~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/kernel/trace/trace_kprobe.c

Version: ~ [ linux-4.19-rc7 ] ~ [ linux-4.18.12 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.74 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.131 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.159 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.123 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.59 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.31.14 ] ~ [ linux-2.6.30.10 ] ~ [ linux-2.6.29.6 ] ~ [ linux-2.6.28.10 ] ~ [ linux-2.6.27.62 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0
  2 /*
  3  * Kprobes-based tracing events
  4  *
  5  * Created by Masami Hiramatsu <mhiramat@redhat.com>
  6  *
  7  */
  8 #define pr_fmt(fmt)     "trace_kprobe: " fmt
  9 
 10 #include <linux/module.h>
 11 #include <linux/uaccess.h>
 12 #include <linux/rculist.h>
 13 #include <linux/error-injection.h>
 14 
 15 #include "trace_kprobe_selftest.h"
 16 #include "trace_probe.h"
 17 
 18 #define KPROBE_EVENT_SYSTEM "kprobes"
 19 #define KRETPROBE_MAXACTIVE_MAX 4096
 20 
 21 /**
 22  * Kprobe event core functions
 23  */
 24 struct trace_kprobe {
 25         struct list_head        list;
 26         struct kretprobe        rp;     /* Use rp.kp for kprobe use */
 27         unsigned long __percpu *nhit;
 28         const char              *symbol;        /* symbol name */
 29         struct trace_probe      tp;
 30 };
 31 
 32 #define SIZEOF_TRACE_KPROBE(n)                          \
 33         (offsetof(struct trace_kprobe, tp.args) +       \
 34         (sizeof(struct probe_arg) * (n)))
 35 
 36 static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk)
 37 {
 38         return tk->rp.handler != NULL;
 39 }
 40 
 41 static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk)
 42 {
 43         return tk->symbol ? tk->symbol : "unknown";
 44 }
 45 
 46 static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk)
 47 {
 48         return tk->rp.kp.offset;
 49 }
 50 
 51 static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk)
 52 {
 53         return !!(kprobe_gone(&tk->rp.kp));
 54 }
 55 
 56 static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
 57                                                  struct module *mod)
 58 {
 59         int len = strlen(mod->name);
 60         const char *name = trace_kprobe_symbol(tk);
 61         return strncmp(mod->name, name, len) == 0 && name[len] == ':';
 62 }
 63 
 64 static nokprobe_inline bool trace_kprobe_is_on_module(struct trace_kprobe *tk)
 65 {
 66         return !!strchr(trace_kprobe_symbol(tk), ':');
 67 }
 68 
 69 static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk)
 70 {
 71         unsigned long nhit = 0;
 72         int cpu;
 73 
 74         for_each_possible_cpu(cpu)
 75                 nhit += *per_cpu_ptr(tk->nhit, cpu);
 76 
 77         return nhit;
 78 }
 79 
 80 /* Return 0 if it fails to find the symbol address */
 81 static nokprobe_inline
 82 unsigned long trace_kprobe_address(struct trace_kprobe *tk)
 83 {
 84         unsigned long addr;
 85 
 86         if (tk->symbol) {
 87                 addr = (unsigned long)
 88                         kallsyms_lookup_name(trace_kprobe_symbol(tk));
 89                 if (addr)
 90                         addr += tk->rp.kp.offset;
 91         } else {
 92                 addr = (unsigned long)tk->rp.kp.addr;
 93         }
 94         return addr;
 95 }
 96 
 97 bool trace_kprobe_on_func_entry(struct trace_event_call *call)
 98 {
 99         struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
100 
101         return kprobe_on_func_entry(tk->rp.kp.addr,
102                         tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name,
103                         tk->rp.kp.addr ? 0 : tk->rp.kp.offset);
104 }
105 
106 bool trace_kprobe_error_injectable(struct trace_event_call *call)
107 {
108         struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
109 
110         return within_error_injection_list(trace_kprobe_address(tk));
111 }
112 
113 static int register_kprobe_event(struct trace_kprobe *tk);
114 static int unregister_kprobe_event(struct trace_kprobe *tk);
115 
116 static DEFINE_MUTEX(probe_lock);
117 static LIST_HEAD(probe_list);
118 
119 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs);
120 static int kretprobe_dispatcher(struct kretprobe_instance *ri,
121                                 struct pt_regs *regs);
122 
123 /* Memory fetching by symbol */
124 struct symbol_cache {
125         char            *symbol;
126         long            offset;
127         unsigned long   addr;
128 };
129 
130 unsigned long update_symbol_cache(struct symbol_cache *sc)
131 {
132         sc->addr = (unsigned long)kallsyms_lookup_name(sc->symbol);
133 
134         if (sc->addr)
135                 sc->addr += sc->offset;
136 
137         return sc->addr;
138 }
139 
140 void free_symbol_cache(struct symbol_cache *sc)
141 {
142         kfree(sc->symbol);
143         kfree(sc);
144 }
145 
146 struct symbol_cache *alloc_symbol_cache(const char *sym, long offset)
147 {
148         struct symbol_cache *sc;
149 
150         if (!sym || strlen(sym) == 0)
151                 return NULL;
152 
153         sc = kzalloc(sizeof(struct symbol_cache), GFP_KERNEL);
154         if (!sc)
155                 return NULL;
156 
157         sc->symbol = kstrdup(sym, GFP_KERNEL);
158         if (!sc->symbol) {
159                 kfree(sc);
160                 return NULL;
161         }
162         sc->offset = offset;
163         update_symbol_cache(sc);
164 
165         return sc;
166 }
167 
168 /*
169  * Kprobes-specific fetch functions
170  */
171 #define DEFINE_FETCH_stack(type)                                        \
172 static void FETCH_FUNC_NAME(stack, type)(struct pt_regs *regs,          \
173                                           void *offset, void *dest)     \
174 {                                                                       \
175         *(type *)dest = (type)regs_get_kernel_stack_nth(regs,           \
176                                 (unsigned int)((unsigned long)offset)); \
177 }                                                                       \
178 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(stack, type));
179 
180 DEFINE_BASIC_FETCH_FUNCS(stack)
181 /* No string on the stack entry */
182 #define fetch_stack_string      NULL
183 #define fetch_stack_string_size NULL
184 
185 #define DEFINE_FETCH_memory(type)                                       \
186 static void FETCH_FUNC_NAME(memory, type)(struct pt_regs *regs,         \
187                                           void *addr, void *dest)       \
188 {                                                                       \
189         type retval;                                                    \
190         if (probe_kernel_address(addr, retval))                         \
191                 *(type *)dest = 0;                                      \
192         else                                                            \
193                 *(type *)dest = retval;                                 \
194 }                                                                       \
195 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, type));
196 
197 DEFINE_BASIC_FETCH_FUNCS(memory)
198 /*
199  * Fetch a null-terminated string. Caller MUST set *(u32 *)dest with max
200  * length and relative data location.
201  */
202 static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs,
203                                             void *addr, void *dest)
204 {
205         int maxlen = get_rloc_len(*(u32 *)dest);
206         u8 *dst = get_rloc_data(dest);
207         long ret;
208 
209         if (!maxlen)
210                 return;
211 
212         /*
213          * Try to get string again, since the string can be changed while
214          * probing.
