linux/samples/kprobes/kprobe_example.c
<<
>>
Prefs
   1/*
   2 * NOTE: This example is works on x86 and powerpc.
   3 * Here's a sample kernel module showing the use of kprobes to dump a
   4 * stack trace and selected registers when do_fork() is called.
   5 *
   6 * For more information on theory of operation of kprobes, see
   7 * Documentation/kprobes.txt
   8 *
   9 * You will see the trace data in /var/log/messages and on the console
  10 * whenever do_fork() is invoked to create a new process.
  11 */
  12
  13#include <linux/kernel.h>
  14#include <linux/module.h>
  15#include <linux/kprobes.h>
  16
  17/* For each probe you need to allocate a kprobe structure */
  18static struct kprobe kp = {
  19        .symbol_name    = "do_fork",
  20};
  21
  22/* kprobe pre_handler: called just before the probed instruction is executed */
  23static int handler_pre(struct kprobe *p, struct pt_regs *regs)
  24{
  25#ifdef CONFIG_X86
  26        printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
  27                        " flags = 0x%lx\n",
  28                p->addr, regs->ip, regs->flags);
  29#endif
  30#ifdef CONFIG_PPC
  31        printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
  32                        " msr = 0x%lx\n",
  33                p->addr, regs->nip, regs->msr);
  34#endif
  35#ifdef CONFIG_MIPS
  36        printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
  37                        " status = 0x%lx\n",
  38                p->addr, regs->cp0_epc, regs->cp0_status);
  39#endif
  40
  41        /* A dump_stack() here will give a stack backtrace */
  42        return 0;
  43}
  44
  45/* kprobe post_handler: called after the probed instruction is executed */
  46static void handler_post(struct kprobe *p, struct pt_regs *regs,
  47                                unsigned long flags)
  48{
  49#ifdef CONFIG_X86
  50        printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
  51                p->addr, regs->flags);
  52#endif
  53#ifdef CONFIG_PPC
  54        printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
  55                p->addr, regs->msr);
  56#endif
  57#ifdef CONFIG_MIPS
  58        printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
  59                p->addr, regs->cp0_status);
  60#endif
  61}
  62
  63/*
  64 * fault_handler: this is called if an exception is generated for any
  65 * instruction within the pre- or post-handler, or when Kprobes
  66 * single-steps the probed instruction.
  67 */
  68static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
  69{
  70        printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
  71                p->addr, trapnr);
  72        /* Return 0 because we don't handle the fault. */
  73        return 0;
  74}
  75
  76static int __init kprobe_init(void)
  77{
  78        int ret;
  79        kp.pre_handler = handler_pre;
  80        kp.post_handler = handler_post;
  81        kp.fault_handler = handler_fault;
  82
  83        ret = register_kprobe(&kp);
  84        if (ret < 0) {
  85                printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
  86                return ret;
  87        }
  88        printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
  89        return 0;
  90}
  91
  92static void __exit kprobe_exit(void)
  93{
  94        unregister_kprobe(&kp);
  95        printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
  96}
  97
  98module_init(kprobe_init)
  99module_exit(kprobe_exit)
 100MODULE_LICENSE("GPL");
 101
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.