1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Kprobes-based tracing events 4 * 5 * Created by Masami Hiramatsu <mhiramat@redhat.com> 6 * 7 */ 8 #define pr_fmt(fmt) "trace_kprobe: " fmt 9 10 #include <linux/module.h> 11 #include <linux/uaccess.h> 12 #include <linux/rculist.h> 13 #include <linux/error-injection.h> 14 15 #include "trace_kprobe_selftest.h" 16 #include "trace_probe.h" 17 18 #define KPROBE_EVENT_SYSTEM "kprobes" 19 #define KRETPROBE_MAXACTIVE_MAX 4096 20 21 /** 22 * Kprobe event core functions 23 */ 24 struct trace_kprobe { 25 struct list_head list; 26 struct kretprobe rp; /* Use rp.kp for kprobe use */ 27 unsigned long __percpu *nhit; 28 const char *symbol; /* symbol name */ 29 struct trace_probe tp; 30 }; 31 32 #define SIZEOF_TRACE_KPROBE(n) \ 33 (offsetof(struct trace_kprobe, tp.args) + \ 34 (sizeof(struct probe_arg) * (n))) 35 36 static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk) 37 { 38 return tk->rp.handler != NULL; 39 } 40 41 static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk) 42 { 43 return tk->symbol ? tk->symbol : "unknown"; 44 } 45 46 static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk) 47 { 48 return tk->rp.kp.offset; 49 } 50 51 static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk) 52 { 53 return !!(kprobe_gone(&tk->rp.kp)); 54 } 55 56 static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk, 57 struct module *mod) 58 { 59 int len = strlen(mod->name); 60 const char *name = trace_kprobe_symbol(tk); 61 return strncmp(mod->name, name, len) == 0 && name[len] == ':'; 62 } 63 64 static nokprobe_inline bool trace_kprobe_is_on_module(struct trace_kprobe *tk) 65 { 66 return !!strchr(trace_kprobe_symbol(tk), ':'); 67 } 68 69 static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk) 70 { 71 unsigned long nhit = 0; 72 int cpu; 73 74 for_each_possible_cpu(cpu) 75 nhit += *per_cpu_ptr(tk->nhit, cpu); 76 77 return nhit; 78 } 79 80 /* Return 0 if it fails to find the symbol address */ 81 static nokprobe_inline 82 unsigned long trace_kprobe_address(struct trace_kprobe *tk) 83 { 84 unsigned long addr; 85 86 if (tk->symbol) { 87 addr = (unsigned long) 88 kallsyms_lookup_name(trace_kprobe_symbol(tk)); 89 if (addr) 90 addr += tk->rp.kp.offset; 91 } else { 92 addr = (unsigned long)tk->rp.kp.addr; 93 } 94 return addr; 95 } 96 97 bool trace_kprobe_on_func_entry(struct trace_event_call *call) 98 { 99 struct trace_kprobe *tk = (struct trace_kprobe *)call->data; 100 101 return kprobe_on_func_entry(tk->rp.kp.addr, 102 tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name, 103 tk->rp.kp.addr ? 0 : tk->rp.kp.offset); 104 } 105 106 bool trace_kprobe_error_injectable(struct trace_event_call *call) 107 { 108 struct trace_kprobe *tk = (struct trace_kprobe *)call->data; 109 110 return within_error_injection_list(trace_kprobe_address(tk)); 111 } 112 113 static int register_kprobe_event(struct trace_kprobe *tk); 114 static int unregister_kprobe_event(struct trace_kprobe *tk); 115 116 static DEFINE_MUTEX(probe_lock); 117 static LIST_HEAD(probe_list); 118 119 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs); 120 static int kretprobe_dispatcher(struct kretprobe_instance *ri, 121 struct pt_regs *regs); 122 123 /* Memory fetching by symbol */ 124 struct symbol_cache { 125 char *symbol; 126 long offset; 127 unsigned long addr; 128 }; 129 130 unsigned long update_symbol_cache(struct symbol_cache *sc) 131 { 132 sc->addr = (unsigned long)kallsyms_lookup_name(sc->symbol); 133 134 if (sc->addr) 135 sc->addr += sc->offset; 136 137 return sc->addr; 138 } 139 140 void free_symbol_cache(struct symbol_cache *sc) 141 { 142 kfree(sc->symbol); 143 kfree(sc); 144 } 145 146 struct symbol_cache *alloc_symbol_cache(const char *sym, long offset) 147 { 148 struct symbol_cache *sc; 149 150 if (!sym || strlen(sym) == 0) 151 return NULL; 152 153 sc = kzalloc(sizeof(struct symbol_cache), GFP_KERNEL); 154 if (!sc) 155 return NULL; 156 157 sc->symbol = kstrdup(sym, GFP_KERNEL); 158 if (!sc->symbol) { 159 kfree(sc); 160 return NULL; 161 } 162 sc->offset = offset; 163 update_symbol_cache(sc); 164 165 return sc; 166 } 167 168 /* 169 * Kprobes-specific fetch functions 170 */ 171 #define DEFINE_FETCH_stack(type) \ 172 static void FETCH_FUNC_NAME(stack, type)(struct pt_regs *regs, \ 173 void *offset, void *dest) \ 174 { \ 175 *(type *)dest = (type)regs_get_kernel_stack_nth(regs, \ 176 (unsigned int)((unsigned long)offset)); \ 177 } \ 178 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(stack, type)); 179 180 DEFINE_BASIC_FETCH_FUNCS(stack) 181 /* No string on the stack entry */ 182 #define fetch_stack_string NULL 183 #define fetch_stack_string_size NULL 184 185 #define DEFINE_FETCH_memory(type) \ 186 static void FETCH_FUNC_NAME(memory, type)(struct pt_regs *regs, \ 187 void *addr, void *dest) \ 188 { \ 189 type retval; \ 190 if (probe_kernel_address(addr, retval)) \ 191 *(type *)dest = 0; \ 192 else \ 193 *(type *)dest = retval; \ 194 } \ 195 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, type)); 196 197 DEFINE_BASIC_FETCH_FUNCS(memory) 198 /* 199 * Fetch a null-terminated string. Caller MUST set *(u32 *)dest with max 200 * length and relative data location. 201 */ 202 static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, 203 void *addr, void *dest) 204 { 205 int maxlen = get_rloc_len(*(u32 *)dest); 206 u8 *dst = get_rloc_data(dest); 207 long ret; 208 209 if (!maxlen) 210 return; 211 212 /* 213 * Try to get string again, since the string can be changed while 214 * probing. 