215          */
216         ret = strncpy_from_unsafe(dst, addr, maxlen);
217 
218         if (ret < 0) {  /* Failed to fetch string */
219                 dst[0] = '\0';
220                 *(u32 *)dest = make_data_rloc(0, get_rloc_offs(*(u32 *)dest));
221         } else {
222                 *(u32 *)dest = make_data_rloc(ret, get_rloc_offs(*(u32 *)dest));
223         }
224 }
225 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, string));
226 
227 /* Return the length of string -- including null terminal byte */
228 static void FETCH_FUNC_NAME(memory, string_size)(struct pt_regs *regs,
229                                                  void *addr, void *dest)
230 {
231         mm_segment_t old_fs;
232         int ret, len = 0;
233         u8 c;
234 
235         old_fs = get_fs();
236         set_fs(KERNEL_DS);
237         pagefault_disable();
238 
239         do {
240                 ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1);
241                 len++;
242         } while (c && ret == 0 && len < MAX_STRING_SIZE);
243 
244         pagefault_enable();
245         set_fs(old_fs);
246 
247         if (ret < 0)    /* Failed to check the length */
248                 *(u32 *)dest = 0;
249         else
250                 *(u32 *)dest = len;
251 }
252 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, string_size));
253 
254 #define DEFINE_FETCH_symbol(type)                                       \
255 void FETCH_FUNC_NAME(symbol, type)(struct pt_regs *regs, void *data, void *dest)\
256 {                                                                       \
257         struct symbol_cache *sc = data;                                 \
258         if (sc->addr)                                                   \
259                 fetch_memory_##type(regs, (void *)sc->addr, dest);      \
260         else                                                            \
261                 *(type *)dest = 0;                                      \
262 }                                                                       \
263 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(symbol, type));
264 
265 DEFINE_BASIC_FETCH_FUNCS(symbol)
266 DEFINE_FETCH_symbol(string)
267 DEFINE_FETCH_symbol(string_size)
268 
269 /* kprobes don't support file_offset fetch methods */
270 #define fetch_file_offset_u8            NULL
271 #define fetch_file_offset_u16           NULL
272 #define fetch_file_offset_u32           NULL
273 #define fetch_file_offset_u64           NULL
274 #define fetch_file_offset_string        NULL
275 #define fetch_file_offset_string_size   NULL
276 
277 /* Fetch type information table */
278 static const struct fetch_type kprobes_fetch_type_table[] = {
279         /* Special types */
280         [FETCH_TYPE_STRING] = __ASSIGN_FETCH_TYPE("string", string, string,
281                                         sizeof(u32), 1, "__data_loc char[]"),
282         [FETCH_TYPE_STRSIZE] = __ASSIGN_FETCH_TYPE("string_size", u32,
283                                         string_size, sizeof(u32), 0, "u32"),
284         /* Basic types */
285         ASSIGN_FETCH_TYPE(u8,  u8,  0),
286         ASSIGN_FETCH_TYPE(u16, u16, 0),
287         ASSIGN_FETCH_TYPE(u32, u32, 0),
288         ASSIGN_FETCH_TYPE(u64, u64, 0),
289         ASSIGN_FETCH_TYPE(s8,  u8,  1),
290         ASSIGN_FETCH_TYPE(s16, u16, 1),
291         ASSIGN_FETCH_TYPE(s32, u32, 1),
292         ASSIGN_FETCH_TYPE(s64, u64, 1),
293         ASSIGN_FETCH_TYPE_ALIAS(x8,  u8,  u8,  0),
294         ASSIGN_FETCH_TYPE_ALIAS(x16, u16, u16, 0),
295         ASSIGN_FETCH_TYPE_ALIAS(x32, u32, u32, 0),
296         ASSIGN_FETCH_TYPE_ALIAS(x64, u64, u64, 0),
297 
298         ASSIGN_FETCH_TYPE_END
299 };
300 
301 /*
302  * Allocate new trace_probe and initialize it (including kprobes).
303  */
304 static struct trace_kprobe *alloc_trace_kprobe(const char *group,
305                                              const char *event,
306                                              void *addr,
307                                              const char *symbol,
308                                              unsigned long offs,
309                                              int maxactive,
310                                              int nargs, bool is_return)
311 {
312         struct trace_kprobe *tk;
313         int ret = -ENOMEM;
314 
315         tk = kzalloc(SIZEOF_TRACE_KPROBE(nargs), GFP_KERNEL);
316         if (!tk)
317                 return ERR_PTR(ret);
318 
319         tk->nhit = alloc_percpu(unsigned long);
320         if (!tk->nhit)
321                 goto error;
322 
323         if (symbol) {
324                 tk->symbol = kstrdup(symbol, GFP_KERNEL);
325                 if (!tk->symbol)
326                         goto error;
327                 tk->rp.kp.symbol_name = tk->symbol;
328                 tk->rp.kp.offset = offs;
329         } else
330                 tk->rp.kp.addr = addr;
331 
332         if (is_return)
333                 tk->rp.handler = kretprobe_dispatcher;
334         else
335                 tk->rp.kp.pre_handler = kprobe_dispatcher;
336 
337         tk->rp.maxactive = maxactive;
338 
339         if (!event || !is_good_name(event)) {
340                 ret = -EINVAL;
341                 goto error;
342         }
343 
344         tk->tp.call.class = &tk->tp.class;
345         tk->tp.call.name = kstrdup(event, GFP_KERNEL);
346         if (!tk->tp.call.name)
347                 goto error;
348 
349         if (!group || !is_good_name(group)) {
350                 ret = -EINVAL;
351                 goto error;
352         }
353 
354         tk->tp.class.system = kstrdup(group, GFP_KERNEL);
355         if (!tk->tp.class.system)
356                 goto error;
357 
358         INIT_LIST_HEAD(&tk->list);
359         INIT_LIST_HEAD(&tk->tp.files);
360         return tk;
361 error:
362         kfree(tk->tp.call.name);
363         kfree(tk->symbol);
364         free_percpu(tk->nhit);
365         kfree(tk);
366         return ERR_PTR(ret);
367 }
368 
369 static void free_trace_kprobe(struct trace_kprobe *tk)
370 {
371         int i;
372 
373         for (i = 0; i < tk->tp.nr_args; i++)
374                 traceprobe_free_probe_arg(&tk->tp.args[i]);
375 
376         kfree(tk->tp.call.class->system);
377         kfree(tk->tp.call.name);
378         kfree(tk->symbol);
379         free_percpu(tk->nhit);
380         kfree(tk);
381 }
382 
383 static struct trace_kprobe *find_trace_kprobe(const char *event,
384                                               const char *group)
385 {
386         struct trace_kprobe *tk;
387 
388         list_for_each_entry(tk, &probe_list, list)
389                 if (strcmp(trace_event_name(&tk->tp.call), event) == 0 &&
390                     strcmp(tk->tp.call.class->system, group) == 0)
391                         return tk;
392         return NULL;
393 }
394 
395 static inline int __enable_trace_kprobe(struct trace_kprobe *tk)
396 {
397         int ret = 0;
398 
399         if (trace_probe_is_registered(&tk->tp) && !trace_kprobe_has_gone(tk)) {
400                 if (trace_kprobe_is_return(tk))
401                         ret = enable_kretprobe(&tk->rp);
402                 else
403                         ret = enable_kprobe(&tk->rp.kp);
404         }
405 
406         return ret;
407 }
408 
409 /*
410  * Enable trace_probe
411  * if the file is NULL, enable "perf" handler, or enable "trace" handler.
