1 // SPDX-License-Identifier: GPL-2.0
3 * Kprobes-based tracing events
5 * Created by Masami Hiramatsu <mhiramat@redhat.com>
8 #define pr_fmt(fmt) "trace_kprobe: " fmt
10 #include <linux/module.h>
11 #include <linux/uaccess.h>
12 #include <linux/rculist.h>
13 #include <linux/error-injection.h>
15 #include "trace_dynevent.h"
16 #include "trace_kprobe_selftest.h"
17 #include "trace_probe.h"
18 #include "trace_probe_tmpl.h"
20 #define KPROBE_EVENT_SYSTEM "kprobes"
21 #define KRETPROBE_MAXACTIVE_MAX 4096
23 static int trace_kprobe_create(int argc, const char **argv);
24 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev);
25 static int trace_kprobe_release(struct dyn_event *ev);
26 static bool trace_kprobe_is_busy(struct dyn_event *ev);
27 static bool trace_kprobe_match(const char *system, const char *event,
28 struct dyn_event *ev);
30 static struct dyn_event_operations trace_kprobe_ops = {
31 .create = trace_kprobe_create,
32 .show = trace_kprobe_show,
33 .is_busy = trace_kprobe_is_busy,
34 .free = trace_kprobe_release,
35 .match = trace_kprobe_match,
39 * Kprobe event core functions
42 struct dyn_event devent;
43 struct kretprobe rp; /* Use rp.kp for kprobe use */
44 unsigned long __percpu *nhit;
45 const char *symbol; /* symbol name */
46 struct trace_probe tp;
49 static bool is_trace_kprobe(struct dyn_event *ev)
51 return ev->ops == &trace_kprobe_ops;
54 static struct trace_kprobe *to_trace_kprobe(struct dyn_event *ev)
56 return container_of(ev, struct trace_kprobe, devent);
60 * for_each_trace_kprobe - iterate over the trace_kprobe list
61 * @pos: the struct trace_kprobe * for each entry
62 * @dpos: the struct dyn_event * to use as a loop cursor
64 #define for_each_trace_kprobe(pos, dpos) \
65 for_each_dyn_event(dpos) \
66 if (is_trace_kprobe(dpos) && (pos = to_trace_kprobe(dpos)))
68 #define SIZEOF_TRACE_KPROBE(n) \
69 (offsetof(struct trace_kprobe, tp.args) + \
70 (sizeof(struct probe_arg) * (n)))
72 static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk)
74 return tk->rp.handler != NULL;
77 static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk)
79 return tk->symbol ? tk->symbol : "unknown";
82 static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk)
84 return tk->rp.kp.offset;
87 static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk)
89 return !!(kprobe_gone(&tk->rp.kp));
92 static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
95 int len = strlen(mod->name);
96 const char *name = trace_kprobe_symbol(tk);
97 return strncmp(mod->name, name, len) == 0 && name[len] == ':';
100 static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
107 p = strchr(tk->symbol, ':');
111 mutex_lock(&module_mutex);
112 ret = !!find_module(tk->symbol);
113 mutex_unlock(&module_mutex);
119 static bool trace_kprobe_is_busy(struct dyn_event *ev)
121 struct trace_kprobe *tk = to_trace_kprobe(ev);
123 return trace_probe_is_enabled(&tk->tp);
126 static bool trace_kprobe_match(const char *system, const char *event,
127 struct dyn_event *ev)
129 struct trace_kprobe *tk = to_trace_kprobe(ev);
131 return strcmp(trace_event_name(&tk->tp.call), event) == 0 &&
132 (!system || strcmp(tk->tp.call.class->system, system) == 0);
135 static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk)
137 unsigned long nhit = 0;
140 for_each_possible_cpu(cpu)
141 nhit += *per_cpu_ptr(tk->nhit, cpu);
146 /* Return 0 if it fails to find the symbol address */
147 static nokprobe_inline
148 unsigned long trace_kprobe_address(struct trace_kprobe *tk)
153 addr = (unsigned long)
154 kallsyms_lookup_name(trace_kprobe_symbol(tk));
156 addr += tk->rp.kp.offset;
158 addr = (unsigned long)tk->rp.kp.addr;
163 bool trace_kprobe_on_func_entry(struct trace_event_call *call)
165 struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
167 return kprobe_on_func_entry(tk->rp.kp.addr,
168 tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name,
169 tk->rp.kp.addr ? 0 : tk->rp.kp.offset);
172 bool trace_kprobe_error_injectable(struct trace_event_call *call)
174 struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
176 return within_error_injection_list(trace_kprobe_address(tk));
179 static int register_kprobe_event(struct trace_kprobe *tk);
180 static int unregister_kprobe_event(struct trace_kprobe *tk);
182 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs);
183 static int kretprobe_dispatcher(struct kretprobe_instance *ri,
184 struct pt_regs *regs);
187 * Allocate new trace_probe and initialize it (including kprobes).