215 */ 216 ret = strncpy_from_unsafe(dst, addr, maxlen); 217 218 if (ret < 0) { /* Failed to fetch string */ 219 dst[0] = '\0'; 220 *(u32 *)dest = make_data_rloc(0, get_rloc_offs(*(u32 *)dest)); 221 } else { 222 *(u32 *)dest = make_data_rloc(ret, get_rloc_offs(*(u32 *)dest)); 223 } 224 } 225 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, string)); 226 227 /* Return the length of string -- including null terminal byte */ 228 static void FETCH_FUNC_NAME(memory, string_size)(struct pt_regs *regs, 229 void *addr, void *dest) 230 { 231 mm_segment_t old_fs; 232 int ret, len = 0; 233 u8 c; 234 235 old_fs = get_fs(); 236 set_fs(KERNEL_DS); 237 pagefault_disable(); 238 239 do { 240 ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1); 241 len++; 242 } while (c && ret == 0 && len < MAX_STRING_SIZE); 243 244 pagefault_enable(); 245 set_fs(old_fs); 246 247 if (ret < 0) /* Failed to check the length */ 248 *(u32 *)dest = 0; 249 else 250 *(u32 *)dest = len; 251 } 252 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, string_size)); 253 254 #define DEFINE_FETCH_symbol(type) \ 255 void FETCH_FUNC_NAME(symbol, type)(struct pt_regs *regs, void *data, void *dest)\ 256 { \ 257 struct symbol_cache *sc = data; \ 258 if (sc->addr) \ 259 fetch_memory_##type(regs, (void *)sc->addr, dest); \ 260 else \ 261 *(type *)dest = 0; \ 262 } \ 263 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(symbol, type)); 264 265 DEFINE_BASIC_FETCH_FUNCS(symbol) 266 DEFINE_FETCH_symbol(string) 267 DEFINE_FETCH_symbol(string_size) 268 269 /* kprobes don't support file_offset fetch methods */ 270 #define fetch_file_offset_u8 NULL 271 #define fetch_file_offset_u16 NULL 272 #define fetch_file_offset_u32 NULL 273 #define fetch_file_offset_u64 NULL 274 #define fetch_file_offset_string NULL 275 #define fetch_file_offset_string_size NULL 276 277 /* Fetch type information table */ 278 static const struct fetch_type kprobes_fetch_type_table[] = { 279 /* Special types */ 280 [FETCH_TYPE_STRING] = __ASSIGN_FETCH_TYPE("string", string, string, 281 sizeof(u32), 1, "__data_loc char[]"), 282 [FETCH_TYPE_STRSIZE] = __ASSIGN_FETCH_TYPE("string_size", u32, 283 string_size, sizeof(u32), 0, "u32"), 284 /* Basic types */ 285 ASSIGN_FETCH_TYPE(u8, u8, 0), 286 ASSIGN_FETCH_TYPE(u16, u16, 0), 287 ASSIGN_FETCH_TYPE(u32, u32, 0), 288 ASSIGN_FETCH_TYPE(u64, u64, 0), 289 ASSIGN_FETCH_TYPE(s8, u8, 1), 290 ASSIGN_FETCH_TYPE(s16, u16, 1), 291 ASSIGN_FETCH_TYPE(s32, u32, 1), 292 ASSIGN_FETCH_TYPE(s64, u64, 1), 293 ASSIGN_FETCH_TYPE_ALIAS(x8, u8, u8, 0), 294 ASSIGN_FETCH_TYPE_ALIAS(x16, u16, u16, 0), 295 ASSIGN_FETCH_TYPE_ALIAS(x32, u32, u32, 0), 296 ASSIGN_FETCH_TYPE_ALIAS(x64, u64, u64, 0), 297 298 ASSIGN_FETCH_TYPE_END 299 }; 300 301 /* 302 * Allocate new trace_probe and initialize it (including kprobes). 303 */ 304 static struct trace_kprobe *alloc_trace_kprobe(const char *group, 305 const char *event, 306 void *addr, 307 const char *symbol, 308 unsigned long offs, 309 int maxactive, 310 int nargs, bool is_return) 311 { 312 struct trace_kprobe *tk; 313 int ret = -ENOMEM; 314 315 tk = kzalloc(SIZEOF_TRACE_KPROBE(nargs), GFP_KERNEL); 316 if (!tk) 317 return ERR_PTR(ret); 318 319 tk->nhit = alloc_percpu(unsigned long); 320 if (!tk->nhit) 321 goto error; 322 323 if (symbol) { 324 tk->symbol = kstrdup(symbol, GFP_KERNEL); 325 if (!tk->symbol) 326 goto error; 327 tk->rp.kp.symbol_name = tk->symbol; 328 tk->rp.kp.offset = offs; 329 } else 330 tk->rp.kp.addr = addr; 331 332 if (is_return) 333 tk->rp.handler = kretprobe_dispatcher; 334 else 335 tk->rp.kp.pre_handler = kprobe_dispatcher; 336 337 tk->rp.maxactive = maxactive; 338 339 if (!event || !is_good_name(event)) { 340 ret = -EINVAL; 341 goto error; 342 } 343 344 tk->tp.call.class = &tk->tp.class; 345 tk->tp.call.name = kstrdup(event, GFP_KERNEL); 346 if (!tk->tp.call.name) 347 goto error; 348 349 if (!group || !is_good_name(group)) { 350 ret = -EINVAL; 351 goto error; 352 } 353 354 tk->tp.class.system = kstrdup(group, GFP_KERNEL); 355 if (!tk->tp.class.system) 356 goto error; 357 358 INIT_LIST_HEAD(&tk->list); 359 INIT_LIST_HEAD(&tk->tp.files); 360 return tk; 361 error: 362 kfree(tk->tp.call.name); 363 kfree(tk->symbol); 364 free_percpu(tk->nhit); 365 kfree(tk); 366 return ERR_PTR(ret); 367 } 368 369 static void free_trace_kprobe(struct trace_kprobe *tk) 370 { 371 int i; 372 373 for (i = 0; i < tk->tp.nr_args; i++) 374 traceprobe_free_probe_arg(&tk->tp.args[i]); 375 376 kfree(tk->tp.call.class->system); 377 kfree(tk->tp.call.name); 378 kfree(tk->symbol); 379 free_percpu(tk->nhit); 380 kfree(tk); 381 } 382 383 static struct trace_kprobe *find_trace_kprobe(const char *event, 384 const char *group) 385 { 386 struct trace_kprobe *tk; 387 388 list_for_each_entry(tk, &probe_list, list) 389 if (strcmp(trace_event_name(&tk->tp.call), event) == 0 && 390 strcmp(tk->tp.call.class->system, group) == 0) 391 return tk; 392 return NULL; 393 } 394 395 static inline int __enable_trace_kprobe(struct trace_kprobe *tk) 396 { 397 int ret = 0; 398 399 if (trace_probe_is_registered(&tk->tp) && !trace_kprobe_has_gone(tk)) { 400 if (trace_kprobe_is_return(tk)) 401 ret = enable_kretprobe(&tk->rp); 402 else 403 ret = enable_kprobe(&tk->rp.kp); 404 } 405 406 return ret; 407 } 408 409 /* 410 * Enable trace_probe 411 * if the file is NULL, enable "perf" handler, or enable "trace" handler. 412 */ 413 static int 414 enable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file) 415 { 416 struct event_file_link *link; 417 int ret = 0; 418 419 if (file) { 420 link = kmalloc(sizeof(*link), GFP_KERNEL); 421 if (!link) { 422 ret = -ENOMEM; 423 goto out; 424 } 425 426 link->file = file; 427 list_add_tail_rcu(&link->list, &tk->tp.files); 428 429 tk->tp.flags |= TP_FLAG_TRACE; 430 ret = __enable_trace_kprobe(tk); 431 if (ret) { 432 list_del_rcu(&link->list); 433 kfree(link); 434 tk->tp.flags &= ~TP_FLAG_TRACE; 435 } 436 437 } else { 438 tk->tp.flags |= TP_FLAG_PROFILE; 439 ret = __enable_trace_kprobe(tk); 440 if (ret) 441 tk->tp.flags &= ~TP_FLAG_PROFILE; 442 } 443 out: 444 return ret; 445 } 446 447 /* 448 * Disable trace_probe 449 * if the file is NULL, disable "perf" handler, or disable "trace" handler. 