412  */
413 static int
414 enable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
415 {
416         struct event_file_link *link;
417         int ret = 0;
418 
419         if (file) {
420                 link = kmalloc(sizeof(*link), GFP_KERNEL);
421                 if (!link) {
422                         ret = -ENOMEM;
423                         goto out;
424                 }
425 
426                 link->file = file;
427                 list_add_tail_rcu(&link->list, &tk->tp.files);
428 
429                 tk->tp.flags |= TP_FLAG_TRACE;
430                 ret = __enable_trace_kprobe(tk);
431                 if (ret) {
432                         list_del_rcu(&link->list);
433                         kfree(link);
434                         tk->tp.flags &= ~TP_FLAG_TRACE;
435                 }
436 
437         } else {
438                 tk->tp.flags |= TP_FLAG_PROFILE;
439                 ret = __enable_trace_kprobe(tk);
440                 if (ret)
441                         tk->tp.flags &= ~TP_FLAG_PROFILE;
442         }
443  out:
444         return ret;
445 }
446 
447 /*
448  * Disable trace_probe
449  * if the file is NULL, disable "perf" handler, or disable "trace" handler.
450  */
451 static int
452 disable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
453 {
454         struct event_file_link *link = NULL;
455         int wait = 0;
456         int ret = 0;
457 
458         if (file) {
459                 link = find_event_file_link(&tk->tp, file);
460                 if (!link) {
461                         ret = -EINVAL;
462                         goto out;
463                 }
464 
465                 list_del_rcu(&link->list);
466                 wait = 1;
467                 if (!list_empty(&tk->tp.files))
468                         goto out;
469 
470                 tk->tp.flags &= ~TP_FLAG_TRACE;
471         } else
472                 tk->tp.flags &= ~TP_FLAG_PROFILE;
473 
474         if (!trace_probe_is_enabled(&tk->tp) && trace_probe_is_registered(&tk->tp)) {
475                 if (trace_kprobe_is_return(tk))
476                         disable_kretprobe(&tk->rp);
477                 else
478                         disable_kprobe(&tk->rp.kp);
479                 wait = 1;
480         }
481 
482         /*
483          * if tk is not added to any list, it must be a local trace_kprobe
484          * created with perf_event_open. We don't need to wait for these
485          * trace_kprobes
486          */
487         if (list_empty(&tk->list))
488                 wait = 0;
489  out:
490         if (wait) {
491                 /*
492                  * Synchronize with kprobe_trace_func/kretprobe_trace_func
493                  * to ensure disabled (all running handlers are finished).
494                  * This is not only for kfree(), but also the caller,
495                  * trace_remove_event_call() supposes it for releasing
496                  * event_call related objects, which will be accessed in
497                  * the kprobe_trace_func/kretprobe_trace_func.
498                  */
499                 synchronize_sched();
500                 kfree(link);    /* Ignored if link == NULL */
501         }
502 
503         return ret;
504 }
505 
506 #if defined(CONFIG_KPROBES_ON_FTRACE) && \
507         !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE)
508 static bool within_notrace_func(struct trace_kprobe *tk)
509 {
510         unsigned long offset, size, addr;
511 
512         addr = trace_kprobe_address(tk);
513         if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset))
514                 return false;
515 
516         /* Get the entry address of the target function */
517         addr -= offset;
518 
519         /*
520          * Since ftrace_location_range() does inclusive range check, we need
521          * to subtract 1 byte from the end address.
522          */
523         return !ftrace_location_range(addr, addr + size - 1);
524 }
525 #else
526 #define within_notrace_func(tk) (false)
527 #endif
528 
529 /* Internal register function - just handle k*probes and flags */
530 static int __register_trace_kprobe(struct trace_kprobe *tk)
531 {
532         int i, ret;
533 
534         if (trace_probe_is_registered(&tk->tp))
535                 return -EINVAL;
536 
537         if (within_notrace_func(tk)) {
538                 pr_warn("Could not probe notrace function %s\n",
539                         trace_kprobe_symbol(tk));
540                 return -EINVAL;
541         }
542 
543         for (i = 0; i < tk->tp.nr_args; i++)
544                 traceprobe_update_arg(&tk->tp.args[i]);
545 
546         /* Set/clear disabled flag according to tp->flag */
547         if (trace_probe_is_enabled(&tk->tp))
548                 tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED;
549         else
550                 tk->rp.kp.flags |= KPROBE_FLAG_DISABLED;
551 
552         if (trace_kprobe_is_return(tk))
553                 ret = register_kretprobe(&tk->rp);
554         else
555                 ret = register_kprobe(&tk->rp.kp);
556 
557         if (ret == 0)
558                 tk->tp.flags |= TP_FLAG_REGISTERED;
559         else {
560                 if (ret == -ENOENT && trace_kprobe_is_on_module(tk)) {
561                         pr_warn("This probe might be able to register after target module is loaded. Continue.\n");
562                         ret = 0;
563                 } else if (ret == -EILSEQ) {
564                         pr_warn("Probing address(0x%p) is not an instruction boundary.\n",
565                                 tk->rp.kp.addr);
566                         ret = -EINVAL;
567                 }
568         }
569 
570         return ret;
571 }
572 
573 /* Internal unregister function - just handle k*probes and flags */
574 static void __unregister_trace_kprobe(struct trace_kprobe *tk)
575 {
576         if (trace_probe_is_registered(&tk->tp)) {
577                 if (trace_kprobe_is_return(tk))
578                         unregister_kretprobe(&tk->rp);
579                 else
580                         unregister_kprobe(&tk->rp.kp);
581                 tk->tp.flags &= ~TP_FLAG_REGISTERED;
582                 /* Cleanup kprobe for reuse */
583                 if (tk->rp.kp.symbol_name)
584                         tk->rp.kp.addr = NULL;
585         }
586 }
587 
588 /* Unregister a trace_probe and probe_event: call with locking probe_lock */
589 static int unregister_trace_kprobe(struct trace_kprobe *tk)
590 {
591         /* Enabled event can not be unregistered */
592         if (trace_probe_is_enabled(&tk->tp))
593                 return -EBUSY;
594 
595         /* Will fail if probe is being used by ftrace or perf */
596         if (unregister_kprobe_event(tk))
597                 return -EBUSY;
598 
599         __unregister_trace_kprobe(tk);
600         list_del(&tk->list);
601 
602         return 0;
603 }
604 
605 /* Register a trace_probe and probe_event */
606 static int register_trace_kprobe(struct trace_kprobe *tk)
607 {
608         struct trace_kprobe *old_tk;
609         int ret;
610 
611         mutex_lock(&probe_lock);
612 
613         /* Delete old (same name) event if exist */
614         old_tk = find_trace_kprobe(trace_event_name(&tk->tp.call),
615                         tk->tp.call.class->system);
616         if (old_tk) {
617                 ret = unregister_trace_kprobe(old_tk);
618                 if (ret < 0)
619                         goto end;
620                 free_trace_kprobe(old_tk);
621         }
622 
623         /* Register new event */
624         ret = register_kprobe_event(tk);
625         if (ret) {
626                 pr_warn("Failed to register probe event(%d)\n", ret);
627                 goto end;
628         }
629 
630         /* Register k*probe */
631         ret = __register_trace_kprobe(tk);
632         if (ret < 0)
633                 unregister_kprobe_event(tk);
634         else
635                 list_add_tail(&tk->list, &probe_list);
636 
637 end:
638         mutex_unlock(&probe_lock);
639         return ret;
640 }
641 
642 /* Module notifier call back, checking event on the module */
643 static int trace_kprobe_module_callback(struct notifier_block *nb,
644                                        unsigned long val, void *data)
645 {
646         struct module *mod = data;
647         struct trace_kprobe *tk;
648         int ret;
649 
650         if (val != MODULE_STATE_COMING)
651                 return NOTIFY_DONE;
652 
653         /* Update probes on coming module */
654         mutex_lock(&probe_lock);
655         list_for_each_entry(tk, &probe_list, list) {
656                 if (trace_kprobe_within_module(tk, mod)) {
657                         /* Don't need to check busy - this should have gone. */
658                         __unregister_trace_kprobe(tk);
659                         ret = __register_trace_kprobe(tk);
660                         if (ret)
661                                 pr_warn("Failed to re-register probe %s on %s: %d\n",
662                                         trace_event_name(&tk->tp.call),
663                                         mod->name, ret);
664                 }
665         }
666         mutex_unlock(&probe_lock);
667 
668         return NOTIFY_DONE;
669 }
670 
671 static struct notifier_block trace_kprobe_module_nb = {
672         .notifier_call = trace_kprobe_module_callback,
673         .priority = 1   /* Invoked after kprobe module callback */
674 };
675 
676 /* Convert certain expected symbols into '_' when generating event names */
677 static inline void sanitize_event_name(char *name)
678 {
679         while (*name++ != '\0')
680                 if (*name == ':' || *name == '.')