189 static struct trace_kprobe *alloc_trace_kprobe(const char *group,
195 int nargs, bool is_return)
197 struct trace_kprobe *tk;
200 tk = kzalloc(SIZEOF_TRACE_KPROBE(nargs), GFP_KERNEL);
204 tk->nhit = alloc_percpu(unsigned long);
209 tk->symbol = kstrdup(symbol, GFP_KERNEL);
212 tk->rp.kp.symbol_name = tk->symbol;
213 tk->rp.kp.offset = offs;
215 tk->rp.kp.addr = addr;
218 tk->rp.handler = kretprobe_dispatcher;
220 tk->rp.kp.pre_handler = kprobe_dispatcher;
222 tk->rp.maxactive = maxactive;
224 if (!event || !is_good_name(event)) {
229 tk->tp.call.class = &tk->tp.class;
230 tk->tp.call.name = kstrdup(event, GFP_KERNEL);
231 if (!tk->tp.call.name)
234 if (!group || !is_good_name(group)) {
239 tk->tp.class.system = kstrdup(group, GFP_KERNEL);
240 if (!tk->tp.class.system)
243 dyn_event_init(&tk->devent, &trace_kprobe_ops);
244 INIT_LIST_HEAD(&tk->tp.files);
247 kfree(tk->tp.call.name);
249 free_percpu(tk->nhit);
254 static void free_trace_kprobe(struct trace_kprobe *tk)
261 for (i = 0; i < tk->tp.nr_args; i++)
262 traceprobe_free_probe_arg(&tk->tp.args[i]);
264 kfree(tk->tp.call.class->system);
265 kfree(tk->tp.call.name);
267 free_percpu(tk->nhit);
271 static struct trace_kprobe *find_trace_kprobe(const char *event,
274 struct dyn_event *pos;
275 struct trace_kprobe *tk;
277 for_each_trace_kprobe(tk, pos)
278 if (strcmp(trace_event_name(&tk->tp.call), event) == 0 &&
279 strcmp(tk->tp.call.class->system, group) == 0)
284 static inline int __enable_trace_kprobe(struct trace_kprobe *tk)
288 if (trace_probe_is_registered(&tk->tp) && !trace_kprobe_has_gone(tk)) {
289 if (trace_kprobe_is_return(tk))
290 ret = enable_kretprobe(&tk->rp);
292 ret = enable_kprobe(&tk->rp.kp);
300 * if the file is NULL, enable "perf" handler, or enable "trace" handler.
303 enable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
305 struct event_file_link *link;
309 link = kmalloc(sizeof(*link), GFP_KERNEL);
316 list_add_tail_rcu(&link->list, &tk->tp.files);
318 tk->tp.flags |= TP_FLAG_TRACE;
319 ret = __enable_trace_kprobe(tk);
321 list_del_rcu(&link->list);
323 tk->tp.flags &= ~TP_FLAG_TRACE;
327 tk->tp.flags |= TP_FLAG_PROFILE;
328 ret = __enable_trace_kprobe(tk);
330 tk->tp.flags &= ~TP_FLAG_PROFILE;
337 * Disable trace_probe
338 * if the file is NULL, disable "perf" handler, or disable "trace" handler.