450 */ 451 static int 452 disable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file) 453 { 454 struct event_file_link *link = NULL; 455 int wait = 0; 456 int ret = 0; 457 458 if (file) { 459 link = find_event_file_link(&tk->tp, file); 460 if (!link) { 461 ret = -EINVAL; 462 goto out; 463 } 464 465 list_del_rcu(&link->list); 466 wait = 1; 467 if (!list_empty(&tk->tp.files)) 468 goto out; 469 470 tk->tp.flags &= ~TP_FLAG_TRACE; 471 } else 472 tk->tp.flags &= ~TP_FLAG_PROFILE; 473 474 if (!trace_probe_is_enabled(&tk->tp) && trace_probe_is_registered(&tk->tp)) { 475 if (trace_kprobe_is_return(tk)) 476 disable_kretprobe(&tk->rp); 477 else 478 disable_kprobe(&tk->rp.kp); 479 wait = 1; 480 } 481 482 /* 483 * if tk is not added to any list, it must be a local trace_kprobe 484 * created with perf_event_open. We don't need to wait for these 485 * trace_kprobes 486 */ 487 if (list_empty(&tk->list)) 488 wait = 0; 489 out: 490 if (wait) { 491 /* 492 * Synchronize with kprobe_trace_func/kretprobe_trace_func 493 * to ensure disabled (all running handlers are finished). 494 * This is not only for kfree(), but also the caller, 495 * trace_remove_event_call() supposes it for releasing 496 * event_call related objects, which will be accessed in 497 * the kprobe_trace_func/kretprobe_trace_func. 498 */ 499 synchronize_sched(); 500 kfree(link); /* Ignored if link == NULL */ 501 } 502 503 return ret; 504 } 505 506 #if defined(CONFIG_KPROBES_ON_FTRACE) && \ 507 !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE) 508 static bool within_notrace_func(struct trace_kprobe *tk) 509 { 510 unsigned long offset, size, addr; 511 512 addr = trace_kprobe_address(tk); 513 if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset)) 514 return false; 515 516 return !ftrace_location_range(addr - offset, addr - offset + size); 517 } 518 #else 519 #define within_notrace_func(tk) (false) 520 #endif 521 522 /* Internal register function - just handle k*probes and flags */ 523 static int __register_trace_kprobe(struct trace_kprobe *tk) 524 { 525 int i, ret; 526 527 if (trace_probe_is_registered(&tk->tp)) 528 return -EINVAL; 529 530 if (within_notrace_func(tk)) { 531 pr_warn("Could not probe notrace function %s\n", 532 trace_kprobe_symbol(tk)); 533 return -EINVAL; 534 } 535 536 for (i = 0; i < tk->tp.nr_args; i++) 537 traceprobe_update_arg(&tk->tp.args[i]); 538 539 /* Set/clear disabled flag according to tp->flag */ 540 if (trace_probe_is_enabled(&tk->tp)) 541 tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED; 542 else 543 tk->rp.kp.flags |= KPROBE_FLAG_DISABLED; 544 545 if (trace_kprobe_is_return(tk)) 546 ret = register_kretprobe(&tk->rp); 547 else 548 ret = register_kprobe(&tk->rp.kp); 549 550 if (ret == 0) 551 tk->tp.flags |= TP_FLAG_REGISTERED; 552 else { 553 if (ret == -ENOENT && trace_kprobe_is_on_module(tk)) { 554 pr_warn("This probe might be able to register after target module is loaded. Continue.\n"); 555 ret = 0; 556 } else if (ret == -EILSEQ) { 557 pr_warn("Probing address(0x%p) is not an instruction boundary.\n", 558 tk->rp.kp.addr); 559 ret = -EINVAL; 560 } 561 } 562 563 return ret; 564 } 565 566 /* Internal unregister function - just handle k*probes and flags */ 567 static void __unregister_trace_kprobe(struct trace_kprobe *tk) 568 { 569 if (trace_probe_is_registered(&tk->tp)) { 570 if (trace_kprobe_is_return(tk)) 571 unregister_kretprobe(&tk->rp); 572 else 573 unregister_kprobe(&tk->rp.kp); 574 tk->tp.flags &= ~TP_FLAG_REGISTERED; 575 /* Cleanup kprobe for reuse */ 576 if (tk->rp.kp.symbol_name) 577 tk->rp.kp.addr = NULL; 578 } 579 } 580 581 /* Unregister a trace_probe and probe_event: call with locking probe_lock */ 582 static int unregister_trace_kprobe(struct trace_kprobe *tk) 583 { 584 /* Enabled event can not be unregistered */ 585 if (trace_probe_is_enabled(&tk->tp)) 586 return -EBUSY; 587 588 /* Will fail if probe is being used by ftrace or perf */ 589 if (unregister_kprobe_event(tk)) 590 return -EBUSY; 591 592 __unregister_trace_kprobe(tk); 593 list_del(&tk->list); 594 595 return 0; 596 } 597 598 /* Register a trace_probe and probe_event */ 599 static int register_trace_kprobe(struct trace_kprobe *tk) 600 { 601 struct trace_kprobe *old_tk; 602 int ret; 603 604 mutex_lock(&probe_lock); 605 606 /* Delete old (same name) event if exist */ 607 old_tk = find_trace_kprobe(trace_event_name(&tk->tp.call), 608 tk->tp.call.class->system); 609 if (old_tk) { 610 ret = unregister_trace_kprobe(old_tk); 611 if (ret < 0) 612 goto end; 613 free_trace_kprobe(old_tk); 614 } 615 616 /* Register new event */ 617 ret = register_kprobe_event(tk); 618 if (ret) { 619 pr_warn("Failed to register probe event(%d)\n", ret); 620 goto end; 621 } 622 623 /* Register k*probe */ 624 ret = __register_trace_kprobe(tk); 625 if (ret < 0) 626 unregister_kprobe_event(tk); 627 else 628 list_add_tail(&tk->list, &probe_list); 629 630 end: 631 mutex_unlock(&probe_lock); 632 return ret; 633 } 634 635 /* Module notifier call back, checking event on the module */ 636 static int trace_kprobe_module_callback(struct notifier_block *nb, 637 unsigned long val, void *data) 638 { 639 struct module *mod = data; 640 struct trace_kprobe *tk; 641 int ret; 642 643 if (val != MODULE_STATE_COMING) 644 return NOTIFY_DONE; 645 646 /* Update probes on coming module */ 647 mutex_lock(&probe_lock); 648 list_for_each_entry(tk, &probe_list, list) { 649 if (trace_kprobe_within_module(tk, mod)) { 650 /* Don't need to check busy - this should have gone. */ 651 __unregister_trace_kprobe(tk); 652 ret = __register_trace_kprobe(tk); 653 if (ret) 654 pr_warn("Failed to re-register probe %s on %s: %d\n", 655 trace_event_name(&tk->tp.call), 656 mod->name, ret); 657 } 658 } 659 mutex_unlock(&probe_lock); 660 661 return NOTIFY_DONE; 662 } 663 664 static struct notifier_block trace_kprobe_module_nb = { 665 .notifier_call = trace_kprobe_module_callback, 666 .priority = 1 /* Invoked after kprobe module callback */ 667 }; 668 669 /* Convert certain expected symbols into '_' when generating event names */ 670 static inline void sanitize_event_name(char *name) 671 { 672 while (*name++ != '\0') 673 if (*name == ':' || *name == '.') 