681                         *name = '_';
682 }
683 
684 static int create_trace_kprobe(int argc, char **argv)
685 {
686         /*
687          * Argument syntax:
688          *  - Add kprobe:
689          *      p[:[GRP/]EVENT] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS]
690          *  - Add kretprobe:
691          *      r[MAXACTIVE][:[GRP/]EVENT] [MOD:]KSYM[+0] [FETCHARGS]
692          * Fetch args:
693          *  $retval     : fetch return value
694          *  $stack      : fetch stack address
695          *  $stackN     : fetch Nth of stack (N:0-)
696          *  $comm       : fetch current task comm
697          *  @ADDR       : fetch memory at ADDR (ADDR should be in kernel)
698          *  @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol)
699          *  %REG        : fetch register REG
700          * Dereferencing memory fetch:
701          *  +|-offs(ARG) : fetch memory at ARG +|- offs address.
702          * Alias name of args:
703          *  NAME=FETCHARG : set NAME as alias of FETCHARG.
704          * Type of args:
705          *  FETCHARG:TYPE : use TYPE instead of unsigned long.
706          */
707         struct trace_kprobe *tk;
708         int i, ret = 0;
709         bool is_return = false, is_delete = false;
710         char *symbol = NULL, *event = NULL, *group = NULL;
711         int maxactive = 0;
712         char *arg;
713         long offset = 0;
714         void *addr = NULL;
715         char buf[MAX_EVENT_NAME_LEN];
716 
717         /* argc must be >= 1 */
718         if (argv[0][0] == 'p')
719                 is_return = false;
720         else if (argv[0][0] == 'r')
721                 is_return = true;
722         else if (argv[0][0] == '-')
723                 is_delete = true;
724         else {
725                 pr_info("Probe definition must be started with 'p', 'r' or"
726                         " '-'.\n");
727                 return -EINVAL;
728         }
729 
730         event = strchr(&argv[0][1], ':');
731         if (event) {
732                 event[0] = '\0';
733                 event++;
734         }
735         if (is_return && isdigit(argv[0][1])) {
736                 ret = kstrtouint(&argv[0][1], 0, &maxactive);
737                 if (ret) {
738                         pr_info("Failed to parse maxactive.\n");
739                         return ret;
740                 }
741                 /* kretprobes instances are iterated over via a list. The
742                  * maximum should stay reasonable.
743                  */
744                 if (maxactive > KRETPROBE_MAXACTIVE_MAX) {
745                         pr_info("Maxactive is too big (%d > %d).\n",
746                                 maxactive, KRETPROBE_MAXACTIVE_MAX);
747                         return -E2BIG;
748                 }
749         }
750 
751         if (event) {
752                 if (strchr(event, '/')) {
753                         group = event;
754                         event = strchr(group, '/') + 1;
755                         event[-1] = '\0';
756                         if (strlen(group) == 0) {
757                                 pr_info("Group name is not specified\n");
758                                 return -EINVAL;
759                         }
760                 }
761                 if (strlen(event) == 0) {
762                         pr_info("Event name is not specified\n");
763                         return -EINVAL;
764                 }
765         }
766         if (!group)
767                 group = KPROBE_EVENT_SYSTEM;
768 
769         if (is_delete) {
770                 if (!event) {
771                         pr_info("Delete command needs an event name.\n");
772                         return -EINVAL;
773                 }
774                 mutex_lock(&probe_lock);
775                 tk = find_trace_kprobe(event, group);
776                 if (!tk) {
777                         mutex_unlock(&probe_lock);
778                         pr_info("Event %s/%s doesn't exist.\n", group, event);
779                         return -ENOENT;
780                 }
781                 /* delete an event */
782                 ret = unregister_trace_kprobe(tk);
783                 if (ret == 0)
784                         free_trace_kprobe(tk);
785                 mutex_unlock(&probe_lock);
786                 return ret;
787         }
788 
789         if (argc < 2) {
790                 pr_info("Probe point is not specified.\n");
791                 return -EINVAL;
792         }
793 
794         /* try to parse an address. if that fails, try to read the
795          * input as a symbol. */
796         if (kstrtoul(argv[1], 0, (unsigned long *)&addr)) {
797                 /* a symbol specified */
798                 symbol = argv[1];
799                 /* TODO: support .init module functions */
800                 ret = traceprobe_split_symbol_offset(symbol, &offset);
801                 if (ret || offset < 0 || offset > UINT_MAX) {
802                         pr_info("Failed to parse either an address or a symbol.\n");
803                         return ret;
804                 }
805                 if (offset && is_return &&
806                     !kprobe_on_func_entry(NULL, symbol, offset)) {
807                         pr_info("Given offset is not valid for return probe.\n");
808                         return -EINVAL;
809                 }
810         }
811         argc -= 2; argv += 2;
812 
813         /* setup a probe */
814         if (!event) {
815                 /* Make a new event name */
816                 if (symbol)
817                         snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_%ld",
818                                  is_return ? 'r' : 'p', symbol, offset);
819                 else
820                         snprintf(buf, MAX_EVENT_NAME_LEN, "%c_0x%p",
821                                  is_return ? 'r' : 'p', addr);
822                 sanitize_event_name(buf);
823                 event = buf;
824         }
825         tk = alloc_trace_kprobe(group, event, addr, symbol, offset, maxactive,
826                                argc, is_return);
827         if (IS_ERR(tk)) {
828                 pr_info("Failed to allocate trace_probe.(%d)\n",
829                         (int)PTR_ERR(tk));
830                 return PTR_ERR(tk);
831         }
832 
833         /* parse arguments */
834         ret = 0;
835         for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
836                 struct probe_arg *parg = &tk->tp.args[i];
837 
838                 /* Increment count for freeing args in error case */
839                 tk->tp.nr_args++;
840 
841                 /* Parse argument name */
842                 arg = strchr(argv[i], '=');
843                 if (arg) {
844                         *arg++ = '\0';
845                         parg->name = kstrdup(argv[i], GFP_KERNEL);
846                 } else {
847                         arg = argv[i];
848                         /* If argument name is omitted, set "argN" */
849                         snprintf(buf, MAX_EVENT_NAME_LEN, "arg%d", i + 1);
850                         parg->name = kstrdup(buf, GFP_KERNEL);
851                 }
852 
853                 if (!parg->name) {
854                         pr_info("Failed to allocate argument[%d] name.\n", i);
855                         ret = -ENOMEM;
856                         goto error;
857                 }