341 disable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
343 struct event_file_link *link = NULL;
348 link = find_event_file_link(&tk->tp, file);
354 list_del_rcu(&link->list);
356 if (!list_empty(&tk->tp.files))
359 tk->tp.flags &= ~TP_FLAG_TRACE;
361 tk->tp.flags &= ~TP_FLAG_PROFILE;
363 if (!trace_probe_is_enabled(&tk->tp) && trace_probe_is_registered(&tk->tp)) {
364 if (trace_kprobe_is_return(tk))
365 disable_kretprobe(&tk->rp);
367 disable_kprobe(&tk->rp.kp);
372 * if tk is not added to any list, it must be a local trace_kprobe
373 * created with perf_event_open. We don't need to wait for these
376 if (list_empty(&tk->devent.list))
381 * Synchronize with kprobe_trace_func/kretprobe_trace_func
382 * to ensure disabled (all running handlers are finished).
383 * This is not only for kfree(), but also the caller,
384 * trace_remove_event_call() supposes it for releasing
385 * event_call related objects, which will be accessed in
386 * the kprobe_trace_func/kretprobe_trace_func.
389 kfree(link); /* Ignored if link == NULL */
395 #if defined(CONFIG_KPROBES_ON_FTRACE) && \
396 !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE)
397 static bool within_notrace_func(struct trace_kprobe *tk)
399 unsigned long offset, size, addr;
401 addr = trace_kprobe_address(tk);
402 if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset))
405 /* Get the entry address of the target function */
409 * Since ftrace_location_range() does inclusive range check, we need
410 * to subtract 1 byte from the end address.
412 return !ftrace_location_range(addr, addr + size - 1);
415 #define within_notrace_func(tk) (false)
418 /* Internal register function - just handle k*probes and flags */
419 static int __register_trace_kprobe(struct trace_kprobe *tk)
423 if (trace_probe_is_registered(&tk->tp))
426 if (within_notrace_func(tk)) {
427 pr_warn("Could not probe notrace function %s\n",
428 trace_kprobe_symbol(tk));
432 for (i = 0; i < tk->tp.nr_args; i++) {
433 ret = traceprobe_update_arg(&tk->tp.args[i]);
438 /* Set/clear disabled flag according to tp->flag */
439 if (trace_probe_is_enabled(&tk->tp))
440 tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED;
442 tk->rp.kp.flags |= KPROBE_FLAG_DISABLED;
444 if (trace_kprobe_is_return(tk))
445 ret = register_kretprobe(&tk->rp);
447 ret = register_kprobe(&tk->rp.kp);
450 tk->tp.flags |= TP_FLAG_REGISTERED;
451 } else if (ret == -EILSEQ) {
452 pr_warn("Probing address(0x%p) is not an instruction boundary.\n",
459 /* Internal unregister function - just handle k*probes and flags */
460 static void __unregister_trace_kprobe(struct trace_kprobe *tk)
462 if (trace_probe_is_registered(&tk->tp)) {
463 if (trace_kprobe_is_return(tk))
464 unregister_kretprobe(&tk->rp);
466 unregister_kprobe(&tk->rp.kp);
467 tk->tp.flags &= ~TP_FLAG_REGISTERED;
468 /* Cleanup kprobe for reuse */
469 if (tk->rp.kp.symbol_name)
470 tk->rp.kp.addr = NULL;
474 /* Unregister a trace_probe and probe_event */
475 static int unregister_trace_kprobe(struct trace_kprobe *tk)
477 /* Enabled event can not be unregistered */
478 if (trace_probe_is_enabled(&tk->tp))
481 /* Will fail if probe is being used by ftrace or perf */
482 if (unregister_kprobe_event(tk))
485 __unregister_trace_kprobe(tk);
486 dyn_event_remove(&tk->devent);
491 /* Register a trace_probe and probe_event */