674 *name = '_'; 675 } 676 677 static int create_trace_kprobe(int argc, char **argv) 678 { 679 /* 680 * Argument syntax: 681 * - Add kprobe: 682 * p[:[GRP/]EVENT] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS] 683 * - Add kretprobe: 684 * r[MAXACTIVE][:[GRP/]EVENT] [MOD:]KSYM[+0] [FETCHARGS] 685 * Fetch args: 686 * $retval : fetch return value 687 * $stack : fetch stack address 688 * $stackN : fetch Nth of stack (N:0-) 689 * $comm : fetch current task comm 690 * @ADDR : fetch memory at ADDR (ADDR should be in kernel) 691 * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol) 692 * %REG : fetch register REG 693 * Dereferencing memory fetch: 694 * +|-offs(ARG) : fetch memory at ARG +|- offs address. 695 * Alias name of args: 696 * NAME=FETCHARG : set NAME as alias of FETCHARG. 697 * Type of args: 698 * FETCHARG:TYPE : use TYPE instead of unsigned long. 699 */ 700 struct trace_kprobe *tk; 701 int i, ret = 0; 702 bool is_return = false, is_delete = false; 703 char *symbol = NULL, *event = NULL, *group = NULL; 704 int maxactive = 0; 705 char *arg; 706 long offset = 0; 707 void *addr = NULL; 708 char buf[MAX_EVENT_NAME_LEN]; 709 710 /* argc must be >= 1 */ 711 if (argv[0][0] == 'p') 712 is_return = false; 713 else if (argv[0][0] == 'r') 714 is_return = true; 715 else if (argv[0][0] == '-') 716 is_delete = true; 717 else { 718 pr_info("Probe definition must be started with 'p', 'r' or" 719 " '-'.\n"); 720 return -EINVAL; 721 } 722 723 event = strchr(&argv[0][1], ':'); 724 if (event) { 725 event[0] = '\0'; 726 event++; 727 } 728 if (is_return && isdigit(argv[0][1])) { 729 ret = kstrtouint(&argv[0][1], 0, &maxactive); 730 if (ret) { 731 pr_info("Failed to parse maxactive.\n"); 732 return ret; 733 } 734 /* kretprobes instances are iterated over via a list. The 735 * maximum should stay reasonable. 736 */ 737 if (maxactive > KRETPROBE_MAXACTIVE_MAX) { 738 pr_info("Maxactive is too big (%d > %d).\n", 739 maxactive, KRETPROBE_MAXACTIVE_MAX); 740 return -E2BIG; 741 } 742 } 743 744 if (event) { 745 if (strchr(event, '/')) { 746 group = event; 747 event = strchr(group, '/') + 1; 748 event[-1] = '\0'; 749 if (strlen(group) == 0) { 750 pr_info("Group name is not specified\n"); 751 return -EINVAL; 752 } 753 } 754 if (strlen(event) == 0) { 755 pr_info("Event name is not specified\n"); 756 return -EINVAL; 757 } 758 } 759 if (!group) 760 group = KPROBE_EVENT_SYSTEM; 761 762 if (is_delete) { 763 if (!event) { 764 pr_info("Delete command needs an event name.\n"); 765 return -EINVAL; 766 } 767 mutex_lock(&probe_lock); 768 tk = find_trace_kprobe(event, group); 769 if (!tk) { 770 mutex_unlock(&probe_lock); 771 pr_info("Event %s/%s doesn't exist.\n", group, event); 772 return -ENOENT; 773 } 774 /* delete an event */ 775 ret = unregister_trace_kprobe(tk); 776 if (ret == 0) 777 free_trace_kprobe(tk); 778 mutex_unlock(&probe_lock); 779 return ret; 780 } 781 782 if (argc < 2) { 783 pr_info("Probe point is not specified.\n"); 784 return -EINVAL; 785 } 786 787 /* try to parse an address. if that fails, try to read the 788 * input as a symbol. */ 789 if (kstrtoul(argv[1], 0, (unsigned long *)&addr)) { 790 /* a symbol specified */ 791 symbol = argv[1]; 792 /* TODO: support .init module functions */ 793 ret = traceprobe_split_symbol_offset(symbol, &offset); 794 if (ret || offset < 0 || offset > UINT_MAX) { 795 pr_info("Failed to parse either an address or a symbol.\n"); 796 return ret; 797 } 798 if (offset && is_return && 799 !kprobe_on_func_entry(NULL, symbol, offset)) { 800 pr_info("Given offset is not valid for return probe.\n"); 801 return -EINVAL; 802 } 803 } 804 argc -= 2; argv += 2; 805 806 /* setup a probe */ 807 if (!event) { 808 /* Make a new event name */ 809 if (symbol) 810 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_%ld", 811 is_return ? 'r' : 'p', symbol, offset); 812 else 813 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_0x%p", 814 is_return ? 'r' : 'p', addr); 815 sanitize_event_name(buf); 816 event = buf; 817 } 818 tk = alloc_trace_kprobe(group, event, addr, symbol, offset, maxactive, 819 argc, is_return); 820 if (IS_ERR(tk)) { 821 pr_info("Failed to allocate trace_probe.(%d)\n", 822 (int)PTR_ERR(tk)); 823 return PTR_ERR(tk); 824 } 825 826 /* parse arguments */ 827 ret = 0; 828 for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) { 829 struct probe_arg *parg = &tk->tp.args[i]; 830 831 /* Increment count for freeing args in error case */ 832 tk->tp.nr_args++; 833 834 /* Parse argument name */ 835 arg = strchr(argv[i], '='); 836 if (arg) { 837 *arg++ = '\0'; 838 parg->name = kstrdup(argv[i], GFP_KERNEL); 839 } else { 840 arg = argv[i]; 841 /* If argument name is omitted, set "argN" */ 842 snprintf(buf, MAX_EVENT_NAME_LEN, "arg%d", i + 1); 843 parg->name = kstrdup(buf, GFP_KERNEL); 844 } 845 846 if (!parg->name) { 847 pr_info("Failed to allocate argument[%d] name.\n", i); 848 ret = -ENOMEM; 849 goto error; 850 } 851 852 if (!is_good_name(parg->name)) { 853 pr_info("Invalid argument[%d] name: %s\n", 854 i, parg->name); 855 ret = -EINVAL; 856 goto error; 857 } 858 859 if (traceprobe_conflict_field_name(parg->name, 860 tk->tp.args, i)) { 861 pr_info("Argument[%d] name '%s' conflicts with " 862 "another field.