858 
859                 if (!is_good_name(parg->name)) {
860                         pr_info("Invalid argument[%d] name: %s\n",
861                                 i, parg->name);
862                         ret = -EINVAL;
863                         goto error;
864                 }
865 
866                 if (traceprobe_conflict_field_name(parg->name,
867                                                         tk->tp.args, i)) {
868                         pr_info("Argument[%d] name '%s' conflicts with "
869                                 "another field.\n", i, argv[i]);
870                         ret = -EINVAL;
871                         goto error;
872                 }
873 
874                 /* Parse fetch argument */
875                 ret = traceprobe_parse_probe_arg(arg, &tk->tp.size, parg,
876                                                 is_return, true,
877                                                 kprobes_fetch_type_table);
878                 if (ret) {
879                         pr_info("Parse error at argument[%d]. (%d)\n", i, ret);
880                         goto error;
881                 }
882         }
883 
884         ret = register_trace_kprobe(tk);
885         if (ret)
886                 goto error;
887         return 0;
888 
889 error:
890         free_trace_kprobe(tk);
891         return ret;
892 }
893 
894 static int release_all_trace_kprobes(void)
895 {
896         struct trace_kprobe *tk;
897         int ret = 0;
898 
899         mutex_lock(&probe_lock);
900         /* Ensure no probe is in use. */
901         list_for_each_entry(tk, &probe_list, list)
902                 if (trace_probe_is_enabled(&tk->tp)) {
903                         ret = -EBUSY;
904                         goto end;
905                 }
906         /* TODO: Use batch unregistration */
907         while (!list_empty(&probe_list)) {
908                 tk = list_entry(probe_list.next, struct trace_kprobe, list);
909                 ret = unregister_trace_kprobe(tk);
910                 if (ret)
911                         goto end;
912                 free_trace_kprobe(tk);
913         }
914 
915 end:
916         mutex_unlock(&probe_lock);
917 
918         return ret;
919 }
920 
921 /* Probes listing interfaces */
922 static void *probes_seq_start(struct seq_file *m, loff_t *pos)
923 {
924         mutex_lock(&probe_lock);
925         return seq_list_start(&probe_list, *pos);
926 }
927 
928 static void *probes_seq_next(struct seq_file *m, void *v, loff_t *pos)
929 {
930         return seq_list_next(v, &probe_list, pos);
931 }
932 
933 static void probes_seq_stop(struct seq_file *m, void *v)
934 {
935         mutex_unlock(&probe_lock);
936 }
937 
938 static int probes_seq_show(struct seq_file *m, void *v)
939 {
940         struct trace_kprobe *tk = v;
941         int i;
942 
943         seq_putc(m, trace_kprobe_is_return(tk) ? 'r' : 'p');
944         seq_printf(m, ":%s/%s", tk->tp.call.class->system,
945                         trace_event_name(&tk->tp.call));
946 
947         if (!tk->symbol)
948                 seq_printf(m, " 0x%p", tk->rp.kp.addr);
949         else if (tk->rp.kp.offset)
950                 seq_printf(m, " %s+%u", trace_kprobe_symbol(tk),
951                            tk->rp.kp.offset);
952         else
953                 seq_printf(m, " %s", trace_kprobe_symbol(tk));
954 
955         for (i = 0; i < tk->tp.nr_args; i++)
956                 seq_printf(m, " %s=%s", tk->tp.args[i].name, tk->tp.args[i].comm);
957         seq_putc(m, '\n');
958 
959         return 0;
960 }
961 
962 static const struct seq_operations probes_seq_op = {
963         .start  = probes_seq_start,
964         .next   = probes_seq_next,
965         .stop   = probes_seq_stop,
966         .show   = probes_seq_show
967 };
968 
969 static int probes_open(struct inode *inode, struct file *file)
970 {
971         int ret;
972 
973         if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
974                 ret = release_all_trace_kprobes();
975                 if (ret < 0)
976                         return ret;
977         }
978 
979         return seq_open(file, &probes_seq_op);
980 }
981 
982 static ssize_t probes_write(struct file *file, const char __user *buffer,
983                             size_t count, loff_t *ppos)
984 {
985         return trace_parse_run_command(file, buffer, count, ppos,
986                                        create_trace_kprobe);
987 }
988 
989 static const struct file_operations kprobe_events_ops = {
990         .owner          = THIS_MODULE,
991         .open           = probes_open,
992         .read           = seq_read,
993         .llseek         = seq_lseek,
994         .release        = seq_release,
995         .write          = probes_write,
996 };
997 
998 /* Probes profiling interfaces */
999 static int probes_profile_seq_show(struct seq_file *m, void *v)
1000 {
1001         struct trace_kprobe *tk = v;
1002 
1003         seq_printf(m, "  %-44s %15lu %15lu\n",
1004                    trace_event_name(&tk->tp.call),
1005                    trace_kprobe_nhit(tk),
1006                    tk->rp.kp.nmissed);
1007 
1008         return 0;
1009 }
1010 
1011 static const struct seq_operations profile_seq_op = {
1012         .start  = probes_seq_start,
1013         .next   = probes_seq_next,
1014         .stop   = probes_seq_stop,
1015         .show   = probes_profile_seq_show
1016 };
1017 
1018 static int profile_open(struct inode *inode, struct file *file)
1019 {
1020         return seq_open(file, &profile_seq_op);
1021 }
1022 
1023 static const struct file_operations kprobe_profile_ops = {
1024         .owner          = THIS_MODULE,
1025         .open           = profile_open,
1026         .read           = seq_read,
1027         .llseek         = seq_lseek,
1028         .release        = seq_release,
1029 };
1030 
1031 /* Kprobe handler */
1032 static nokprobe_inline void
1033 __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs,
1034                     struct trace_event_file *trace_file)
1035 {
1036         struct kprobe_trace_entry_head *entry;
1037         struct ring_buffer_event *event;
1038         struct ring_buffer *buffer;
1039         int size, dsize, pc;
1040         unsigned long irq_flags;
1041         struct trace_event_call *call = &tk->tp.call;
1042 
1043         WARN_ON(call != trace_file->event_call);
1044 
1045         if (trace_trigger_soft_disabled(trace_file))
1046                 return;
1047 
1048         local_save_flags(irq_flags);
1049         pc = preempt_count();
1050 
1051         dsize = __get_data_size(&tk->tp, regs);
1052         size = sizeof(*entry) + tk->tp.size + dsize;
1053 
1054         event = trace_event_buffer_lock_reserve(&buffer, trace_file,
1055                                                 call->event.type,
1056                                                 size, irq_flags, pc);
1057         if (!event)
1058                 return;
1059 
1060         entry = ring_buffer_event_data(event);
1061         entry->ip = (unsigned long)tk->rp.kp.addr;
1062         store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize);
1063 
1064         event_trigger_unlock_commit_regs(trace_file, buffer, event,
1065                                          entry, irq_flags, pc, regs);
1066 }
1067 
1068 static void
1069 kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs)
1070 {
1071         struct event_file_link *link;
1072 
