//DEFINE_KRETPROBE_STRUCT(sched_process_exec, VTSS_SYMBOL_PROC_COMPAT_EXEC, sizeof(struct rp_sched_process_exec_data))
int probe_sched_process_exec_compat( void )
{
int rc = 0;
#ifndef VTSS_AUTOCONF_KPROBE_SYMBOL_NAME
int used_exec1_symbol = 0;
_rp_sched_process_exec_compat.addr = (kprobe_opcode_t*)kallsyms_lookup_name(VTSS_SYMBOL_PROC_COMPAT_EXEC);
if (!_rp_sched_process_exec_compat.addr) {
INFO("Lookup the name of kretprobe %s failed. Trying to find %s name", VTSS_SYMBOL_PROC_COMPAT_EXEC, VTSS_SYMBOL_PROC_COMPAT_EXEC1 );
_rp_sched_process_exec_compat.addr = (kprobe_opcode_t*)kallsyms_lookup_name(VTSS_SYMBOL_PROC_COMPAT_EXEC);
used_exec1_symbol = 1;
if (!_rp_sched_process_exec_compat.addr) {
ERROR("Unable to find symbol '%s'", VTSS_SYMBOL_PROC_COMPAT_EXEC1);
return -1;
}
}
#endif
_SET_KPROBE_FLAGS(_rp_sched_process_exec_compat.kp)
rc = register_kretprobe(&_rp_sched_process_exec_compat);
if (rc) {
#ifdef VTSS_AUTOCONF_KPROBE_SYMBOL_NAME
INFO("Registering the prob on %s failed. Trying to register %s.", VTSS_SYMBOL_PROC_COMPAT_EXEC, VTSS_SYMBOL_PROC_COMPAT_EXEC1);
_rp_sched_process_exec_compat.kp.symbol_name = VTSS_SYMBOL_PROC_COMPAT_EXEC1;
rc = register_kretprobe(&_rp_sched_process_exec_compat);
if (rc)
ERROR("register_kretprobe('%s') failed: %d", VTSS_SYMBOL_PROC_COMPAT_EXEC1, rc);
#else
ERROR("register_kretprobe('%s') failed: %d", (used_exec1_symbol == 0) ? VTSS_SYMBOL_PROC_COMPAT_EXEC : VTSS_SYMBOL_PROC_COMPAT_EXEC1, rc);
#endif
}
return rc;
}
int kmemchecker_probes_init(void)
{
int ret;
my_kmalloc_kretprobe.kp.symbol_name = func_name;
ret = register_kretprobe(&my_kmalloc_kretprobe);
if (ret < 0) {
printk(KERN_INFO "kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_kmalloc_kretprobe.kp.symbol_name,
my_kmalloc_kretprobe.kp.addr);
ret = register_jprobe(&my_kfree_jprobe);
if (ret < 0) {
unregister_kretprobe(&my_kmalloc_kretprobe);
return -1;
}
printk(KERN_INFO "hook kfree\n");
my_kmem_cache_alloc_kretprobe.kp.symbol_name = "__slab_alloc";
ret = register_kretprobe(&my_kmem_cache_alloc_kretprobe);
if (ret < 0) {
unregister_kretprobe(&my_kmalloc_kretprobe);
unregister_jprobe(&my_kfree_jprobe);
return -1;
}
printk(KERN_INFO "hook __slab_alloc\n");
return 0;
}
// The probed addr is given by the user script
// The user script scan /proc/kallsyms
int init_module(void)
{
int ret;
kp1.pre_handler = kp1_pre_handler;
// kp1.post_handler = kp1_post_handler;
kp1_ret.handler = kp1_ret_handler;
if (NULL == (long *) addr_1st) {
printk("must provide an instructmented addr\n");
return 1;
} else {
printk("addr_1st is %lx\n", addr_1st);
}
// need to export kallsyms_lookup_name first
kp1.addr = kp1_ret.kp.addr = (kprobe_opcode_t *)addr_1st;
if ((ret = register_kprobe(&kp1)) < 0) {
printk("register_kprobe failed, ret %d\n", ret);
return ret;
}
if ((ret = register_kretprobe(&kp1_ret)) < 0) {
printk("register_kretprobe failed, ret %d\n", ret);
