Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
kprobe_example.c
Go to the documentation of this file.
1 /*
2  * NOTE: This example is works on x86 and powerpc.
3  * Here's a sample kernel module showing the use of kprobes to dump a
4  * stack trace and selected registers when do_fork() is called.
5  *
6  * For more information on theory of operation of kprobes, see
7  * Documentation/kprobes.txt
8  *
9  * You will see the trace data in /var/log/messages and on the console
10  * whenever do_fork() is invoked to create a new process.
11  */
12 
13 #include <linux/kernel.h>
14 #include <linux/module.h>
15 #include <linux/kprobes.h>
16 
17 /* For each probe you need to allocate a kprobe structure */
18 static struct kprobe kp = {
19  .symbol_name = "do_fork",
20 };
21 
22 /* kprobe pre_handler: called just before the probed instruction is executed */
23 static int handler_pre(struct kprobe *p, struct pt_regs *regs)
24 {
25 #ifdef CONFIG_X86
26  printk(KERN_INFO "pre_handler: p->addr = 0x%p, ip = %lx,"
27  " flags = 0x%lx\n",
28  p->addr, regs->ip, regs->flags);
29 #endif
30 #ifdef CONFIG_PPC
31  printk(KERN_INFO "pre_handler: p->addr = 0x%p, nip = 0x%lx,"
32  " msr = 0x%lx\n",
33  p->addr, regs->nip, regs->msr);
34 #endif
35 #ifdef CONFIG_MIPS
36  printk(KERN_INFO "pre_handler: p->addr = 0x%p, epc = 0x%lx,"
37  " status = 0x%lx\n",
38  p->addr, regs->cp0_epc, regs->cp0_status);
39 #endif
40 
41  /* A dump_stack() here will give a stack backtrace */
42  return 0;
43 }
44 
45 /* kprobe post_handler: called after the probed instruction is executed */
46 static void handler_post(struct kprobe *p, struct pt_regs *regs,
47  unsigned long flags)
48 {
49 #ifdef CONFIG_X86
50  printk(KERN_INFO "post_handler: p->addr = 0x%p, flags = 0x%lx\n",
51  p->addr, regs->flags);
52 #endif
53 #ifdef CONFIG_PPC
54  printk(KERN_INFO "post_handler: p->addr = 0x%p, msr = 0x%lx\n",
55  p->addr, regs->msr);
56 #endif
57 #ifdef CONFIG_MIPS
58  printk(KERN_INFO "post_handler: p->addr = 0x%p, status = 0x%lx\n",
59  p->addr, regs->cp0_status);
60 #endif
61 }
62 
63 /*
64  * fault_handler: this is called if an exception is generated for any
65  * instruction within the pre- or post-handler, or when Kprobes
66  * single-steps the probed instruction.
67  */
68 static int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
69 {
70  printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn",
71  p->addr, trapnr);
72  /* Return 0 because we don't handle the fault. */
73  return 0;
74 }
75 
76 static int __init kprobe_init(void)
77 {
78  int ret;
79  kp.pre_handler = handler_pre;
80  kp.post_handler = handler_post;
81  kp.fault_handler = handler_fault;
82 
83  ret = register_kprobe(&kp);
84  if (ret < 0) {
85  printk(KERN_INFO "register_kprobe failed, returned %d\n", ret);
86  return ret;
87  }
88  printk(KERN_INFO "Planted kprobe at %p\n", kp.addr);
89  return 0;
90 }
91 
92 static void __exit kprobe_exit(void)
93 {
94  unregister_kprobe(&kp);
95  printk(KERN_INFO "kprobe at %p unregistered\n", kp.addr);
96 }
97 
98 module_init(kprobe_init)
99 module_exit(kprobe_exit)
100 MODULE_LICENSE("GPL");
Generated on Thu Jan 10 2013 15:02:48 for Linux Kernel by   doxygen 1.8.2