\n", i, argv[i]); 863 ret = -EINVAL; 864 goto error; 865 } 866 867 /* Parse fetch argument */ 868 ret = traceprobe_parse_probe_arg(arg, &tk->tp.size, parg, 869 is_return, true, 870 kprobes_fetch_type_table); 871 if (ret) { 872 pr_info("Parse error at argument[%d]. (%d)\n", i, ret); 873 goto error; 874 } 875 } 876 877 ret = register_trace_kprobe(tk); 878 if (ret) 879 goto error; 880 return 0; 881 882 error: 883 free_trace_kprobe(tk); 884 return ret; 885 } 886 887 static int release_all_trace_kprobes(void) 888 { 889 struct trace_kprobe *tk; 890 int ret = 0; 891 892 mutex_lock(&probe_lock); 893 /* Ensure no probe is in use. */ 894 list_for_each_entry(tk, &probe_list, list) 895 if (trace_probe_is_enabled(&tk->tp)) { 896 ret = -EBUSY; 897 goto end; 898 } 899 /* TODO: Use batch unregistration */ 900 while (!list_empty(&probe_list)) { 901 tk = list_entry(probe_list.next, struct trace_kprobe, list); 902 ret = unregister_trace_kprobe(tk); 903 if (ret) 904 goto end; 905 free_trace_kprobe(tk); 906 } 907 908 end: 909 mutex_unlock(&probe_lock); 910 911 return ret; 912 } 913 914 /* Probes listing interfaces */ 915 static void *probes_seq_start(struct seq_file *m, loff_t *pos) 916 { 917 mutex_lock(&probe_lock); 918 return seq_list_start(&probe_list, *pos); 919 } 920 921 static void *probes_seq_next(struct seq_file *m, void *v, loff_t *pos) 922 { 923 return seq_list_next(v, &probe_list, pos); 924 } 925 926 static void probes_seq_stop(struct seq_file *m, void *v) 927 { 928 mutex_unlock(&probe_lock); 929 } 930 931 static int probes_seq_show(struct seq_file *m, void *v) 932 { 933 struct trace_kprobe *tk = v; 934 int i; 935 936 seq_putc(m, trace_kprobe_is_return(tk) ? 'r' : 'p'); 937 seq_printf(m, ":%s/%s", tk->tp.call.class->system, 938 trace_event_name(&tk->tp.call)); 939 940 if (!tk->symbol) 941 seq_printf(m, " 0x%p", tk->rp.kp.addr); 942 else if (tk->rp.kp.offset) 943 seq_printf(m, " %s+%u", trace_kprobe_symbol(tk), 944 tk->rp.kp.offset); 945 else 946 seq_printf(m, " %s", trace_kprobe_symbol(tk)); 947 948 for (i = 0; i < tk->tp.nr_args; i++) 949 seq_printf(m, " %s=%s", tk->tp.args[i].name, tk->tp.args[i].comm); 950 seq_putc(m, '\n'); 951 952 return 0; 953 } 954 955 static const struct seq_operations probes_seq_op = { 956 .start = probes_seq_start, 957 .next = probes_seq_next, 958 .stop = probes_seq_stop, 959 .show = probes_seq_show 960 }; 961 962 static int probes_open(struct inode *inode, struct file *file) 963 { 964 int ret; 965 966 if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) { 967 ret = release_all_trace_kprobes(); 968 if (ret < 0) 969 return ret; 970 } 971 972 return seq_open(file, &probes_seq_op); 973 } 974 975 static ssize_t probes_write(struct file *file, const char __user *buffer, 976 size_t count, loff_t *ppos) 977 { 978 return trace_parse_run_command(file, buffer, count, ppos, 979 create_trace_kprobe); 980 } 981 982 static const struct file_operations kprobe_events_ops = { 983 .owner = THIS_MODULE, 984 .open = probes_open, 985 .read = seq_read, 986 .llseek = seq_lseek, 987 .release = seq_release, 988 .write = probes_write, 989 }; 990 991 /* Probes profiling interfaces */ 992 static int probes_profile_seq_show(struct seq_file *m, void *v) 993 { 994 struct trace_kprobe *tk = v; 995 996 seq_printf(m, " %-44s %15lu %15lu\n", 997 trace_event_name(&tk->tp.call), 998 trace_kprobe_nhit(tk), 999 tk->rp.kp.nmissed); 1000 1001 return 0; 1002 } 1003 1004 static const struct seq_operations profile_seq_op = { 1005 .start = probes_seq_start, 1006 .next = probes_seq_next, 1007 .stop = probes_seq_stop, 1008 .show = probes_profile_seq_show 1009 }; 1010 1011 static int profile_open(struct inode *inode, struct file *file) 1012 { 1013 return seq_open(file, &profile_seq_op); 1014 } 1015 1016 static const struct file_operations kprobe_profile_ops = { 1017 .owner = THIS_MODULE, 1018 .open = profile_open, 1019 .read = seq_read, 1020 .llseek = seq_lseek, 1021 .release = seq_release, 1022 }; 1023 1024 /* Kprobe handler */ 1025 static nokprobe_inline void 1026 __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs, 1027 struct trace_event_file *trace_file) 1028 { 1029 struct kprobe_trace_entry_head *entry; 1030 struct ring_buffer_event *event; 1031 struct ring_buffer *buffer; 1032 int size, dsize, pc; 1033 unsigned long irq_flags; 1034 struct trace_event_call *call = &tk->tp.call; 1035 1036 WARN_ON(call != trace_file->event_call); 1037 1038 if (trace_trigger_soft_disabled(trace_file)) 1039 return; 1040 1041 local_save_flags(irq_flags); 1042 pc = preempt_count(); 1043 1044 dsize = __get_data_size(&tk->tp, regs); 1045 size = sizeof(*entry) + tk->tp.size + dsize; 1046 1047 event = trace_event_buffer_lock_reserve(&buffer, trace_file, 1048 call->event.type, 1049 size, irq_flags, pc); 1050 if (!event) 1051 return; 1052 1053 entry = ring_buffer_event_data(event); 1054 entry->ip = (unsigned long)tk->rp.kp.addr; 1055 store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize); 1056 1057 event_trigger_unlock_commit_regs(trace_file, buffer, event, 1058 entry, irq_flags, pc, regs); 1059 } 1060 1061 static void 1062 kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs) 1063 { 1064 struct event_file_link *link; 1065 1066 list_for_each_entry_rcu(link, &tk->tp.files, list) 1067 __kprobe_trace_func(tk, regs, link->file); 1068 } 1069 NOKPROBE_SYMBOL(kprobe_trace_func); 1070 1071 /* Kretprobe handler */ 1072 static nokprobe_inline void 1073 __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, 1074 struct pt_regs *regs, 1075 struct trace_event_file *trace_file) 1076 { 1077 struct kretprobe_trace_entry_head *entry; 1078 struct ring_buffer_event *event; 1079 struct ring_buffer *buffer; 1080 int size, pc, dsize; 1081 unsigned long irq_flags; 1082 struct trace_event_call *call = &tk->tp.call; 1083 1084 WARN_ON(call != trace_file->event_call); 1085 1086 if (trace_trigger_soft_disabled(trace_file)) 1087 return; 1088 1089 local_save_flags(irq_flags); 1090 pc = preempt_count(); 1091 1092 dsize = __get_data_size(&tk->tp, regs); 1093 size = sizeof(*entry) + tk->tp.size + dsize; 1094 1095 event = trace_event_buffer_lock_reserve(&buffer, trace_file, 1096 call->event.type, 1097 size, irq_flags, pc); 1098 if (!event) 1099 return; 1100 1101 entry = ring_buffer_event_data(event); 1102 entry->func = (unsigned long)tk->rp.kp.addr; 1103 entry->ret_ip = (unsigned long)ri->ret_addr; 1104 