492 static int register_trace_kprobe(struct trace_kprobe *tk)
494 struct trace_kprobe *old_tk;
497 mutex_lock(&event_mutex);
499 /* Delete old (same name) event if exist */
500 old_tk = find_trace_kprobe(trace_event_name(&tk->tp.call),
501 tk->tp.call.class->system);
503 ret = unregister_trace_kprobe(old_tk);
506 free_trace_kprobe(old_tk);
509 /* Register new event */
510 ret = register_kprobe_event(tk);
512 pr_warn("Failed to register probe event(%d)\n", ret);
516 /* Register k*probe */
517 ret = __register_trace_kprobe(tk);
518 if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) {
519 pr_warn("This probe might be able to register after target module is loaded. Continue.\n");
524 unregister_kprobe_event(tk);
526 dyn_event_add(&tk->devent);
529 mutex_unlock(&event_mutex);
533 /* Module notifier call back, checking event on the module */
534 static int trace_kprobe_module_callback(struct notifier_block *nb,
535 unsigned long val, void *data)
537 struct module *mod = data;
538 struct dyn_event *pos;
539 struct trace_kprobe *tk;
542 if (val != MODULE_STATE_COMING)
545 /* Update probes on coming module */
546 mutex_lock(&event_mutex);
547 for_each_trace_kprobe(tk, pos) {
548 if (trace_kprobe_within_module(tk, mod)) {
549 /* Don't need to check busy - this should have gone. */
550 __unregister_trace_kprobe(tk);
551 ret = __register_trace_kprobe(tk);
553 pr_warn("Failed to re-register probe %s on %s: %d\n",
554 trace_event_name(&tk->tp.call),
558 mutex_unlock(&event_mutex);
563 static struct notifier_block trace_kprobe_module_nb = {
564 .notifier_call = trace_kprobe_module_callback,
565 .priority = 1 /* Invoked after kprobe module callback */
568 /* Convert certain expected symbols into '_' when generating event names */
569 static inline void sanitize_event_name(char *name)
571 while (*name++ != '\0')
572 if (*name == ':' || *name == '.')
576 static int trace_kprobe_create(int argc, const char *argv[])
581 * p[:[GRP/]EVENT] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS]
583 * r[MAXACTIVE][:[GRP/]EVENT] [MOD:]KSYM[+0] [FETCHARGS]
585 * $retval : fetch return value
586 * $stack : fetch stack address
587 * $stackN : fetch Nth of stack (N:0-)
588 * $comm : fetch current task comm
589 * @ADDR : fetch memory at ADDR (ADDR should be in kernel)
590 * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol)
591 * %REG : fetch register REG
592 * Dereferencing memory fetch:
593 * +|-offs(ARG) : fetch memory at ARG +|- offs address.
594 * Alias name of args:
595 * NAME=FETCHARG : set NAME as alias of FETCHARG.
597 * FETCHARG:TYPE : use TYPE instead of unsigned long.
599 struct trace_kprobe *tk;
601 bool is_return = false;
602 char *symbol = NULL, *tmp = NULL;
603 const char *event = NULL, *group = KPROBE_EVENT_SYSTEM;
607 char buf[MAX_EVENT_NAME_LEN];
608 unsigned int flags = TPARG_FL_KERNEL;
610 switch (argv[0][0]) {
613 flags |= TPARG_FL_RETURN;
623 event = strchr(&argv[0][1], ':');
627 if (is_return && isdigit(argv[0][1])) {
629 len = event - &argv[0][1] - 1;
631 len = strlen(&argv[0][1]);
632 if (len > MAX_EVENT_NAME_LEN - 1)
634 memcpy(buf, &argv[0][1], len);
636 ret = kstrtouint(buf, 0, &maxactive);
638 pr_info("Failed to parse maxactive.\n");
641 /* kretprobes instances are iterated over via a list. The
642 * maximum should stay reasonable.