unregister_kprobe(&kp1);
return ret;
}
printk("kprobe 1 registered\n");
if (NULL == (long *) addr_2nd) {
printk("2nd param is ignored\n");
} else {
printk("addr_2nd is %lx\n", addr_2nd);
// need to export kallsyms_lookup_name first
kp2.addr = kp2_ret.kp.addr = (kprobe_opcode_t *)addr_2nd;
if ((ret = register_kprobe(&kp1)) < 0) {
printk("register_kprobe failed, ret %d\n", ret);
return ret;
}
if ((ret = register_kretprobe(&kp1_ret)) < 0) {
printk("register_kretprobe failed, ret %d\n", ret);
unregister_kprobe(&kp1);
return ret;
}
is_kp2 = true;
printk("kprobe 2 registered\n");
}
return 0;
}
static int instantiationKRETProbe(struct kretprobe *kret,
const char *function_name,
kretprobe_handler_t handler,
kretprobe_handler_t entry_handler)
{
int ret = -1;
struct kprobe kp = {
.symbol_name = function_name,
};
kret->kp = kp;
kret->handler = handler;
kret->entry_handler = entry_handler;
kret->data_size = 0;
kret->maxactive = 20;
ret = register_kretprobe(kret);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n", ret);
return -1;
}
printk(KERN_INFO "Planted kretprobe at %p, handler addr %p\n",
kret->kp.symbol_name, kret->kp.addr);
return ret;
}
/*
Module entry point
Acquire resources and initialize global variables.
Resources allocated are:
1. Allocate circular log buffer
2. Install hooks on
2.1 On entry call of free_task
2.2 On exit call of do_fork
3. Create a proc file
*/
int probe_processes_init(void)
{
int iRet = 0;
int ijprobe_free_task = -1;
int iret_do_fork = -1;
int iproc_file = -1;
trace(DETAIL_LEVEL, "Entering, init_module(); iMaxLineSize=%d, iMaxNbOfLines=%d, iDebugLevel=%d\n",
iMaxLineSize, iMaxNbOfLines, iDebugLevel);
atomic_set(&s_wrOff, 0);
atomic_set(&s_cnt, 0);
do {
// Create circular log buffer
s_pLog = (char*)kmalloc(iMaxLineSize * iMaxNbOfLines, GFP_KERNEL);
if(s_pLog == NULL) {
iRet = -ENOMEM;
break;
}
memset(s_pLog, 0, iMaxLineSize * iMaxNbOfLines);
// Register hook on the entry of free_task kernel method
if ((ijprobe_free_task = register_jprobe(&jprobe_free_task)) < 0) {
trace(ERROR_LEVEL, "register_jprobe(%s) failed, returned %d\n",
jprobe_free_task.kp.symbol_name, ijprobe_free_task);
iRet = ijprobe_free_task;
break;
}
trace(DETAIL_LEVEL, "On call of %s at %p, handler addr %p\n",
jprobe_free_task.kp.symbol_name, jprobe_free_task.kp.addr, jprobe_free_task.entry);
// Register hook on the exit of do_fork kernel method
if ((iret_do_fork = register_kretprobe(&kret_do_fork)) < 0) {
trace(ERROR_LEVEL, "register_kretprobe(%s) failed, returned %d\n",
kret_do_fork.kp.symbol_name, iret_do_fork);
iRet = iret_do_fork;
break;
}
trace(DETAIL_LEVEL, "On return of %s at %p, handler addr %p\n",
kret_do_fork.kp.symbol_name, kret_do_fork.kp.addr, kret_do_fork.handler);
// Create a /proc/taskinfo file
if((iproc_file = CreateProcFile()) < 0) {
iRet = iproc_file;
break;
}
} while(false);
// Run clean up code if we fail to acquire any resources.
if(iRet < 0) {
ReleaseResources(ijprobe_free_task==0?true:false, iret_do_fork==0?true:false);
}
trace(INFO_LEVEL, "Exiting, %d = init_module();\n", iRet);
return iRet;
}
int process_notify_init(void)
{
int err;
if ((err = register_kprobe(&exit_kprobe))) {
printk(KERN_ERR "%s: exit register_kprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto exit_failed;
}
if ((err = register_kretprobe(&fork_kretprobe))) {
printk(KERN_ERR "%s: fork register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto fork_failed;
}
if ((err = register_kretprobe(&exec_kretprobe))) {
printk(KERN_ERR "%s: exec register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
goto exec_failed;
}
#ifdef CONFIG_COMPAT
if ((err = register_kretprobe(&compat_exec_kretprobe))) {
printk(KERN_ERR "%s: compat_exec register_kretprobe() failed with error %d\n",
THIS_MODULE->name, err);
if (err != -EINVAL)
goto compat_exec_failed;
}
#endif
return 0;
#ifdef CONFIG_COMPAT
compat_exec_failed:
unregister_kretprobe(&exec_kretprobe);
#endif
exec_failed:
unregister_kretprobe(&fork_kretprobe);
fork_failed:
unregister_kprobe(&exit_kprobe);
exit_failed:
return err;
}
static int instantiationKRETProbe(struct kretprobe kret,
const char *function_name,
kretprobe_handler_t handler,
kretprobe_handler_t entry_handler)
{
int ret = -1;
kret.kp.symbol_name = function_name;
kret.handler = handler;
kret.entry_handler = entry_handler;
ret = register_kretprobe(&kret);
return ret;
}
int __init probe_init(struct hook *hooks, struct rhook *rhooks)
{
int err;
struct hook *p;
struct rhook *q;
p = hooks;
while (p->funcname) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
p->jp.kp.symbol_name = p->funcname;
#else
p->jp.kp.addr = (void*)kallsyms_lookup_name(p->funcname);
BUG_ON(!p->jp.kp.addr);
#endif
p++;
}
q = rhooks;
while (q->funcname) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
q->rp.kp.symbol_name = q->funcname;
#else
q->rp.kp.addr = (void*)kallsyms_lookup_name(q->funcname);
BUG_ON(!q->rp.kp.addr);
#endif
q++;
}
err = 0;
p = hooks;
while (p->funcname && !err) {
err = register_jprobe(&p->jp);
p++;
}
if (!err) {
q = rhooks;
while (q->funcname && !err) {
err = register_kretprobe(&q->rp);
q++;
}
if (!err)
return 0;
while (--q != rhooks)
unregister_kretprobe(&q->rp);
}
while (--p != hooks)
unregister_jprobe(&p->jp);
return err;
}
static int
stapkp_arch_register_kretprobe(struct stap_dwarf_probe *sdp)
{
int ret = 0;
struct kretprobe *krp = &sdp->kprobe->u.krp;
#ifndef __ia64__
ret = register_kretprobe(krp);
dbug_stapkp_cond(ret == 0, "+kretprobe %p\n", krp->kp.addr);
#else // PR6028
ret = register_kprobe(&sdp->kprobe->dummy);
if (ret == 0) {
ret = register_kretprobe(krp);
if (ret != 0)
unregister_kprobe(&sdp->kprobe->dummy);
}
dbug_stapkp_cond(ret == 0, "+kprobe %p\n", sdp->kprobe->dummy.addr);
dbug_stapkp_cond(ret == 0, "+kretprobe %p\n", krp->kp.addr);
#endif
sdp->registered_p = (ret ? 0 : 1);
return ret;
}
static int __init jprobe_init(void)
{
int ret;
ret = register_jprobe(&my_jprobe);
if (ret < 0) {
printk(KERN_INFO "register_jprobe failed, returned %d\n", ret);
return -1;
}
printk(KERN_INFO "Planted jprobe at %p, handler addr %p\n",
my_jprobe.kp.addr, my_jprobe.entry);
my_kretprobe.kp.symbol_name = "sys_accept4";
ret = register_kretprobe(&my_kretprobe);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr);
my_socket_kretprobe.kp.symbol_name = "sys_socket";
ret = register_kretprobe(&my_socket_kretprobe);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_socket_kretprobe.kp.symbol_name, my_socket_kretprobe.kp.addr);