1073         list_for_each_entry_rcu(link, &tk->tp.files, list)
1074                 __kprobe_trace_func(tk, regs, link->file);
1075 }
1076 NOKPROBE_SYMBOL(kprobe_trace_func);
1077 
1078 /* Kretprobe handler */
1079 static nokprobe_inline void
1080 __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1081                        struct pt_regs *regs,
1082                        struct trace_event_file *trace_file)
1083 {
1084         struct kretprobe_trace_entry_head *entry;
1085         struct ring_buffer_event *event;
1086         struct ring_buffer *buffer;
1087         int size, pc, dsize;
1088         unsigned long irq_flags;
1089         struct trace_event_call *call = &tk->tp.call;
1090 
1091         WARN_ON(call != trace_file->event_call);
1092 
1093         if (trace_trigger_soft_disabled(trace_file))
1094                 return;
1095 
1096         local_save_flags(irq_flags);
1097         pc = preempt_count();
1098 
1099         dsize = __get_data_size(&tk->tp, regs);
1100         size = sizeof(*entry) + tk->tp.size + dsize;
1101 
1102         event = trace_event_buffer_lock_reserve(&buffer, trace_file,
1103                                                 call->event.type,
1104                                                 size, irq_flags, pc);
1105         if (!event)
1106                 return;
1107 
1108         entry = ring_buffer_event_data(event);
1109         entry->func = (unsigned long)tk->rp.kp.addr;
1110         entry->ret_ip = (unsigned long)ri->ret_addr;
1111         store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize);
1112 
1113         event_trigger_unlock_commit_regs(trace_file, buffer, event,
1114                                          entry, irq_flags, pc, regs);
1115 }
1116 
1117 static void
1118 kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1119                      struct pt_regs *regs)
1120 {
1121         struct event_file_link *link;
1122 
1123         list_for_each_entry_rcu(link, &tk->tp.files, list)
1124                 __kretprobe_trace_func(tk, ri, regs, link->file);
1125 }
1126 NOKPROBE_SYMBOL(kretprobe_trace_func);
1127 
1128 /* Event entry printers */
1129 static enum print_line_t
1130 print_kprobe_event(struct trace_iterator *iter, int flags,
1131                    struct trace_event *event)
1132 {
1133         struct kprobe_trace_entry_head *field;
1134         struct trace_seq *s = &iter->seq;
1135         struct trace_probe *tp;
1136         u8 *data;
1137         int i;
1138 
1139         field = (struct kprobe_trace_entry_head *)iter->ent;
1140         tp = container_of(event, struct trace_probe, call.event);
1141 
1142         trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1143 
1144         if (!seq_print_ip_sym(s, field->ip, flags | TRACE_ITER_SYM_OFFSET))
1145                 goto out;
1146 
1147         trace_seq_putc(s, ')');
1148 
1149         data = (u8 *)&field[1];
1150         for (i = 0; i < tp->nr_args; i++)
1151                 if (!tp->args[i].type->print(s, tp->args[i].name,
1152                                              data + tp->args[i].offset, field))
1153                         goto out;
1154 
1155         trace_seq_putc(s, '\n');
1156  out:
1157         return trace_handle_return(s);
1158 }
1159 
1160 static enum print_line_t
1161 print_kretprobe_event(struct trace_iterator *iter, int flags,
1162                       struct trace_event *event)
1163 {
1164         struct kretprobe_trace_entry_head *field;
1165         struct trace_seq *s = &iter->seq;
1166         struct trace_probe *tp;
1167         u8 *data;
1168         int i;
1169 
1170         field = (struct kretprobe_trace_entry_head *)iter->ent;
1171         tp = container_of(event, struct trace_probe, call.event);
1172 
1173         trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1174 
1175         if (!seq_print_ip_sym(s, field->ret_ip, flags | TRACE_ITER_SYM_OFFSET))
1176                 goto out;
1177 
1178         trace_seq_puts(s, " <- ");
1179 
1180         if (!seq_print_ip_sym(s, field->func, flags & ~TRACE_ITER_SYM_OFFSET))
1181                 goto out;
1182 
1183         trace_seq_putc(s, ')');
1184 
1185         data = (u8 *)&field[1];
1186         for (i = 0; i < tp->nr_args; i++)
1187                 if (!tp->args[i].type->print(s, tp->args[i].name,
1188                                              data + tp->args[i].offset, field))
1189                         goto out;
1190 
1191         trace_seq_putc(s, '\n');
1192 
1193  out:
1194         return trace_handle_return(s);
1195 }
1196 
1197 
1198 static int kprobe_event_define_fields(struct trace_event_call *event_call)
1199 {
1200         int ret, i;
1201         struct kprobe_trace_entry_head field;
1202         struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1203 
1204         DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0);
1205         /* Set argument names as fields */
1206         for (i = 0; i < tk->tp.nr_args; i++) {
1207                 struct probe_arg *parg = &tk->tp.args[i];
1208 
1209                 ret = trace_define_field(event_call, parg->type->fmttype,
1210                                          parg->name,
1211                                          sizeof(field) + parg->offset,
1212                                          parg->type->size,
1213                                          parg->type->is_signed,
1214                                          FILTER_OTHER);
1215                 if (ret)
1216                         return ret;
1217         }
1218         return 0;
1219 }
1220 
1221 static int kretprobe_event_define_fields(struct trace_event_call *event_call)
1222 {
1223         int ret, i;
1224         struct kretprobe_trace_entry_head field;
1225         struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1226 
1227         DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0);
1228         DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0);
1229         /* Set argument names as fields */
1230         for (i = 0; i < tk->tp.nr_args; i++) {
1231                 struct probe_arg *parg = &tk->tp.args[i];
1232 
1233                 ret = trace_define_field(event_call, parg->type->fmttype,
1234                                          parg->name,
1235                                          sizeof(field) + parg->offset,
1236                                          parg->type->size,
1237                                          parg->type->is_signed,
1238                                          FILTER_OTHER);
1239                 if (ret)
1240                         return ret;
1241         }
1242         return 0;
1243 }
1244 
1245 #ifdef CONFIG_PERF_EVENTS
1246 
1247 /* Kprobe profile handler */
1248 static int
1249 kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs)
1250 {
1251         struct trace_event_call *call = &tk->tp.call;
1252         struct kprobe_trace_entry_head *entry;
1253         struct hlist_head *head;
1254         int size, __size, dsize;
1255         int rctx;
1256 
1257         if (bpf_prog_array_valid(call)) {
1258                 unsigned long orig_ip = instruction_pointer(regs);
1259                 int ret;
1260 
1261                 ret = trace_call_bpf(call, regs);
1262 
1263                 /*
1264                  * We need to check and see if we modified the pc of the
1265                  * pt_regs, and if so return 1 so that we don't do the
1266                  * single stepping.