644 if (maxactive > KRETPROBE_MAXACTIVE_MAX) {
645 pr_info("Maxactive is too big (%d > %d).\n",
646 maxactive, KRETPROBE_MAXACTIVE_MAX);
651 /* try to parse an address. if that fails, try to read the
652 * input as a symbol. */
653 if (kstrtoul(argv[1], 0, (unsigned long *)&addr)) {
654 /* Check whether uprobe event specified */
655 if (strchr(argv[1], '/') && strchr(argv[1], ':'))
657 /* a symbol specified */
658 symbol = kstrdup(argv[1], GFP_KERNEL);
661 /* TODO: support .init module functions */
662 ret = traceprobe_split_symbol_offset(symbol, &offset);
663 if (ret || offset < 0 || offset > UINT_MAX) {
664 pr_info("Failed to parse either an address or a symbol.\n");
667 if (kprobe_on_func_entry(NULL, symbol, offset))
668 flags |= TPARG_FL_FENTRY;
669 if (offset && is_return && !(flags & TPARG_FL_FENTRY)) {
670 pr_info("Given offset is not valid for return probe.\n");
675 argc -= 2; argv += 2;
678 ret = traceprobe_parse_event_name(&event, &group, buf);
682 /* Make a new event name */
684 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_%ld",
685 is_return ? 'r' : 'p', symbol, offset);
687 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_0x%p",
688 is_return ? 'r' : 'p', addr);
689 sanitize_event_name(buf);
694 tk = alloc_trace_kprobe(group, event, addr, symbol, offset, maxactive,
697 pr_info("Failed to allocate trace_probe.(%d)\n",
703 /* parse arguments */
704 for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
705 tmp = kstrdup(argv[i], GFP_KERNEL);
711 ret = traceprobe_parse_probe_arg(&tk->tp, i, tmp, flags);
717 ret = register_trace_kprobe(tk);
725 free_trace_kprobe(tk);
729 static int create_or_delete_trace_kprobe(int argc, char **argv)
733 if (argv[0][0] == '-')
734 return dyn_event_release(argc, argv, &trace_kprobe_ops);
736 ret = trace_kprobe_create(argc, (const char **)argv);
737 return ret == -ECANCELED ? -EINVAL : ret;
740 static int trace_kprobe_release(struct dyn_event *ev)
742 struct trace_kprobe *tk = to_trace_kprobe(ev);
743 int ret = unregister_trace_kprobe(tk);
746 free_trace_kprobe(tk);
750 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev)
752 struct trace_kprobe *tk = to_trace_kprobe(ev);
755 seq_putc(m, trace_kprobe_is_return(tk) ? 'r' : 'p');
756 seq_printf(m, ":%s/%s", tk->tp.call.class->system,
757 trace_event_name(&tk->tp.call));
760 seq_printf(m, " 0x%p", tk->rp.kp.addr);
761 else if (tk->rp.kp.offset)
762 seq_printf(m, " %s+%u", trace_kprobe_symbol(tk),
765 seq_printf(m, " %s", trace_kprobe_symbol(tk));
767 for (i = 0; i < tk->tp.nr_args; i++)
768 seq_printf(m, " %s=%s", tk->tp.args[i].name, tk->tp.args[i].comm);
774 static int probes_seq_show(struct seq_file *m, void *v)
776 struct dyn_event *ev = v;
778 if (!is_trace_kprobe(ev))
781 return trace_kprobe_show(m, ev);
784 static const struct seq_operations probes_seq_op = {
785 .start = dyn_event_seq_start,
786 .next = dyn_event_seq_next,
787 .stop = dyn_event_seq_stop,
788 .show = probes_seq_show
791 static int probes_open(struct inode *inode, struct file *file)
795 if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
796 ret = dyn_events_release_all(&trace_kprobe_ops);
801 return seq_open(file, &probes_seq_op);
804 static ssize_t probes_write(struct file *file, const char __user *buffer,
805 size_t count, loff_t *ppos)
807 return trace_parse_run_command(file, buffer, count, ppos,
808 create_or_delete_trace_kprobe);
811 static const struct file_operations kprobe_events_ops = {
812 .owner = THIS_MODULE,
816 .release = seq_release,
817 .write = probes_write,
820 /* Probes profiling interfaces */
821 static int probes_profile_seq_show(struct seq_file *m, void *v)
823 struct dyn_event *ev = v;
824 struct trace_kprobe *tk;
826 if (!is_trace_kprobe(ev))
829 tk = to_trace_kprobe(ev);
830 seq_printf(m, " %-44s %15lu %15lu\n",
831 trace_event_name(&tk->tp.call),
832 trace_kprobe_nhit(tk),
838 static const struct seq_operations profile_seq_op = {
839 .start = dyn_event_seq_start,
840 .next = dyn_event_seq_next,
841 .stop = dyn_event_seq_stop,
842 .show = probes_profile_seq_show
845 static int profile_open(struct inode *inode, struct file *file)
847 return seq_open(file, &profile_seq_op);
850 static const struct file_operations kprobe_profile_ops = {
851 .owner = THIS_MODULE,
852 .open = profile_open,
855 .release = seq_release,
858 /* Kprobe specific fetch functions */
860 /* Return the length of string -- including null terminal byte */
861 static nokprobe_inline int
862 fetch_store_strlen(unsigned long addr)
873 ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1);
875 } while (c && ret == 0 && len < MAX_STRING_SIZE);
880 return (ret < 0) ? ret : len;
884 * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
885 * length and relative data location.
