_NAME_LEN]; 384 385 /* argc must be >= 1 */ 386 if (argv[0][0] == 'p') 387 is_return = false; 388 else if (argv[0][0] == 'r') 389 is_return = true; 390 else if (argv[0][0] == '-') 391 is_delete = true; 392 else { 393 pr_info("Probe definition must be started with 'p', 'r' or" 394 " '-'.\n"); 395 return -EINVAL; 396 } 397 398 if (argv[0][1] == ':') { 399 event = &argv[0][2]; 400 if (strchr(event, '/')) { 401 group = event; 402 event = strchr(group, '/') + 1; 403 event[-1] = '\0'; 404 if (strlen(group) == 0) { 405 pr_info("Group name is not specified\n"); 406 return -EINVAL; 407 } 408 } 409 if (strlen(event) == 0) { 410 pr_info("Event name is not specified\n"); 411 return -EINVAL; 412 } 413 } 414 if (!group) 415 group = KPROBE_EVENT_SYSTEM; 416 417 if (is_delete) { 418 if (!event) { 419 pr_info("Delete command needs an event name.\n"); 420 return -EINVAL; 421 } 422 mutex_lock(&probe_lock); 423 tp = find_trace_probe(event, group); 424 if (!tp) { 425 mutex_unlock(&probe_lock); 426 pr_info("Event %s/%s doesn't exist.\n", group, event); 427 return -ENOENT; 428 } 429 /* delete an event */ 430 ret = unregister_trace_probe(tp); 431 if (ret == 0) 432 free_trace_probe(tp); 433 mutex_unlock(&probe_lock); 434 return ret; 435 } 436 437 if (argc < 2) { 438 pr_info("Probe point is not specified.\n"); 439 return -EINVAL; 440 } 441 if (isdigit(argv[1][0])) { 442 if (is_return) { 443 pr_info("Return probe point must be a symbol.\n"); 444 return -EINVAL; 445 } 446 /* an address specified */ 447 ret = kstrtoul(&argv[1][0], 0, (unsigned long *)&addr); 448 if (ret) { 449 pr_info("Failed to parse address.\n"); 450 return ret; 451 } 452 } else { 453 /* a symbol specified */ 454 symbol = argv[1]; 455 /* TODO: support .init module functions */ 456 ret = traceprobe_split_symbol_offset(symbol, &offset); 457 if (ret) { 458 pr_info("Failed to parse symbol.\n"); 459 return ret; 460 } 461 if (offset && is_return) { 462 pr_info("Return probe must be used without offset.\n"); 463 return -EINVAL; 464 } 465 } 466 argc -= 2; argv += 2; 467 468 /* setup a probe */ 469 if (!event) { 470 /* Make a new event name */ 471 if (symbol) 472 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_%ld", 473 is_return ? 'r' : 'p', symbol, offset); 474 else 475 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_0x%p", 476 is_return ? 'r' : 'p', addr); 477 event = buf; 478 } 479 tp = alloc_trace_probe(group, event, addr, symbol, offset, argc, 480 is_return); 481 if (IS_ERR(tp)) { 482 pr_info("Failed to allocate trace_probe.(%d)\n", 483 (int)PTR_ERR(tp)); 484 return PTR_ERR(tp); 485 } 486 487 /* parse arguments */ 488 ret = 0; 489 for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) { 490 /* Increment count for freeing args in error case */ 491 tp->nr_args++; 492 493 /* Parse argument name */ 494 arg = strchr(argv[i], '='); 495 if (arg) { 496 *arg++ = '\0'; 497 tp->args[i].name = kstrdup(argv[i], GFP_KERNEL); 498 } else { 499 arg = argv[i]; 500 /* If argument name is omitted, set "argN" */ 501 snprintf(buf, MAX_EVENT_NAME_LEN, "arg%d", i + 1); 502 tp->args[i].name = kstrdup(buf, GFP_KERNEL); 503 } 504 505 if (!tp->args[i].name) { 506 pr_info("Failed to allocate argument[%d] name.