1267                  */
1268                 if (orig_ip != instruction_pointer(regs))
1269                         return 1;
1270                 if (!ret)
1271                         return 0;
1272         }
1273 
1274         head = this_cpu_ptr(call->perf_events);
1275         if (hlist_empty(head))
1276                 return 0;
1277 
1278         dsize = __get_data_size(&tk->tp, regs);
1279         __size = sizeof(*entry) + tk->tp.size + dsize;
1280         size = ALIGN(__size + sizeof(u32), sizeof(u64));
1281         size -= sizeof(u32);
1282 
1283         entry = perf_trace_buf_alloc(size, NULL, &rctx);
1284         if (!entry)
1285                 return 0;
1286 
1287         entry->ip = (unsigned long)tk->rp.kp.addr;
1288         memset(&entry[1], 0, dsize);
1289         store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize);
1290         perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1291                               head, NULL);
1292         return 0;
1293 }
1294 NOKPROBE_SYMBOL(kprobe_perf_func);
1295 
1296 /* Kretprobe profile handler */
1297 static void
1298 kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1299                     struct pt_regs *regs)
1300 {
1301         struct trace_event_call *call = &tk->tp.call;
1302         struct kretprobe_trace_entry_head *entry;
1303         struct hlist_head *head;
1304         int size, __size, dsize;
1305         int rctx;
1306 
1307         if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs))
1308                 return;
1309 
1310         head = this_cpu_ptr(call->perf_events);
1311         if (hlist_empty(head))
1312                 return;
1313 
1314         dsize = __get_data_size(&tk->tp, regs);
1315         __size = sizeof(*entry) + tk->tp.size + dsize;
1316         size = ALIGN(__size + sizeof(u32), sizeof(u64));
1317         size -= sizeof(u32);
1318 
1319         entry = perf_trace_buf_alloc(size, NULL, &rctx);
1320         if (!entry)
1321                 return;
1322 
1323         entry->func = (unsigned long)tk->rp.kp.addr;
1324         entry->ret_ip = (unsigned long)ri->ret_addr;
1325         store_trace_args(sizeof(*entry), &tk->tp, regs, (u8 *)&entry[1], dsize);
1326         perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1327                               head, NULL);
1328 }
1329 NOKPROBE_SYMBOL(kretprobe_perf_func);
1330 
1331 int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type,
1332                         const char **symbol, u64 *probe_offset,
1333                         u64 *probe_addr, bool perf_type_tracepoint)
1334 {
1335         const char *pevent = trace_event_name(event->tp_event);
1336         const char *group = event->tp_event->class->system;
1337         struct trace_kprobe *tk;
1338 
1339         if (perf_type_tracepoint)
1340                 tk = find_trace_kprobe(pevent, group);
1341         else
1342                 tk = event->tp_event->data;
1343         if (!tk)
1344                 return -EINVAL;
1345 
1346         *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE
1347                                               : BPF_FD_TYPE_KPROBE;
1348         if (tk->symbol) {
1349                 *symbol = tk->symbol;
1350                 *probe_offset = tk->rp.kp.offset;
1351                 *probe_addr = 0;
1352         } else {
1353                 *symbol = NULL;
1354                 *probe_offset = 0;
1355                 *probe_addr = (unsigned long)tk->rp.kp.addr;
1356         }
1357         return 0;
1358 }
1359 #endif  /* CONFIG_PERF_EVENTS */
1360 
1361 /*
1362  * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex.
1363  *
1364  * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe
1365  * lockless, but we can't race with this __init function.
1366  */
1367 static int kprobe_register(struct trace_event_call *event,
1368                            enum trace_reg type, void *data)
1369 {
1370         struct trace_kprobe *tk = (struct trace_kprobe *)event->data;
1371         struct trace_event_file *file = data;
1372 
1373         switch (type) {
1374         case TRACE_REG_REGISTER:
1375                 return enable_trace_kprobe(tk, file);
1376         case TRACE_REG_UNREGISTER:
1377                 return disable_trace_kprobe(tk, file);
1378 
1379 #ifdef CONFIG_PERF_EVENTS
1380         case TRACE_REG_PERF_REGISTER:
1381                 return enable_trace_kprobe(tk, NULL);
1382         case TRACE_REG_PERF_UNREGISTER:
1383                 return disable_trace_kprobe(tk, NULL);
1384         case TRACE_REG_PERF_OPEN:
1385         case TRACE_REG_PERF_CLOSE:
1386         case TRACE_REG_PERF_ADD:
1387         case TRACE_REG_PERF_DEL:
1388                 return 0;
1389 #endif
1390         }
1391         return 0;
1392 }
1393 
1394 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs)
1395 {
1396         struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp);
1397         int ret = 0;
1398 
1399         raw_cpu_inc(*tk->nhit);
1400 
1401         if (tk->tp.flags & TP_FLAG_TRACE)
1402                 kprobe_trace_func(tk, regs);
1403 #ifdef CONFIG_PERF_EVENTS
1404         if (tk->tp.flags & TP_FLAG_PROFILE)
1405                 ret = kprobe_perf_func(tk, regs);
1406 #endif
1407         return ret;
1408 }
1409 NOKPROBE_SYMBOL(kprobe_dispatcher);
1410 
1411 static int
1412 kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs)
1413 {
1414         struct trace_kprobe *tk = container_of(ri->rp, struct trace_kprobe, rp);
1415 
1416         raw_cpu_inc(*tk->nhit);
1417 
1418         if (tk->tp.flags & TP_FLAG_TRACE)
1419                 kretprobe_trace_func(tk, ri, regs);
1420 #ifdef CONFIG_PERF_EVENTS
1421         if (tk->tp.flags & TP_FLAG_PROFILE)
1422                 kretprobe_perf_func(tk, ri, regs);
1423 #endif
1424         return 0;       /* We don't tweek kernel, so just return 0 */
1425 }
1426 NOKPROBE_SYMBOL(kretprobe_dispatcher);
1427 
1428 static struct trace_event_functions kretprobe_funcs = {
1429         .trace          = print_kretprobe_event
1430 };
1431 
1432 static struct trace_event_functions kprobe_funcs = {
1433         .trace          = print_kprobe_event
1434 };
1435 
1436 static inline void init_trace_event_call(struct trace_kprobe *tk,
1437                                          struct trace_event_call *call)
1438 {
1439         INIT_LIST_HEAD(&call->class->fields);
1440         if (trace_kprobe_is_return(tk)) {
1441                 call->event.funcs = &kretprobe_funcs;
1442                 call->class->define_fields = kretprobe_event_define_fields;
1443         } else {
1444                 call->event.funcs = &kprobe_funcs;
1445                 call->class->define_fields = kprobe_event_define_fields;
1446         }
1447 
1448         call->flags = TRACE_EVENT_FL_KPROBE;
1449         call->class->reg = kprobe_register;
1450         call->data = tk;
1451 }
1452 
1453 static int register_kprobe_event(struct trace_kprobe *tk)
1454 {
1455         struct trace_event_call *call = &tk->tp.call;
1456         int ret = 0;
1457 
1458         init_trace_event_call(tk, call);
1459 
1460         if (set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0)
1461                 return -ENOMEM;
1462         ret = register_trace_event(&call->event);
1463         if (!ret) {
1464                 kfree(call->print_fmt);
1465                 return -ENODEV;
1466         }
1467         ret = trace_add_event_call(call);
1468         if (ret) {
1469                 pr_info("Failed to register kprobe event: %s\n",
1470                         trace_event_name(call));
1471                 kfree(call->print_fmt);
1472                 unregister_trace_event(&call->event);
1473         }
1474         return ret;
1475 }
1476 
1477 static int unregister_kprobe_event(struct trace_kprobe *tk)
1478 {
1479         int ret;
1480 
1481         /* tp->event is unregistered in trace_remove_event_call() */
1482         ret = trace_remove_event_call(&tk->tp.call);
1483         if (!ret)
1484                 kfree(tk->tp.call.print_fmt);
1485         return ret;
1486 }
1487 
1488 #ifdef CONFIG_PERF_EVENTS
1489 /* create a trace_kprobe, but don't add it to global lists */
1490 struct trace_event_call *
1491 create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
1492                           bool is_return)
1493 {
1494         struct trace_kprobe *tk;
1495         int ret;
1496         char *event;
1497 
1498         /*
1499          * local trace_kprobes are not added to probe_list, so they are never
1500          * searched in find_trace_kprobe(). Therefore, there is no concern of
1501          * duplicated name here.
