1 /*
2  * kretprobe_example.c
3  *
4  * Here's a sample kernel module showing the use of return probes to
5  * report the return value and total time taken for probed function
6  * to run.
7  *
8  * usage: insmod kretprobe_example.ko func=<func_name>
9  *
10  * If no func_name is specified, do_fork is instrumented
11  *
12  * For more information on theory of operation of kretprobes, see
13  * Documentation/kprobes.txt
14  *
15  * Build and insert the kernel module as done in the kprobe example.
16  * You will see the trace data in /var/log/messages and on the console
17  * whenever the probed function returns. (Some messages may be suppressed
18  * if syslogd is configured to eliminate duplicate messages.)
19  */
20 
21 #include <linux/kernel.h>
22 #include <linux/module.h>
23 #include <linux/kprobes.h>
24 #include <linux/ktime.h>
25 #include <linux/limits.h>
26 
27 static char func_name[NAME_MAX] = "do_fork";
28 module_param_string(func, func_name, NAME_MAX, S_IRUGO);
29 MODULE_PARM_DESC(func, "Function to kretprobe; this module will report the"
30 			" function's execution time");
31 
32 /* per-instance private data */
33 struct my_data {
34 	ktime_t entry_stamp;
35 };
36 
37 /* Here we use the entry_hanlder to timestamp function entry */
38 static int entry_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
39 {
40 	struct my_data *data;
41 
42 	if (!current->mm)
43 		return 1;	/* Skip kernel threads */
44 
45 	data = (struct my_data *)ri->data;
46 	data->entry_stamp = ktime_get();
47 	return 0;
48 }
49 
50 /*
51  * Return-probe handler: Log the return value and duration. Duration may turn
52  * out to be zero consistently, depending upon the granularity of time
53  * accounting on the platform.
54  */
55 static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
56 {
57 	int retval = regs_return_value(regs);
58 	struct my_data *data = (struct my_data *)ri->data;
59 	s64 delta;
60 	ktime_t now;
61 
62 	now = ktime_get();
63 	delta = ktime_to_ns(ktime_sub(now, data->entry_stamp));
64 	printk(KERN_INFO "%s returned %d and took %lld ns to execute\n",
65 			func_name, retval, (long long)delta);
66 	return 0;
67 }
68 
69 static struct kretprobe my_kretprobe = {
70 	.handler		= ret_handler,
71 	.entry_handler		= entry_handler,
72 	.data_size		= sizeof(struct my_data),
73 	/* Probe up to 20 instances concurrently. */
74 	.maxactive		= 20,
75 };
76 
77 static int __init kretprobe_init(void)
78 {
79 	int ret;
80 
81 	my_kretprobe.kp.symbol_name = func_name;
82 	ret = register_kretprobe(&my_kretprobe);
83 	if (ret < 0) {
84 		printk(KERN_INFO "register_kretprobe failed, returned %d\n",
85 				ret);
86 		return -1;
87 	}
88 	printk(KERN_INFO "Planted return probe at %s: %p\n",
89 			my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr);
90 	return 0;
91 }
92 
93 static void __exit kretprobe_exit(void)
94 {
95 	unregister_kretprobe(&my_kretprobe);
96 	printk(KERN_INFO "kretprobe at %p unregistered\n",
97 			my_kretprobe.kp.addr);
98 
99 	/* nmissed > 0 suggests that maxactive was set too low. */
100 	printk(KERN_INFO "Missed probing %d instances of %s\n",
101 		my_kretprobe.nmissed, my_kretprobe.kp.symbol_name);
102 }
103 
104 module_init(kretprobe_init)
105 module_exit(kretprobe_exit)
106 MODULE_LICENSE("GPL");
107