\n", i); 507 ret = -ENOMEM; 508 goto error; 509 } 510 511 if (!is_good_name(tp->args[i].name)) { 512 pr_info("Invalid argument[%d] name: %s\n", 513 i, tp->args[i].name); 514 ret = -EINVAL; 515 goto error; 516 } 517 518 if (traceprobe_conflict_field_name(tp->args[i].name, 519 tp->args, i)) { 520 pr_info("Argument[%d] name '%s' conflicts with " 521 "another field.\n", i, argv[i]); 522 ret = -EINVAL; 523 goto error; 524 } 525 526 /* Parse fetch argument */ 527 ret = traceprobe_parse_probe_arg(arg, &tp->size, &tp->args[i], 528 is_return, true); 529 if (ret) { 530 pr_info("Parse error at argument[%d]. (%d)\n", i, ret); 531 goto error; 532 } 533 } 534 535 ret = register_trace_probe(tp); 536 if (ret) 537 goto error; 538 return 0; 539 540 error: 541 free_trace_probe(tp); 542 return ret; 543 } 544 545 static int release_all_trace_probes(void) 546 { 547 struct trace_probe *tp; 548 int ret = 0; 549 550 mutex_lock(&probe_lock); 551 /* Ensure no probe is in use. */ 552 list_for_each_entry(tp, &probe_list, list) 553 if (trace_probe_is_enabled(tp)) { 554 ret = -EBUSY; 555 goto end; 556 } 557 /* TODO: Use batch unregistration */ 558 while (!list_empty(&probe_list)) { 559 tp = list_entry(probe_list.next, struct trace_probe, list); 560 unregister_trace_probe(tp); 561 free_trace_probe(tp); 562 } 563 564 end: 565 mutex_unlock(&probe_lock); 566 567 return ret; 568 } 569 570 /* Probes listing interfaces */ 571 static void *probes_seq_start(struct seq_file *m, loff_t *pos) 572 { 573 mutex_lock(&probe_lock); 574 return seq_list_start(&probe_list, *pos); 575 } 576 577 static void *probes_seq_next(struct seq_file *m, void *v, loff_t *pos) 578 { 579 return seq_list_next(v, &probe_list, pos); 580 } 581 582 static void probes_seq_stop(struct seq_file *m, void *v) 583 { 584 mutex_unlock(&probe_lock); 585 } 586 587 static int probes_seq_show(struct seq_file *m, void *v) 588 { 589 struct trace_probe *tp = v; 590 int i; 591 592 seq_printf(m, "%c", trace_probe_is_return(tp) ? 'r' : 'p'); 593 seq_printf(m, ":%s/%s", tp->call.class->system, tp->call.name); 594 595 if (!tp->symbol) 596 seq_printf(m, " 0x%p", tp->rp.kp.addr); 597 else if (tp->rp.kp.offset) 598 seq_printf(m, " %s+%u", trace_probe_symbol(tp), 599 tp->rp.kp.offset); 600 else 601 seq_printf(m, " %s", trace_probe_symbol(tp)); 602 603 for (i = 0; i < tp->nr_args; i++) 604 seq_printf(m, " %s=%s", tp->args[i].name, tp->args[i].comm); 605 seq_printf(m, "\n"); 606 607 return 0; 608 } 609 610 static const struct seq_operations probes_seq_op = { 611 .start = probes_seq_start, 612 .next = probes_seq_next, 613 .stop = probes_seq_stop, 614 .show = probes_seq_show 615 }; 616 617 static int probes_open(struct inode *inode, struct file *file) 618 { 619 int ret; 620 621 if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) { 622 ret = release_all_trace_probes(); 623 if (ret < 0) 624 return ret; 625 } 626 627 return seq_open(file, &probes_seq_op); 628 } 629 630 static ssize_t probes_write(struct file *file, const char __user *buffer, 