store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize); 1105 1106 event_trigger_unlock_commit_regs(trace_file, buffer, event, 1107 entry, irq_flags, pc, regs); 1108 } 1109 1110 static void 1111 kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, 1112 struct pt_regs *regs) 1113 { 1114 struct event_file_link *link; 1115 1116 list_for_each_entry_rcu(link, &tk->tp.files, list) 1117 __kretprobe_trace_func(tk, ri, regs, link->file); 1118 } 1119 NOKPROBE_SYMBOL(kretprobe_trace_func); 1120 1121 /* Event entry printers */ 1122 static enum print_line_t 1123 print_kprobe_event(struct trace_iterator *iter, int flags, 1124 struct trace_event *event) 1125 { 1126 struct kprobe_trace_entry_head *field; 1127 struct trace_seq *s = &iter->seq; 1128 struct trace_probe *tp; 1129 u8 *data; 1130 int i; 1131 1132 field = (struct kprobe_trace_entry_head *)iter->ent; 1133 tp = container_of(event, struct trace_probe, call.event); 1134 1135 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call)); 1136 1137 if (!seq_print_ip_sym(s, field->ip, flags | TRACE_ITER_SYM_OFFSET)) 1138 goto out; 1139 1140 trace_seq_putc(s, ')'); 1141 1142 data = (u8 *)&field[1]; 1143 for (i = 0; i < tp->nr_args; i++) 1144 if (!tp->args[i].type->print(s, tp->args[i].name, 1145 data + tp->args[i].offset, field)) 1146 goto out; 1147 1148 trace_seq_putc(s, '\n'); 1149 out: 1150 return trace_handle_return(s); 1151 } 1152 1153 static enum print_line_t 1154 print_kretprobe_event(struct trace_iterator *iter, int flags, 1155 struct trace_event *event) 1156 { 1157 struct kretprobe_trace_entry_head *field; 1158 struct trace_seq *s = &iter->seq; 1159 struct trace_probe *tp; 1160 u8 *data; 1161 int i; 1162 1163 field = (struct kretprobe_trace_entry_head *)iter->ent; 1164 tp = container_of(event, struct trace_probe, call.event); 1165 1166 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call)); 1167 1168 if (!seq_print_ip_sym(s, field->ret_ip, flags | TRACE_ITER_SYM_OFFSET)) 1169 goto out; 1170 1171 trace_seq_puts(s, " <- "); 1172 1173 if (!seq_print_ip_sym(s, field->func, flags & ~TRACE_ITER_SYM_OFFSET)) 1174 goto out; 1175 1176 trace_seq_putc(s, ')'); 1177 1178 data = (u8 *)&field[1]; 1179 for (i = 0; i < tp->nr_args; i++) 1180 if (!tp->args[i].type->print(s, tp->args[i].name, 1181 data + tp->args[i].offset, field)) 1182 goto out; 1183 1184 trace_seq_putc(s, '\n'); 1185 1186 out: 1187 return trace_handle_return(s); 1188 } 1189 1190 1191 static int kprobe_event_define_fields(struct trace_event_call *event_call) 1192 { 1193 int ret, i; 1194 struct kprobe_trace_entry_head field; 1195 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data; 1196 1197 DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0); 1198 /* Set argument names as fields */ 1199 for (i = 0; i < tk->tp.nr_args; i++) { 1200 struct probe_arg *parg = &tk->tp.args[i]; 1201 1202 ret = trace_define_field(event_call, parg->type->fmttype, 1203 parg->name, 1204 sizeof(field) + parg->offset, 1205 parg->type->size, 1206 parg->type->is_signed, 1207 FILTER_OTHER); 1208 if (ret) 1209 return ret; 1210 } 1211 return 0; 1212 } 1213 1214 static int kretprobe_event_define_fields(struct trace_event_call *event_call) 1215 { 1216 int ret, i; 1217 struct kretprobe_trace_entry_head field; 1218 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data; 1219 1220 DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0); 1221 DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0); 1222 /* Set argument names as fields */ 1223 for (i = 0; i < tk->tp.nr_args; i++) { 1224 struct probe_arg *parg = &tk->tp.args[i]; 1225 1226 ret = trace_define_field(event_call, parg->type->fmttype, 1227 parg->name, 1228 sizeof(field) + parg->offset, 1229 parg->type->size, 1230 parg->type->is_signed, 1231 FILTER_OTHER); 1232 if (ret) 1233 return ret; 1234 } 1235 return 0; 1236 } 1237 1238 #ifdef CONFIG_PERF_EVENTS 1239 1240 /* Kprobe profile handler */ 1241 static int 1242 kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs) 1243 { 1244 struct trace_event_call *call = &tk->tp.call; 1245 struct kprobe_trace_entry_head *entry; 1246 struct hlist_head *head; 1247 int size, __size, dsize; 1248 int rctx; 1249 1250 if (bpf_prog_array_valid(call)) { 1251 unsigned long orig_ip = instruction_pointer(regs); 1252 int ret; 1253 1254 ret = trace_call_bpf(call, regs); 1255 1256 /* 1257 * We need to check and see if we modified the pc of the 1258 * pt_regs, and if so return 1 so that we don't do the 1259 * single stepping. 1260 */ 1261 if (orig_ip != instruction_pointer(regs)) 1262 return 1; 1263 if (!ret) 1264 return 0; 1265 } 1266 1267 head = this_cpu_ptr(call->perf_events); 1268 if (hlist_empty(head)) 1269 return 0; 1270 1271 dsize = __get_data_size(&tk->tp, regs); 1272 __size = sizeof(*entry) + tk->tp.size + dsize; 1273 size = ALIGN(__size + sizeof(u32), sizeof(u64)); 1274 size -= sizeof(u32); 1275 1276 entry = perf_trace_buf_alloc(size, NULL, &rctx); 1277 if (!entry) 1278 return 0; 1279 1280 entry->ip = (unsigned long)tk->rp.kp.addr; 1281 memset(&entry[1], 0, dsize); 1282 store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize); 1283 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs, 1284 head, NULL); 1285 return 0; 1286 } 1287 NOKPROBE_SYMBOL(kprobe_perf_func); 1288 1289 /* Kretprobe profile handler */ 1290 static void 1291 kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, 1292 struct pt_regs *regs) 1293 { 1294 struct trace_event_call *call = &tk->tp.call; 1295 struct kretprobe_trace_entry_head *entry; 1296 struct hlist_head *head; 1297 int size, __size, dsize; 1298 int rctx; 1299 1300 if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs)) 1301 return; 1302 1303 head = this_cpu_ptr(call->perf_events); 1304 if (hlist_empty(head)) 1305 return; 1306 1307 dsize = __get_data_size(&tk->tp, regs); 1308 __size = sizeof(*entry) + tk->tp.size + dsize; 1309 size = ALIGN(__size + sizeof(u32), sizeof(u64)); 