return 0;
}
static int __init kretprobe_init(void)
{
int ret;
my_kretprobe.kp.symbol_name = "devmem_is_allowed";
ret = register_kretprobe(&my_kretprobe);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr);
return 0;
}
static int __init kretprobe_init(void)
{
int ret;
my_kretprobe.kp.symbol_name = func_name;
ret = register_kretprobe(&my_kretprobe);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n",
ret);
return -1;
}
mark_tsc_unstable("kernel uptime bug");
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr);
return 0;
}
/* Register a trace_probe and probe_event */
static int register_trace_probe(struct trace_probe *tp)
{
struct trace_probe *old_tp;
int ret;
mutex_lock(&probe_lock);
/* register as an event */
old_tp = find_probe_event(tp->call.name, tp->call.system);
if (old_tp) {
/* delete old event */
unregister_trace_probe(old_tp);
free_trace_probe(old_tp);
}
ret = register_probe_event(tp);
if (ret) {
pr_warning("Faild to register probe event(%d)\n", ret);
goto end;
}
tp->rp.kp.flags |= KPROBE_FLAG_DISABLED;
if (probe_is_return(tp))
ret = register_kretprobe(&tp->rp);
else
ret = register_kprobe(&tp->rp.kp);
if (ret) {
pr_warning("Could not insert probe(%d)\n", ret);
if (ret == -EILSEQ) {
pr_warning("Probing address(0x%p) is not an "
"instruction boundary.\n",
tp->rp.kp.addr);
ret = -EINVAL;
}
unregister_probe_event(tp);
} else
list_add_tail(&tp->list, &probe_list);
end:
mutex_unlock(&probe_lock);
return ret;
}
static int test_kretprobe(void)
{
int ret;
ret = register_kretprobe(&rp);
if (ret < 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"register_kretprobe returned %d\n", ret);
return ret;
}
ret = target(rand1);
unregister_kretprobe(&rp);
if (krph_val != rand1) {
printk(KERN_ERR "Kprobe smoke test failed: "
"kretprobe handler not called\n");
handler_errors++;
}
return 0;
}
static int __init kretprobe_init(void)
{
int ret, i;
for (i = 0; i < multi_addr_num; i++)
{
kretprobe[i].handler = ret_handler;
kretprobe[i].entry_handler = entry_handler;
kretprobe[i].data_size = sizeof(struct my_data);
kretprobe[i].maxactive = 20;
kretprobe[i].kp.addr = multi_addr[i];
ret = register_kretprobe(&kretprobe[i]);
if (ret < 0) {
printk(KERN_INFO "register_kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %p\n",
kretprobe[i].kp.addr);
}
return 0;
}
static int mvmhyper_init(void)
{
printk("mvmhyper init.\n");
//printk("%x\n", IOCTL_PRIVCMD_HYPERCALL);
for(i=0;i<hypernum;++i)
{
kphyper[i].pre_handler=handler_pre;
kphyper[i].post_handler=handler_post;
kphyper[i].fault_handler=handler_fault;
//kphyper[i].addr=(kprobe_opcode_t *) (kallsyms_lookup_name("sys_ioctl"));
kphyper[i].addr=(kprobe_opcode_t *) (kallsyms_lookup_name("do_execve")+(i+1)*1);
//kphyper[i].addr=(kprobe_opcode_t *) (0x00080000+i*0x20);
//kphyper.symbol_name="hypercall_page"; kallsyms_lookup_name can't done
//kphyper.addr=0;
register_kprobe(&kphyper[i]);
if(kphyper[i].addr == NULL)
{
printk("Fortune: Error, can't find hyper address.\n");
return 1;
}
printk("Fortune: Kprobe at %p\n",kphyper[i].addr);
//printk("Fortune: code is 0x%lx\n",*((long *)kphyper[i].addr));
}
rphyper.handler=handler_ret;
rphyper.entry_handler=handler_entry;
rphyper.maxactive=20;
rphyper.kp.addr=(kprobe_opcode_t *) (kallsyms_lookup_name("do_execve"));
res=register_kretprobe(&rphyper);
if(res < 0)
{
printk("Fortune: Error, can't find rphyper address.\n");
return 1;
}
printk("Fortune: Kretprobe at %p\n",rphyper.kp.addr);
return 0;
}