631 size_t count, loff_t *ppos) 632 { 633 return traceprobe_probes_write(file, buffer, count, ppos, 634 create_trace_probe); 635 } 636 637 static const struct file_operations kprobe_events_ops = { 638 .owner = THIS_MODULE, 639 .open = probes_open, 640 .read = seq_read, 641 .llseek = seq_lseek, 642 .release = seq_release, 643 .write = probes_write, 644 }; 645 646 /* Probes profiling interfaces */ 647 static int probes_profile_seq_show(struct seq_file *m, void *v) 648 { 649 struct trace_probe *tp = v; 650 651 seq_printf(m, " %-44s %15lu %15lu\n", tp->call.name, tp->nhit, 652 tp->rp.kp.nmissed); 653 654 return 0; 655 } 656 657 static const struct seq_operations profile_seq_op = { 658 .start = probes_seq_start, 659 .next = probes_seq_next, 660 .stop = probes_seq_stop, 661 .show = probes_profile_seq_show 662 }; 663 664 static int profile_open(struct inode *inode, struct file *file) 665 { 666 return seq_open(file, &profile_seq_op); 667 } 668 669 static const struct file_operations kprobe_profile_ops = { 670 .owner = THIS_MODULE, 671 .open = profile_open, 672 .read = seq_read, 673 .llseek = seq_lseek, 674 .release = seq_release, 675 }; 676 677 /* Sum up total data length for dynamic arraies (strings) */ 678 static __kprobes int __get_data_size(struct trace_probe *tp, 679 struct pt_regs *regs) 680 { 681 int i, ret = 0; 682 u32 len; 683 684 for (i = 0; i < tp->nr_args; i++) 685 if (unlikely(tp->args[i].fetch_size.fn)) { 686 call_fetch(&tp->args[i].fetch_size, regs, &len); 687 ret += len; 688 } 689 690 return ret; 691 } 692 693 /* Store the value of each argument */ 694 static __kprobes void store_trace_args(int ent_size, struct trace_probe *tp, 695 struct pt_regs *regs, 696 u8 *data, int maxlen) 697 { 698 int i; 699 u32 end = tp->size; 700 u32 *dl; /* Data (relative) location */ 701 702 for (i = 0; i < tp->nr_args; i++) { 703 if (unlikely(tp->args[i].fetch_size.fn)) { 704 /* 705 * First, we set the relative location and 706 * maximum data length to *dl 707 */ 708 dl = (u32 *)(data + tp->args[i].offset); 709 *dl = make_data_rloc(maxlen, end - tp->args[i].offset); 710 /* Then try to fetch string or dynamic array data */ 711 call_fetch(&tp->args[i].fetch, regs, dl); 712 /* Reduce maximum length */ 713 end += get_rloc_len(*dl); 714 maxlen -= get_rloc_len(*dl); 715 /* Trick here, convert data_rloc to data_loc */ 716 *dl = convert_rloc_to_loc(*dl, 717 ent_size + tp->args[i].offset); 718 } else 719 /* Just fetching data normally */ 720 call_fetch(&tp->args[i].fetch, regs, 721 data + tp->args[i].offset); 722 } 723 } 724 725 /* Kprobe handler */ 726 static __kprobes void kprobe_trace_func(struct kprobe *kp, struct pt_regs *regs) 727 { 728 struct trace_probe *tp = container_of(kp, struct trace_probe, rp.kp); 729 struct kprobe_trace_entry_head *entry; 730 struct ring_buffer_event *event; 731 struct ring_buffer *buffer; 732 int size, dsize, pc; 733 unsigned long irq_flags; 734 struct ftrace_event_call *call = &tp->call; 735 736 tp->nhit++; 737 738 local_save_flags(irq_flags); 739 pc = preempt_count(); 740 741 dsize = __get_data_size(tp, regs); 742 size = sizeof(*entry) + tp->size + dsize; 743 744 event = trace_current_buffer_lock_reserve(&buffer, call->event.type, 745 size, irq_flags, pc); 746 if (!event) 747 return; 748 749 entry = ring_buffer_event_data(event); 750 entry->ip = (unsigned long)kp->addr; 751 store_trace_args(sizeof(*entry), tp, regs, (u8 *)&entry[1], dsize); 752 753 if (!filter_current_check_discard(buffer, call, entry, event)) 754 trace_buffer_unlock_commit_regs(buffer, event, 755 irq_flags, pc, regs); 756 } 757 758 /* Kretprobe handler */ 759 static __kprobes void kretprobe_trace_func(struct kretprobe_instance *ri, 760 struct pt_regs *regs) 761 { 762 struct trace_probe *tp = container_of(ri->rp, struct trace_probe, rp); 763 struct kretprobe_trace_entry_head *entry; 764 struct ring_buffer_event *event; 765 struct ring_buffer *buffer; 766 int size, pc, dsize; 767 unsigned long irq_flags; 768 struct ftrace_event_call *call = &tp->call; 769 770 local_save_flags(irq_flags); 771 pc = preempt_count(); 772 773 dsize = __get_data_size(tp, regs); 774 size = sizeof(*entry) + tp->size + dsize; 775 776 event = trace_current_buffer_lock_reserve(&buffer, call->event.type, 777 size, irq_flags, pc); 778 if (!event) 779 return; 780 781 entry = ring_buffer_event_data(event); 782 entry->func = (unsigned long)tp->rp.kp.addr; 783 entry->ret_ip = (unsigned long)ri->ret_addr; 784 store_trace_args(sizeof(*entry), tp, regs, (u8 *)&entry[1], dsize); 785 786 if (!filter_current_check_discard(buffer, call, entry, event)) 787 trace_buffer_unlock_commit_regs(buffer, event, 788 irq_flags, pc, regs); 789 } 790 791 /* Event entry printers */ 792 enum print_line_t 793 print_kprobe_event(struct trace_iterator *iter, int flags, 794 struct trace_event *event) 795 { 796 struct kprobe_trace_entry_head *field; 797 struct trace_seq *s = &iter->seq; 798 struct trace_probe *tp; 799 u8 *data; 800 int i; 801 802 field = (struct kprobe_trace_entry_head *)iter->ent; 803 tp = container_of(event, struct trace_probe, call.event); 804 805 if (!trace_seq_printf(s, "%s: (", tp->call.name)) 806 goto partial; 807 808 if (!seq_print_ip_sym(s, field->ip, flags | TRACE_ITER_SYM_OFFSET)) 809 goto partial; 810 811 if (!trace_seq_puts(s, ")")) 812 goto partial; 813 814 data = (u8 *)&field[1]; 815 for (i = 0; i < tp->nr_args; i++) 816 if (!tp->args[i].type->print(s, tp->args[i].name, 817 data + tp->args[i].offset, field)) 818 goto partial; 819 820 if (!trace_seq_puts(s, "\n")) 821 goto partial; 822 823 return TRACE_TYPE_HANDLED; 824 partial: 825 return TRACE_TYPE_PARTIAL_LINE; 826 } 827 828 enum print_line_t 829 print_kretprobe_event(struct trace_iterator *iter, int flags, 830 struct trace_event *event) 831 { 832 struct kretprobe_trace_entry_head *field; 833 struct trace_seq *s = &iter->seq; 834 struct trace_probe *tp; 835 u8 *data; 836 int i; 837 838 field = (struct kretprobe_trace_entry_head *)iter->ent; 839 tp = container_of(event, struct trace_probe, call.event); 840 841 if (!trace_seq_printf(s, "%s: (", tp->call.name)) 842 goto partial; 843 844 if (!seq_print_ip_sym(s, field->ret_ip, flags | TRACE_ITER_SYM_OFFSET)) 845 goto partial; 846 847 if (!trace_seq_puts(s, " <- ")) 848 goto partial; 849 850 if (!seq_print_ip_sym(s, field->func, flags & ~TRACE_ITER_SYM_OFFSET)) 851 goto partial; 852 853 if (!trace_seq_puts(s, ")")) 854 goto partial; 855 856 data = (u8 *)&field[1]; 857 for (i = 0; i < tp->nr_args; i++) 858 if (!tp->args[i].type->print(s, tp->args[i].name, 859 data + tp->args[i].offset, field)) 860 goto partial; 861 862 if (!trace_seq_puts(s, "\n")) 863 goto partial; 864 865 return TRACE_TYPE_HANDLED; 866 partial: 867 return TRACE_TYPE_PARTIAL_LINE; 868 } 869 870 871 static int kprobe_event_define_fields(struct ftrace_event_call *event_call) 872 { 873 int ret, i; 874 struct kprobe_trace_entry_head field; 875 struct trace_probe *tp = (struct trace_probe *)event_call->data; 876 877 DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0); 878 /* Set argument names as fields */ 879 for (i = 0; i < tp->nr_args; i++) { 880 ret = trace_define_field(event_call, tp->args[i].type->fmttype, 881 tp->args[i].name, 882 sizeof(field) + tp->args[i].offset, 883 tp->args[i].type->size, 884 tp->args[i].type->is_signed, 885 FILTER_OTHER); 886 if (ret) 887 return ret; 888 } 889 return 0; 890 } 891 892 static int kretprobe_event_define_fields(struct ftrace_event_call *event_call) 893 { 894 int ret, i; 895 struct kretprobe_trace_entry_head field; 896 struct trace_probe *tp = (struct trace_probe *)event_call->data; 897 898 DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0); 899 DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0); 900 /* Set argument names as fields */ 901 for (i = 0; i < tp->nr_args; i++) { 902 ret = trace_define_field(event_call, tp->args[i].type->fmttype, 903 tp->args[i].name, 904 sizeof(field) + tp->args[i].offset, 905 tp->args[i].type->size, 906 tp->args[i].type->is_signed, 907 FILTER_OTHER); 908 if (ret) 909 return ret; 910 } 911 return 0; 912 } 913 914 static int __set_print_fmt(struct trace_probe *tp, char *buf, int len) 915 { 916 int i; 917 int pos = 0; 918 919 const char *fmt, *arg; 920 921 if (!trace_probe_is_return(tp)) { 922 fmt = "(%lx)"; 923 arg = "REC->" FIELD_STRING_IP; 924 } else { 925 fmt = "(%lx <- %lx)"; 926 arg = "REC->" FIELD_STRING_FUNC ", REC->" FIELD_STRING_RETIP; 927 } 928 929 /* When len=0, we just calculate the needed length */ 930 #define LEN_OR_ZERO (len ? len - pos : 0) 931 932 pos += snprintf(buf + pos, LEN_OR_ZERO, "\"%s", fmt); 933 934 for (i = 0; i < tp->nr_args; i++) { 935 pos += snprintf(buf + pos, LEN_OR_ZERO, " %s=%s", 936 tp->args[i].name, tp->args[i].type->fmt); 937 } 938 939 pos += snprintf(buf + pos, LEN_OR_ZERO, "\", %s", arg); 940 941 for (i = 0; i < tp->nr_args; i++) { 942 if (strcmp(tp->args[i].type->name, "string") == 0) 943 pos += snprintf(buf + pos, LEN_OR_ZERO, 944 ", __get_str(%s)", 945 tp->args[i].name); 946 else 947 pos += snprintf(buf + pos, LEN_OR_ZERO, ", REC->%s", 948 tp->args[i].name); 949 } 950 951 #undef LEN_OR_ZERO 952 953 /* return the length of print_fmt */ 954 return pos; 955 } 956 957 static int set_print_fmt(struct trace_probe *tp) 958 { 959 int len; 960 char *print_fmt; 961 962 /* First: called with 0 length to calculate the needed length */ 963 len = __set_print_fmt(tp, NULL, 0); 964 print_fmt = kmalloc(len + 1, GFP_KERNEL); 965 if (!print_fmt) 966 return -ENOMEM; 967 968 /* Second: actually write the @print_fmt */ 969 __set_print_fmt(tp, print_fmt, len + 1); 970 tp->call.print_fmt = print_fmt; 971 972 return 0; 973 } 974 975 #ifdef CONFIG_PERF_EVENTS 976 977 /* Kprobe profile handler */ 978 static __kprobes void kprobe_perf_func(struct kprobe *kp, 979 struct pt_regs *regs) 980 { 981 struct trace_probe *tp = container_of(kp, struct trace_probe, rp.kp); 982 struct ftrace_event_call *call = &tp->call; 983 struct kprobe_trace_entry_head *entry; 984 struct hlist_head *head; 985 int size, __size, dsize; 986 int rctx; 987 988 dsize = __get_data_size(tp, regs); 989 __size = sizeof(*entry) + tp->size + dsize; 990 size = ALIGN(__size + sizeof(u32), sizeof(u64)); 991 size -= sizeof(u32); 992 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE, 993 "profile buffer not large enough")) 994 return; 995 996 entry = perf_trace_buf_prepare(size, call->event.type, regs, &rctx); 997 if (!entry) 998 return; 999 1000 entry->ip = (unsigned long)kp->addr; 1001 memset(&entry[1], 0, dsize); 1002 store_trace_args(sizeof(*entry), tp, regs, (u8 *)&entry[1], dsize); 1003 1004 head = this_cpu_ptr(call->perf_events); 1005 perf_trace_buf_submit(entry, size, rctx, 1006 entry->ip, 1, regs, head, NULL); 1007 } 1008 1009 /* Kretprobe profile handler */ 1010 static __kprobes void kretprobe_perf_func(struct kretprobe_instance *ri, 1011 struct pt_regs *regs) 1012 { 1013 struct trace_probe *tp = container_of(ri->rp, struct trace_probe, rp); 1014 struct ftrace_event_call *call = &tp->call; 1015 struct kretprobe_trace_entry_head *entry; 1016 struct hlist_head *head; 1017 int size, __size, dsize; 1018 int rctx; 1019 1020 dsize = __get_data_size(tp, regs); 1021 __size = sizeof(*entry) + tp->size + dsize; 1022 size = ALIGN(__size + sizeof(u32), sizeof(u64)); 1023 size -= sizeof(u32); 1024 if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE, 1025 "profile buffer not large enough")) 1026 return; 1027 1028 entry = perf_trace_buf_prepare(size, call->event.type, regs, &rctx); 1029 if (!entry) 1030 return; 1031 1032 entry->func = (unsigned long)tp->rp.kp.addr; 1033 entry->ret_ip = (unsigned long)ri->ret_addr; 1034 store_trace_args(sizeof(*entry), tp, regs, (u8 *)&entry[1], dsize); 1035 1036 head = this_cpu_ptr(call->perf_events); 1037 perf_trace_buf_submit(entry, size, rctx, 1038 entry->ret_ip, 1, regs, head, NULL); 1039 } 1040 #endif /* CONFIG_PERF_EVENTS */ 1041 1042 static __kprobes 1043 int kprobe_register(struct ftrace_event_call *event, 1044 enum trace_reg type, void *data) 1045 { 1046 struct trace_probe *tp = (struct trace_probe *)event->data; 1047 1048 switch (type) { 1049 case TRACE_REG_REGISTER: 1050 return enable_trace_probe(tp, TP_FLAG_TRACE); 1051 case TRACE_REG_UNREGISTER: 1052 disable_trace_probe(tp, TP_FLAG_TRACE); 1053 return 0; 1054 1055 #ifdef CONFIG_PERF_EVENTS 1056 case TRACE_REG_PERF_REGISTER: 1057 return enable_trace_probe(tp, TP_FLAG_PROFILE); 1058 case