1502          */
1503         event = func ? func : "DUMMY_EVENT";
1504 
1505         tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, (void *)addr, func,
1506                                 offs, 0 /* maxactive */, 0 /* nargs */,
1507                                 is_return);
1508 
1509         if (IS_ERR(tk)) {
1510                 pr_info("Failed to allocate trace_probe.(%d)\n",
1511                         (int)PTR_ERR(tk));
1512                 return ERR_CAST(tk);
1513         }
1514 
1515         init_trace_event_call(tk, &tk->tp.call);
1516 
1517         if (set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0) {
1518                 ret = -ENOMEM;
1519                 goto error;
1520         }
1521 
1522         ret = __register_trace_kprobe(tk);
1523         if (ret < 0) {
1524                 kfree(tk->tp.call.print_fmt);
1525                 goto error;
1526         }
1527 
1528         return &tk->tp.call;
1529 error:
1530         free_trace_kprobe(tk);
1531         return ERR_PTR(ret);
1532 }
1533 
1534 void destroy_local_trace_kprobe(struct trace_event_call *event_call)
1535 {
1536         struct trace_kprobe *tk;
1537 
1538         tk = container_of(event_call, struct trace_kprobe, tp.call);
1539 
1540         if (trace_probe_is_enabled(&tk->tp)) {
1541                 WARN_ON(1);
1542                 return;
1543         }
1544 
1545         __unregister_trace_kprobe(tk);
1546 
1547         kfree(tk->tp.call.print_fmt);
1548         free_trace_kprobe(tk);
1549 }
1550 #endif /* CONFIG_PERF_EVENTS */
1551 
1552 /* Make a tracefs interface for controlling probe points */
1553 static __init int init_kprobe_trace(void)
1554 {
1555         struct dentry *d_tracer;
1556         struct dentry *entry;
1557 
1558         if (register_module_notifier(&trace_kprobe_module_nb))
1559                 return -EINVAL;
1560 
1561         d_tracer = tracing_init_dentry();
1562         if (IS_ERR(d_tracer))
1563                 return 0;
1564 
1565         entry = tracefs_create_file("kprobe_events", 0644, d_tracer,
1566                                     NULL, &kprobe_events_ops);
1567 
1568         /* Event list interface */
1569         if (!entry)
1570                 pr_warn("Could not create tracefs 'kprobe_events' entry\n");
1571 
1572         /* Profile interface */
1573         entry = tracefs_create_file("kprobe_profile", 0444, d_tracer,
1574                                     NULL, &kprobe_profile_ops);
1575 
1576         if (!entry)
1577                 pr_warn("Could not create tracefs 'kprobe_profile' entry\n");
1578         return 0;
1579 }
1580 fs_initcall(init_kprobe_trace);
1581 
1582 
1583 #ifdef CONFIG_FTRACE_STARTUP_TEST
1584 static __init struct trace_event_file *
1585 find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr)
1586 {
1587         struct trace_event_file *file;
1588 
1589         list_for_each_entry(file, &tr->events, list)
1590                 if (file->event_call == &tk->tp.call)
1591                         return file;
1592 
1593         return NULL;
1594 }
1595 
1596 /*
1597  * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this
1598  * stage, we can do this lockless.
1599  */
1600 static __init int kprobe_trace_self_tests_init(void)
1601 {
1602         int ret, warn = 0;
1603         int (*target)(int, int, int, int, int, int);
1604         struct trace_kprobe *tk;
1605         struct trace_event_file *file;
1606 
1607         if (tracing_is_disabled())
1608                 return -ENODEV;
1609 
1610         target = kprobe_trace_selftest_target;
1611 
1612         pr_info("Testing kprobe tracing: ");
1613 
1614         ret = trace_run_command("p:testprobe kprobe_trace_selftest_target "
1615                                 "$stack $stack0 +0($stack)",
1616                                 create_trace_kprobe);
1617         if (WARN_ON_ONCE(ret)) {
1618                 pr_warn("error on probing function entry.\n");
1619                 warn++;
1620         } else {
1621                 /* Enable trace point */
1622                 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1623                 if (WARN_ON_ONCE(tk == NULL)) {
1624                         pr_warn("error on getting new probe.\n");
1625                         warn++;
1626                 } else {
1627                         file = find_trace_probe_file(tk, top_trace_array());
1628                         if (WARN_ON_ONCE(file == NULL)) {
1629                                 pr_warn("error on getting probe file.\n");
1630                                 warn++;
1631                         } else
1632                                 enable_trace_kprobe(tk, file);
1633                 }
1634         }
1635 
1636         ret = trace_run_command("r:testprobe2 kprobe_trace_selftest_target "
1637                                 "$retval", create_trace_kprobe);
1638         if (WARN_ON_ONCE(ret)) {
1639                 pr_warn("error on probing function return.\n");
1640                 warn++;
1641         } else {
1642                 /* Enable trace point */
1643                 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1644                 if (WARN_ON_ONCE(tk == NULL)) {
1645                         pr_warn("error on getting 2nd new probe.\n");
1646                         warn++;
1647                 } else {
1648                         file = find_trace_probe_file(tk, top_trace_array());
1649                         if (WARN_ON_ONCE(file == NULL)) {
1650                                 pr_warn("error on getting probe file.\n");
1651                                 warn++;
1652                         } else
1653                                 enable_trace_kprobe(tk, file);
1654                 }
1655         }
1656 
1657         if (warn)
1658                 goto end;
1659 
1660         ret = target(1, 2, 3, 4, 5, 6);
1661 
1662         /*
1663          * Not expecting an error here, the check is only to prevent the
1664          * optimizer from removing the call to target() as otherwise there
1665          * are no side-effects and the call is never performed.
1666          */
1667         if (ret != 21)
1668                 warn++;
1669 
1670         /* Disable trace points before removing it */
1671         tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1672         if (WARN_ON_ONCE(tk == NULL)) {
1673                 pr_warn("error on getting test probe.\n");
1674                 warn++;
1675         } else {
1676                 if (trace_kprobe_nhit(tk) != 1) {
1677                         pr_warn("incorrect number of testprobe hits\n");
1678                         warn++;
1679                 }
1680 
1681                 file = find_trace_probe_file(tk, top_trace_array());
1682                 if (WARN_ON_ONCE(file == NULL)) {
1683                         pr_warn("error on getting probe file.\n");
1684                         warn++;
1685                 } else
1686                         disable_trace_kprobe(tk, file);
1687         }
1688 
1689         tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1690         if (WARN_ON_ONCE(tk == NULL)) {
1691                 pr_warn("error on getting 2nd test probe.\n");
1692                 warn++;
1693         } else {
1694                 if (trace_kprobe_nhit(tk) != 1) {
1695                         pr_warn("incorrect number of testprobe2 hits\n");
1696                         warn++;
1697                 }
1698 
1699                 file = find_trace_probe_file(tk, top_trace_array());
1700                 if (WARN_ON_ONCE(file == NULL)) {
1701                         pr_warn("error on getting probe file.\n");
1702                         warn++;
1703                 } else
1704                         disable_trace_kprobe(tk, file);
1705         }
1706 
1707         ret = trace_run_command("-:testprobe", create_trace_kprobe);
1708         if (WARN_ON_ONCE(ret)) {
1709                 pr_warn("error on deleting a probe.\n");
1710                 warn++;
1711         }
1712 
1713         ret = trace_run_command("-:testprobe2", create_trace_kprobe);
1714         if (WARN_ON_ONCE(ret)) {
1715                 pr_warn("error on deleting a probe.\n");
1716                 warn++;
1717         }
1718 
1719 end:
1720         release_all_trace_kprobes();
1721         /*
1722          * Wait for the optimizer work to finish. Otherwise it might fiddle
1723          * with probes in already freed __init text.
1724          */
1725         wait_for_kprobe_optimizer();
1726         if (warn)
1727                 pr_cont("NG: Some tests are failed. Please check them.\n");
1728         else
1729                 pr_cont("OK\n");
1730         return 0;
1731 }
1732 
1733 late_initcall(kprobe_trace_self_tests_init);
1734 
1735 #endif
1736 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp