linux/samples/kprobes/kprobe_example.c
<<
>>
Prefs
   1/*
   2 * NOTE: This example is works on x86 and powerpc.
   3 * Here's a sample kernel module showing the use of kprobes to dump a
   4 * stack trace and selected registers when do_fork() is called.
   5 *
   6 * For more information on theory of operation of kprobes, see
   7 * Documentation/kprobes.txt
   8 *
   9 * You will see the trace data in /var/log/messages and on the console
  10 * whenever do_fork() is invoked to create a new process.
  11 */
  12
  13#include <linux/kernel.h>
  14#include <linux/module.h>
  15#include <linux/kprobes.h>
  16
  17/* For each probe you need to allocate a kprobe structure */
  18static struct kprobe kp = {
  19        .symbol_name    = "do_fork",
  20};
  21
  22/* kprobe pre_handler: called just before the probed instruction is executed */
  23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
  24{
  25#ifdef CONFIG_X86
  26        printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
  27                        " flags = 0x%lx\n",
  28                p->addr, regs->ip, regs->flags);
  29#endif
  30#ifdef CONFIG_PPC
  31        printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
  32                        " msr = 0x%lx\n",
  33                p->addr, regs->nip, regs->msr);
  34#endif
  35
  36        /* A dump_stack() here will give a stack backtrace */
  37        return 0;
  38}
  39
  40/* kprobe post_handler: called after the probed instruction is executed */
  41static void handler_post(struct kprobe *p, struct pt_regs *regs,
  42                                unsigned long flags)
  43{
  44#ifdef CONFIG_X86
  45        printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
  46                p->addr, regs->flags);
  47#endif
  48#ifdef CONFIG_PPC
  49        printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
  50                p->addr, regs->msr);
  51#endif
  52}
  53
  54/*
  55 * fault_handler: this is called if an exception is generated for any
  56 * instruction within the pre- or post-handler, or when Kprobes
  57 * single-steps the probed instruction.
  58 */
  59static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
  60{
  61        printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
  62                p->addr, trapnr);
  63        /* Return 0 because we don't handle the fault. */
  64        return 0;
  65}
  66
  67static int __init kprobe_init(void)
  68{
  69        int ret;
  70        kp.pre_handler = handler_pre;
  71        kp.post_handler = handler_post;
  72        kp.fault_handler = handler_fault;
  73
  74        ret = register_kprobe(&kp);
  75        if (ret < 0) {
  76                printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
  77                return ret;
  78        }
  79        printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
  80        return 0;
  81}
  82
  83static void __exit kprobe_exit(void)
  84{
  85        unregister_kprobe(&kp);
  86        printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
  87}
  88
  89module_init(kprobe_init)
  90module_exit(kprobe_exit)
  91MODULE_LICENSE("GPL");
  92
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.