887 static nokprobe_inline int
888 fetch_store_string(unsigned long addr, void *dest, void *base)
890 int maxlen = get_loc_len(*(u32 *)dest);
891 u8 *dst = get_loc_data(dest, base);
894 if (unlikely(!maxlen))
897 * Try to get string again, since the string can be changed while
900 ret = strncpy_from_unsafe(dst, (void *)addr, maxlen);
903 *(u32 *)dest = make_data_loc(ret, (void *)dst - base);
907 static nokprobe_inline int
908 probe_mem_read(void *dest, void *src, size_t size)
910 return probe_kernel_read(dest, src, size);
913 /* Note that we don't verify it, since the code does not come from user space */
915 process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest,
921 /* 1st stage: get value from context */
924 val = regs_get_register(regs, code->param);
927 val = regs_get_kernel_stack_nth(regs, code->param);
929 case FETCH_OP_STACKP:
930 val = kernel_stack_pointer(regs);
932 case FETCH_OP_RETVAL:
933 val = regs_return_value(regs);
936 val = code->immediate;
939 val = (unsigned long)current->comm;
941 #ifdef CONFIG_HAVE_FUNCTION_ARG_ACCESS_API
943 val = regs_get_kernel_argument(regs, code->param);
946 case FETCH_NOP_SYMBOL: /* Ignore a place holder */
954 return process_fetch_insn_bottom(code, val, dest, base);
956 NOKPROBE_SYMBOL(process_fetch_insn)
959 static nokprobe_inline void
960 __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs,
961 struct trace_event_file *trace_file)
963 struct kprobe_trace_entry_head *entry;
964 struct ring_buffer_event *event;
965 struct ring_buffer *buffer;
967 unsigned long irq_flags;
968 struct trace_event_call *call = &tk->tp.call;
970 WARN_ON(call != trace_file->event_call);
972 if (trace_trigger_soft_disabled(trace_file))
975 local_save_flags(irq_flags);
976 pc = preempt_count();
978 dsize = __get_data_size(&tk->tp, regs);
979 size = sizeof(*entry) + tk->tp.size + dsize;
981 event = trace_event_buffer_lock_reserve(&buffer, trace_file,
983 size, irq_flags, pc);
987 entry = ring_buffer_event_data(event);
988 entry->ip = (unsigned long)tk->rp.kp.addr;
989 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
991 event_trigger_unlock_commit_regs(trace_file, buffer, event,
992 entry, irq_flags, pc, regs);
996 kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs)
998 struct event_file_link *link;
1000 list_for_each_entry_rcu(link, &tk->tp.files, list)
1001 __kprobe_trace_func(tk, regs, link->file);
1003 NOKPROBE_SYMBOL(kprobe_trace_func);
1005 /* Kretprobe handler */
1006 static nokprobe_inline void
1007 __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1008 struct pt_regs *regs,
1009 struct trace_event_file *trace_file)
1011 struct kretprobe_trace_entry_head *entry;
1012 struct ring_buffer_event *event;
1013 struct ring_buffer *buffer;
1014 int size, pc, dsize;
1015 unsigned long irq_flags;
1016 struct trace_event_call *call = &tk->tp.call;
1018 WARN_ON(call != trace_file->event_call);
1020 if (trace_trigger_soft_disabled(trace_file))
1023 local_save_flags(irq_flags);
1024 pc = preempt_count();
1026 dsize = __get_data_size(&tk->tp, regs);
1027 size = sizeof(*entry) + tk->tp.size + dsize;
1029 event = trace_event_buffer_lock_reserve(&buffer, trace_file,
1031 size, irq_flags, pc);
1035 entry = ring_buffer_event_data(event);
1036 entry->func = (unsigned long)tk->rp.kp.addr;
1037 entry->ret_ip = (unsigned long)ri->ret_addr;
1038 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1040 event_trigger_unlock_commit_regs(trace_file, buffer, event,
1041 entry, irq_flags, pc, regs);
1045 kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1046 struct pt_regs *regs)
1048 struct event_file_link *link;
1050 list_for_each_entry_rcu(link, &tk->tp.files, list)
