/*
* Return-probe handler: Log the return value and duration. Duration may turn
* out to be zero consistently, depending upon the granularity of time
* accounting on the platform.
*/
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
int retval = regs_return_value(regs);
struct my_data *data = (struct my_data *)ri->data;
s64 delta;
ktime_t now;
struct task_struct *task;
struct files_struct *files;
struct kretprobe *rp = NULL;
struct kprobe kp;
const char *name = NULL;
if (!current->mm)
return 1; /* Skip kernel threads */
task = (struct task_struct *)ri->task;
/*if(task != NULL){
int nextfd = -1;
files = task->files;
nextfd = files->next_fd;
printk(KERN_INFO "on ret handler nextfd = %d",nextfd);
}*/
//printk(KERN_INFO "the application is %s with pid %d.\n",task->comm,task->pid);
now = ktime_get();
rp = ri->rp;
kp = rp->kp;
name = kp.symbol_name;
delta = ktime_to_ns(ktime_sub(now, data->entry_stamp));
printk(KERN_INFO "%s returned %d application %s\n",
name, retval, task->comm);
return 0;
}
asmlinkage void syscall_trace_exit(struct pt_regs *regs)
{
if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
trace_sys_exit(regs, regs_return_value(regs));
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT);
}
static int rp_sched_process_exec_leave(struct kretprobe_instance *ri, struct pt_regs *regs)
{
struct rp_sched_process_exec_data *data = (struct rp_sched_process_exec_data*)ri->data;
int rc = regs_return_value(regs);
TRACE("ri=0x%p, data=0x%p, filename='%s', config='%s', rc=%d", ri, data, data->filename, data->config, rc);
vtss_target_exec_leave(ri->task, data->filename, data->config, rc);
return 0;
}
static int ret_handler(struct kretprobe_instance *ri,
struct pt_regs *regs)
{
int retval = regs_return_value(regs);
struct kmem_cache *s;
if (current == attach)
{
s = get_kmem_cache_by_addr( (void* )retval);
printk(KERN_INFO "%s [%d] malloc %008x , %s\n",
current->comm, current->pid, retval, s->name);
}
return 0;
}
/*
* Return-probe handler: Log the return value and duration. Duration may turn
* out to be zero consistently, depending upon the granularity of time
* accounting on the platform.
*/
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
int retval = regs_return_value(regs);
struct my_data *data = (struct my_data *)ri->data;
s64 delta;
ktime_t now;
now = ktime_get();
delta = ktime_to_ns(ktime_sub(now, data->entry_stamp));
printk(KERN_INFO "%s returned %d and took %lld ns to execute\n",
func_name, retval, (long long)delta);
return 0;
}
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
u64 retval = regs_return_value(regs);
#ifdef CONFIG_X86
if ((long) retval <= 0) {
regs->ax = 0;
WARN_ONCE(1, "%s returned %llu and we fixed it to 0\n",
func_name, retval);
}
#endif
return 0;
}
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
int retval = regs_return_value(regs);
struct task_struct *task;
struct files_struct *files;
struct kretprobe *rp = NULL;
struct kprobe kp;
const char *name = NULL;
struct socket *sock = NULL;
void *stack = NULL;
struct sock *sk;
int addr_len = -1;
struct sockaddr_in in;
struct inet_sock *inet = NULL;
int addr;
short int my_port = -1;
int *p = NULL;
if (!current->mm)
return 1; /* Skip kernel threads */
task = (struct task_struct *)ri->task;
rp = ri->rp;
kp = rp->kp;
name = kp.symbol_name;
printk(KERN_INFO "%s returned %d application %s\n",
name, retval, task->comm);
//stack = task->stack;
stack = regs->bp;
printk(KERN_INFO "before copy -- size %d bytes", addr_len);
memcpy(&addr_len, stack+16, 4);
memcpy(&addr,stack+8,4);
p = stack+12;
memcpy(&in,*p,16);
//sock = (struct socket *) (stack + 8);
//sk = sock->sk;
//inet = inet_sk(sk);
//in = kmalloc(*in,GFP_KERNEL);
//in = (struct sockaddr_in*)(stack + 12);
//sk = (struct sock *)(stack - 12);
//printk(KERN_INFO "%p and dport = %d",sock, inet->num);
printk(KERN_INFO "my port %d and fd = %d",ntohs(in.sin_port),addr);
printk(KERN_INFO "after copy -- size %zu bytes", addr_len);
return 0;
}
static int rp_mmap_region_leave(struct kretprobe_instance *ri, struct pt_regs *regs)
{
struct rp_mmap_region_data *data = (struct rp_mmap_region_data*)ri->data;
unsigned long rc = regs_return_value(regs);
TRACE("ri=0x%p, data=0x%p: rc=0x%lx", ri, data, rc);
if ((rc == data->addr) &&
(data->flags & VM_EXEC) && !(data->flags & VM_WRITE) &&
data->file && data->file->f_dentry)
{
TRACE("file=0x%p, addr=0x%lx, pgoff=%lu, size=%lu", data->file, data->addr, data->pgoff, data->size);
vtss_mmap(data->file, data->addr, data->pgoff, data->size);
}
return 0;
}
static int return_handler2(struct kretprobe_instance *ri, struct pt_regs *regs)
{
unsigned long ret = regs_return_value(regs);
if (ret != (rand1 / div_factor) + 1) {
handler_errors++;
printk(KERN_ERR "Kprobe smoke test failed: "
"incorrect value in kretprobe handler2\n");
}
if (krph_val == 0) {
handler_errors++;
printk(KERN_ERR "Kprobe smoke test failed: "
"call to kretprobe entry handler failed\n");
}
krph_val = rand1;
return 0;
}
/*
* Notification of system call entry/exit
* - triggered by current->work.syscall_trace
*/
asmlinkage void syscall_trace_leave(struct pt_regs *regs)
{
/*
* We may come here right after calling schedule_user()
* or do_notify_resume(), in which case we can be in RCU
* user mode.
*/
user_exit();
audit_syscall_exit(regs);
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
trace_sys_exit(regs, regs_return_value(regs));
if (test_thread_flag(TIF_SYSCALL_TRACE))
tracehook_report_syscall_exit(regs, 0);
user_enter();
}
static int rp_sched_process_fork_leave(struct kretprobe_instance *ri, struct pt_regs *regs)
{
pid_t pid = (pid_t)regs_return_value(regs);
if (pid) {
struct task_struct *task = NULL;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
struct pid *p_pid = find_get_pid(pid);
task = pid_task(p_pid, PIDTYPE_PID);
put_pid(p_pid);
#else /* < 2.6.31 */
rcu_read_lock();
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
task = find_task_by_vpid(pid);
#else /* < 2.6.24 */
task = find_task_by_pid(pid);
#endif /* 2.6.24 */
rcu_read_unlock();
#endif /* 2.6.31 */
vtss_target_fork(current, task);
}
return 0;
}
static __kprobes unsigned long fetch_retvalue(struct pt_regs *regs,
void *dummy)
{
return regs_return_value(regs);
}
static int tcp_close_ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
int retval = regs_return_value(regs);
return 0;
}
static int fork_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
process_notifier_notify(PROC_FORK,
(struct task_struct *) regs_return_value(regs));
return 0;
}