1310 size -= sizeof(u32); 1311 1312 entry = perf_trace_buf_alloc(size, NULL, &rctx); 1313 if (!entry) 1314 return; 1315 1316 entry->func = (unsigned long)tk->rp.kp.addr; 1317 entry->ret_ip = (unsigned long)ri->ret_addr; 1318 store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize); 1319 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs, 1320 head, NULL); 1321 } 1322 NOKPROBE_SYMBOL(kretprobe_perf_func); 1323 1324 int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type, 1325 const char **symbol, u64 *probe_offset, 1326 u64 *probe_addr, bool perf_type_tracepoint) 1327 { 1328 const char *pevent = trace_event_name(event->tp_event); 1329 const char *group = event->tp_event->class->system; 1330 struct trace_kprobe *tk; 1331 1332 if (perf_type_tracepoint) 1333 tk = find_trace_kprobe(pevent, group); 1334 else 1335 tk = event->tp_event->data; 1336 if (!tk) 1337 return -EINVAL; 1338 1339 *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE 1340 : BPF_FD_TYPE_KPROBE; 1341 if (tk->symbol) { 1342 *symbol = tk->symbol; 1343 *probe_offset = tk->rp.kp.offset; 1344 *probe_addr = 0; 1345 } else { 1346 *symbol = NULL; 1347 *probe_offset = 0; 1348 *probe_addr = (unsigned long)tk->rp.kp.addr; 1349 } 1350 return 0; 1351 } 1352 #endif /* CONFIG_PERF_EVENTS */ 1353 1354 /* 1355 * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex. 1356 * 1357 * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe 1358 * lockless, but we can't race with this __init function. 1359 */ 1360 static int kprobe_register(struct trace_event_call *event, 1361 enum trace_reg type, void *data) 1362 { 1363 struct trace_kprobe *tk = (struct trace_kprobe *)event->data; 1364 struct trace_event_file *file = data; 1365 1366 switch (type) { 1367 case TRACE_REG_REGISTER: 1368 return enable_trace_kprobe(tk, file); 1369 case TRACE_REG_UNREGISTER: 1370 return disable_trace_kprobe(tk, file); 1371 1372 #ifdef CONFIG_PERF_EVENTS 1373 case TRACE_REG_PERF_REGISTER: 1374 return enable_trace_kprobe(tk, NULL); 1375 case TRACE_REG_PERF_UNREGISTER: 1376 return disable_trace_kprobe(tk, NULL); 1377 case TRACE_REG_PERF_OPEN: 1378 case TRACE_REG_PERF_CLOSE: 1379 case TRACE_REG_PERF_ADD: 1380 case TRACE_REG_PERF_DEL: 1381 return 0; 1382 #endif 1383 } 1384 return 0; 1385 } 1386 1387 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs) 1388 { 1389 struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp); 1390 int ret = 0; 1391 1392 raw_cpu_inc(*tk->nhit); 1393 1394 if (tk->tp.flags & TP_FLAG_TRACE) 1395 kprobe_trace_func(tk, regs); 1396 #ifdef CONFIG_PERF_EVENTS 1397 if (tk->tp.flags & TP_FLAG_PROFILE) 1398 ret = kprobe_perf_func(tk, regs); 1399 #endif 1400 return ret; 1401 } 1402 NOKPROBE_SYMBOL(kprobe_dispatcher); 1403 1404 static int 1405 kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs) 1406 { 1407 struct trace_kprobe *tk = container_of(ri->rp, struct trace_kprobe, rp); 1408 1409 raw_cpu_inc(*tk->nhit); 1410 1411 if (tk->tp.flags & TP_FLAG_TRACE) 1412 kretprobe_trace_func(tk, ri, regs); 1413 #ifdef CONFIG_PERF_EVENTS 1414 if (tk->tp.flags & TP_FLAG_PROFILE) 1415 kretprobe_perf_func(tk, ri, regs); 1416 #endif 1417 return 0; /* We don't tweek kernel, so just return 0 */ 1418 } 1419 NOKPROBE_SYMBOL(kretprobe_dispatcher); 1420 1421 static struct trace_event_functions kretprobe_funcs = { 1422 .trace = print_kretprobe_event 1423 }; 1424 1425 static struct trace_event_functions kprobe_funcs = { 1426 .trace = print_kprobe_event 1427 }; 1428 1429 static inline void init_trace_event_call(struct trace_kprobe *tk, 1430 struct trace_event_call *call) 1431 { 1432 INIT_LIST_HEAD(&call->class->fields); 1433 if (trace_kprobe_is_return(tk)) { 1434 call->event.funcs = &kretprobe_funcs; 1435 call->class->define_fields = kretprobe_event_define_fields; 1436 } else { 1437 call->event.funcs = &kprobe_funcs; 1438 call->class->define_fields = kprobe_event_define_fields; 1439 } 1440 1441 call->flags = TRACE_EVENT_FL_KPROBE; 1442 call->class->reg = kprobe_register; 1443 call->data = tk; 1444 } 1445 1446 static int register_kprobe_event(struct trace_kprobe *tk) 1447 { 1448 struct trace_event_call *call = &tk->tp.call; 1449 int ret = 0; 1450 1451 init_trace_event_call(tk, call); 1452 1453 if (set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0) 1454 return -ENOMEM; 1455 ret = register_trace_event(&call->event); 1456 if (!ret) { 1457 kfree(call->print_fmt); 1458 return -ENODEV; 1459 } 1460 ret = trace_add_event_call(call); 1461 if (ret) { 1462 pr_info("Failed to register kprobe event: %s\n", 1463 trace_event_name(call)); 1464 kfree(call->print_fmt); 1465 unregister_trace_event(&call->event); 1466 } 1467 return ret; 1468 } 1469 1470 static int unregister_kprobe_event(struct trace_kprobe *tk) 1471 { 1472 int ret; 1473 1474 /* tp->event is unregistered in trace_remove_event_call() */ 1475 ret = trace_remove_event_call(&tk->tp.call); 1476 if (!ret) 1477 kfree(tk->tp.call.print_fmt); 1478 return ret; 1479 } 1480 1481 #ifdef CONFIG_PERF_EVENTS 1482 /* create a trace_kprobe, but don't add it to global lists */ 1483 struct trace_event_call * 1484 create_local_trace_kprobe(char *func, void *addr, unsigned long offs, 1485 bool is_return) 1486 { 1487 struct trace_kprobe *tk; 1488 int ret; 1489 char *event; 1490 1491 /* 1492 * local trace_kprobes are not added to probe_list, so they are never 1493 * searched in find_trace_kprobe(). Therefore, there is no concern of 1494 * duplicated name here. 1495 */ 1496 event = func ? func : "DUMMY_EVENT"; 1497 1498 tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, (void *)addr, func, 1499 offs, 0 /* maxactive */, 0 /* nargs */, 1500 is_return); 1501 1502 if (IS_ERR(tk)) { 1503 pr_info("Failed to allocate trace_probe.