TRACE_REG_PERF_UNREGISTER: 1059 disable_trace_probe(tp, TP_FLAG_PROFILE); 1060 return 0; 1061 case TRACE_REG_PERF_OPEN: 1062 case TRACE_REG_PERF_CLOSE: 1063 case TRACE_REG_PERF_ADD: 1064 case TRACE_REG_PERF_DEL: 1065 return 0; 1066 #endif 1067 } 1068 return 0; 1069 } 1070 1071 static __kprobes 1072 int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs) 1073 { 1074 struct trace_probe *tp = container_of(kp, struct trace_probe, rp.kp); 1075 1076 if (tp->flags & TP_FLAG_TRACE) 1077 kprobe_trace_func(kp, regs); 1078 #ifdef CONFIG_PERF_EVENTS 1079 if (tp->flags & TP_FLAG_PROFILE) 1080 kprobe_perf_func(kp, regs); 1081 #endif 1082 return 0; /* We don't tweek kernel, so just return 0 */ 1083 } 1084 1085 static __kprobes 1086 int kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs) 1087 { 1088 struct trace_probe *tp = container_of(ri->rp, struct trace_probe, rp); 1089 1090 if (tp->flags & TP_FLAG_TRACE) 1091 kretprobe_trace_func(ri, regs); 1092 #ifdef CONFIG_PERF_EVENTS 1093 if (tp->flags & TP_FLAG_PROFILE) 1094 kretprobe_perf_func(ri, regs); 1095 #endif 1096 return 0; /* We don't tweek kernel, so just return 0 */ 1097 } 1098 1099 static struct trace_event_functions kretprobe_funcs = { 1100 .trace = print_kretprobe_event 1101 }; 1102 1103 static struct trace_event_functions kprobe_funcs = { 1104 .trace = print_kprobe_event 1105 }; 1106 1107 static int register_probe_event(struct trace_probe *tp) 1108 { 1109 struct ftrace_event_call *call = &tp->call; 1110 int ret; 1111 1112 /* Initialize ftrace_event_call */ 1113 INIT_LIST_HEAD(&call->class->fields); 1114 if (trace_probe_is_return(tp)) { 1115 call->event.funcs = &kretprobe_funcs; 1116 call->class->define_fields = kretprobe_event_define_fields; 1117 } else { 1118 call->event.funcs = &kprobe_funcs; 1119 call->class->define_fields = kprobe_event_define_fields; 1120 } 1121 if (set_print_fmt(tp) < 0) 1122 return -ENOMEM; 1123 ret = register_ftrace_event(&call->event); 1124 if (!ret) { 1125 kfree(call->print_fmt); 1126 return -ENODEV; 1127 } 1128 call->flags = 0; 1129 call->class->reg = kprobe_register; 1130 call->data = tp; 1131 ret = trace_add_event_call(call); 1132 if (ret) { 1133 pr_info("Failed to register kprobe event: %s\n", call->name); 1134 kfree(call->print_fmt); 1135 unregister_ftrace_event(&call->event); 1136 } 1137 return ret; 1138 } 1139 1140 static void unregister_probe_event(struct trace_probe *tp) 1141 { 1142 /* tp->event is unregistered in trace_remove_event_call() */ 1143 trace_remove_event_call(&tp->call); 1144 kfree(tp->call.print_fmt); 1145 } 1146 1147 /* Make a debugfs interface for controlling probe points */ 1148 static __init int init_kprobe_trace(void) 1149 { 1150 struct dentry *d_tracer; 1151 struct dentry *entry; 1152 1153 if (register_module_notifier(&trace_probe_module_nb)) 1154 return -EINVAL; 1155 1156 d_tracer = tracing_init_dentry(); 1157 if (!d_tracer) 1158 return 0; 1159 1160 entry = debugfs_create_file("kprobe_events", 0644, d_tracer, 1161 NULL, &kprobe_events_ops); 1162 1163 /* Event list interface */ 1164 if (!entry) 1165 pr_warning("Could not create debugfs " 1166 "'kprobe_events' entry\n"); 1167 1168 /* Profile interface */ 1169 entry = debugfs_create_file("kprobe_profile", 0444, d_tracer, 1170 NULL, &kprobe_profile_ops); 1171 1172 if (!entry) 1173 pr_warning("Could not create debugfs " 1174 "'kprobe_profile' entry\n"); 1175 return 0; 1176 } 1177 fs_initcall(init_kprobe_trace); 1178 1179 1180 #ifdef CONFIG_FTRACE_STARTUP_TEST 1181 1182 /* 1183 * The "__used" keeps gcc from removing the function symbol 1184 * from the kallsyms table. 1185 */ 1186 static __used int kprobe_trace_selftest_target(int a1, int a2, int a3, 1187 int a4, int a5, int a6) 1188 { 1189 return a1 + a2 + a3 + a4 + a5 + a6; 1190 } 1191 1192 static __init int kprobe_trace_self_tests_init(void) 1193 { 1194 int ret, warn = 0; 1195 int (*target)(int, int, int, int, int, int); 1196 struct trace_probe *tp; 1197 1198 target = kprobe_trace_selftest_target; 1199 1200 pr_info("Testing kprobe tracing: "); 1201 1202 ret = traceprobe_command("p:testprobe kprobe_trace_selftest_target " 1203 "$stack $stack0 +0($stack)", 1204 create_trace_probe); 1205 if (WARN_ON_ONCE(ret)) { 1206 pr_warning("error on probing function entry.\n"); 1207 warn++; 1208 } else { 1209 /* Enable trace point */ 1210 tp = find_trace_probe("testprobe", KPROBE_EVENT_SYSTEM); 1211 if (WARN_ON_ONCE(tp == NULL)) { 1212 pr_warning("error on getting new probe.\n"); 1213 warn++; 1214 } else 1215 enable_trace_probe(tp, TP_FLAG_TRACE); 1216 } 1217 1218 ret = traceprobe_command("r:testprobe2 kprobe_trace_selftest_target " 1219 "$retval", create_trace_probe); 1220 if (WARN_ON_ONCE(ret)) { 1221 pr_warning("error on probing function return.\n"); 1222 warn++; 1223 } else { 1224 /* Enable trace point */ 1225 tp = find_trace_probe("testprobe2", KPROBE_EVENT_SYSTEM); 1226 if (WARN_ON_ONCE(tp == NULL)) { 1227 pr_warning("error on getting new probe.\n"); 1228 warn++; 1229 } else 1230 enable_trace_probe(tp, TP_FLAG_TRACE); 1231 } 1232 1233 if (warn) 1234 goto end; 1235 1236 ret = target(1, 2, 3, 4, 5, 6); 1237 1238 /* Disable trace points before removing it */ 1239 tp = find_trace_probe("testprobe", KPROBE_EVENT_SYSTEM); 1240 if (WARN_ON_ONCE(tp == NULL)) { 1241 pr_warning("error on getting test probe.\n"); 1242 warn++; 1243 } else 1244 disable_trace_probe(tp, TP_FLAG_TRACE); 1245 1246 tp = find_trace_probe("testprobe2", KPROBE_EVENT_SYSTEM); 1247 if (WARN_ON_ONCE(tp == NULL)) { 1248 pr_warning("error on getting 2nd test probe.\n"); 1249 warn++; 1250 } else 1251 disable_trace_probe(tp, TP_FLAG_TRACE); 1252 1253 ret = traceprobe_command("-:testprobe", create_trace_probe); 1254 if (WARN_ON_ONCE(ret)) { 1255 pr_warning("error on deleting a probe.\n"); 1256 warn++; 1257 } 1258 1259 ret = traceprobe_command("-:testprobe2", create_trace_probe); 1260 if (WARN_ON_ONCE(ret)) { 1261 pr_warning("error on deleting a probe.\n"); 1262 warn++; 1263 } 1264 1265 end: 1266 release_all_trace_probes(); 1267 if (warn) 1268 pr_cont("NG: Some tests are failed. Please check them.\n"); 1269 else 1270 pr_cont("OK\n"); 1271 return 0; 1272 } 1273 1274 late_initcall(kprobe_trace_self_tests_init); 1275 1276 #endif 1277