(%d)\n", 1504 (int)PTR_ERR(tk)); 1505 return ERR_CAST(tk); 1506 } 1507 1508 init_trace_event_call(tk, &tk->tp.call); 1509 1510 if (set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0) { 1511 ret = -ENOMEM; 1512 goto error; 1513 } 1514 1515 ret = __register_trace_kprobe(tk); 1516 if (ret < 0) { 1517 kfree(tk->tp.call.print_fmt); 1518 goto error; 1519 } 1520 1521 return &tk->tp.call; 1522 error: 1523 free_trace_kprobe(tk); 1524 return ERR_PTR(ret); 1525 } 1526 1527 void destroy_local_trace_kprobe(struct trace_event_call *event_call) 1528 { 1529 struct trace_kprobe *tk; 1530 1531 tk = container_of(event_call, struct trace_kprobe, tp.call); 1532 1533 if (trace_probe_is_enabled(&tk->tp)) { 1534 WARN_ON(1); 1535 return; 1536 } 1537 1538 __unregister_trace_kprobe(tk); 1539 1540 kfree(tk->tp.call.print_fmt); 1541 free_trace_kprobe(tk); 1542 } 1543 #endif /* CONFIG_PERF_EVENTS */ 1544 1545 /* Make a tracefs interface for controlling probe points */ 1546 static __init int init_kprobe_trace(void) 1547 { 1548 struct dentry *d_tracer; 1549 struct dentry *entry; 1550 1551 if (register_module_notifier(&trace_kprobe_module_nb)) 1552 return -EINVAL; 1553 1554 d_tracer = tracing_init_dentry(); 1555 if (IS_ERR(d_tracer)) 1556 return 0; 1557 1558 entry = tracefs_create_file("kprobe_events", 0644, d_tracer, 1559 NULL, &kprobe_events_ops); 1560 1561 /* Event list interface */ 1562 if (!entry) 1563 pr_warn("Could not create tracefs 'kprobe_events' entry\n"); 1564 1565 /* Profile interface */ 1566 entry = tracefs_create_file("kprobe_profile", 0444, d_tracer, 1567 NULL, &kprobe_profile_ops); 1568 1569 if (!entry) 1570 pr_warn("Could not create tracefs 'kprobe_profile' entry\n"); 1571 return 0; 1572 } 1573 fs_initcall(init_kprobe_trace); 1574 1575 1576 #ifdef CONFIG_FTRACE_STARTUP_TEST 1577 static __init struct trace_event_file * 1578 find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr) 1579 { 1580 struct trace_event_file *file; 1581 1582 list_for_each_entry(file, &tr->events, list) 1583 if (file->event_call == &tk->tp.call) 1584 return file; 1585 1586 return NULL; 1587 } 1588 1589 /* 1590 * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this 1591 * stage, we can do this lockless. 1592 */ 1593 static __init int kprobe_trace_self_tests_init(void) 1594 { 1595 int ret, warn = 0; 1596 int (*target)(int, int, int, int, int, int); 1597 struct trace_kprobe *tk; 1598 struct trace_event_file *file; 1599 1600 if (tracing_is_disabled()) 1601 return -ENODEV; 1602 1603 target = kprobe_trace_selftest_target; 1604 1605 pr_info("Testing kprobe tracing: "); 1606 1607 ret = trace_run_command("p:testprobe kprobe_trace_selftest_target " 1608 "$stack $stack0 +0($stack)", 1609 create_trace_kprobe); 1610 if (WARN_ON_ONCE(ret)) { 1611 pr_warn("error on probing function entry.\n"); 1612 warn++; 1613 } else { 1614 /* Enable trace point */ 1615 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM); 1616 if (WARN_ON_ONCE(tk == NULL)) { 1617 pr_warn("error on getting new probe.\n"); 1618 warn++; 1619 } else { 1620 file = find_trace_probe_file(tk, top_trace_array()); 1621 if (WARN_ON_ONCE(file == NULL)) { 1622 pr_warn("error on getting probe file.\n"); 1623 warn++; 1624 } else 1625 enable_trace_kprobe(tk, file); 1626 } 1627 } 1628 1629 ret = trace_run_command("r:testprobe2 kprobe_trace_selftest_target " 1630 "$retval", create_trace_kprobe); 1631 if (WARN_ON_ONCE(ret)) { 1632 pr_warn("error on probing function return.\n"); 1633 warn++; 1634 } else { 1635 /* Enable trace point */ 1636 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM); 1637 if (WARN_ON_ONCE(tk == NULL)) { 1638 pr_warn("error on getting 2nd new probe.\n"); 1639 warn++; 1640 } else { 1641 file = find_trace_probe_file(tk, top_trace_array()); 1642 if (WARN_ON_ONCE(file == NULL)) { 1643 pr_warn("error on getting probe file.\n"); 1644 warn++; 1645 } else 1646 enable_trace_kprobe(tk, file); 1647 } 1648 } 1649 1650 if (warn) 1651 goto end; 1652 1653 ret = target(1, 2, 3, 4, 5, 6); 1654 1655 /* 1656 * Not expecting an error here, the check is only to prevent the 1657 * optimizer from removing the call to target() as otherwise there 1658 * are no side-effects and the call is never performed. 1659 */ 1660 if (ret != 21) 1661 warn++; 1662 1663 /* Disable trace points before removing it */ 1664 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM); 1665 if (WARN_ON_ONCE(tk == NULL)) { 1666 pr_warn("error on getting test probe.\n"); 1667 warn++; 1668 } else { 1669 if (trace_kprobe_nhit(tk) != 1) { 1670 pr_warn("incorrect number of testprobe hits\n"); 1671 warn++; 1672 } 1673 1674 file = find_trace_probe_file(tk, top_trace_array()); 1675 if (WARN_ON_ONCE(file == NULL)) { 1676 pr_warn("error on getting probe file.\n"); 1677 warn++; 1678 } else 1679 disable_trace_kprobe(tk, file); 1680 } 1681 1682 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM); 1683 if (WARN_ON_ONCE(tk == NULL)) { 1684 pr_warn("error on getting 2nd test probe.\n"); 1685 warn++; 1686 } else { 1687 if (trace_kprobe_nhit(tk) != 1) { 1688 pr_warn("incorrect number of testprobe2 hits\n"); 1689 warn++; 1690 } 1691 1692 file = find_trace_probe_file(tk, top_trace_array()); 1693 if (WARN_ON_ONCE(file == NULL)) { 1694 pr_warn("error on getting probe file.\n"); 1695 warn++; 1696 } else 1697 disable_trace_kprobe(tk, file); 1698 } 1699 1700 ret = trace_run_command("-:testprobe", create_trace_kprobe); 1701 if (WARN_ON_ONCE(ret)) { 1702 pr_warn("error on deleting a probe.\n"); 1703 warn++; 1704 } 1705 1706 ret = trace_run_command("-:testprobe2", create_trace_kprobe); 1707 if (WARN_ON_ONCE(ret)) { 1708 pr_warn("error on deleting a probe.\n"); 1709 warn++; 1710 } 1711 1712 end: 1713 release_all_trace_kprobes(); 1714 /* 1715 * Wait for the optimizer work to finish. Otherwise it might fiddle 1716 * with probes in already freed __init text. 1717 */ 1718 wait_for_kprobe_optimizer(); 1719 if (warn) 1720 pr_cont("NG: Some tests are failed. Please check them.\n"); 1721 else 1722 pr_cont("OK\n"); 1723 return 0; 1724 } 1725 1726 late_initcall(kprobe_trace_self_tests_init); 1727 1728 #endif 1729