1051 __kretprobe_trace_func(tk, ri, regs, link->file);
1053 NOKPROBE_SYMBOL(kretprobe_trace_func);
1055 /* Event entry printers */
1056 static enum print_line_t
1057 print_kprobe_event(struct trace_iterator *iter, int flags,
1058 struct trace_event *event)
1060 struct kprobe_trace_entry_head *field;
1061 struct trace_seq *s = &iter->seq;
1062 struct trace_probe *tp;
1064 field = (struct kprobe_trace_entry_head *)iter->ent;
1065 tp = container_of(event, struct trace_probe, call.event);
1067 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1069 if (!seq_print_ip_sym(s, field->ip, flags | TRACE_ITER_SYM_OFFSET))
1072 trace_seq_putc(s, ')');
1074 if (print_probe_args(s, tp->args, tp->nr_args,
1075 (u8 *)&field[1], field) < 0)
1078 trace_seq_putc(s, '\n');
1080 return trace_handle_return(s);
1083 static enum print_line_t
1084 print_kretprobe_event(struct trace_iterator *iter, int flags,
1085 struct trace_event *event)
1087 struct kretprobe_trace_entry_head *field;
1088 struct trace_seq *s = &iter->seq;
1089 struct trace_probe *tp;
1091 field = (struct kretprobe_trace_entry_head *)iter->ent;
1092 tp = container_of(event, struct trace_probe, call.event);
1094 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1096 if (!seq_print_ip_sym(s, field->ret_ip, flags | TRACE_ITER_SYM_OFFSET))
1099 trace_seq_puts(s, " <- ");
1101 if (!seq_print_ip_sym(s, field->func, flags & ~TRACE_ITER_SYM_OFFSET))
1104 trace_seq_putc(s, ')');
1106 if (print_probe_args(s, tp->args, tp->nr_args,
1107 (u8 *)&field[1], field) < 0)
1110 trace_seq_putc(s, '\n');
1113 return trace_handle_return(s);
1117 static int kprobe_event_define_fields(struct trace_event_call *event_call)
1120 struct kprobe_trace_entry_head field;
1121 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1123 DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0);
1125 return traceprobe_define_arg_fields(event_call, sizeof(field), &tk->tp);
1128 static int kretprobe_event_define_fields(struct trace_event_call *event_call)
1131 struct kretprobe_trace_entry_head field;
1132 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1134 DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0);
1135 DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0);
1137 return traceprobe_define_arg_fields(event_call, sizeof(field), &tk->tp);
1140 #ifdef CONFIG_PERF_EVENTS
1142 /* Kprobe profile handler */
1144 kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs)
1146 struct trace_event_call *call = &tk->tp.call;
1147 struct kprobe_trace_entry_head *entry;
1148 struct hlist_head *head;
1149 int size, __size, dsize;
1152 if (bpf_prog_array_valid(call)) {
1153 unsigned long orig_ip = instruction_pointer(regs);
1156 ret = trace_call_bpf(call, regs);
1159 * We need to check and see if we modified the pc of the
1160 * pt_regs, and if so return 1 so that we don't do the
1163 if (orig_ip != instruction_pointer(regs))
1169 head = this_cpu_ptr(call->perf_events);
1170 if (hlist_empty(head))
1173 dsize = __get_data_size(&tk->tp, regs);
1174 __size = sizeof(*entry) + tk->tp.size + dsize;
1175 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1176 size -= sizeof(u32);
1178 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1182 entry->ip = (unsigned long)tk->rp.kp.addr;
1183 memset(&entry[1], 0, dsize);
1184 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1185 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1189 NOKPROBE_SYMBOL(kprobe_perf_func);
1191 /* Kretprobe profile handler */
1193 kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1194 struct pt_regs *regs)
1196 struct trace_event_call *call = &tk->tp.call;
1197 struct kretprobe_trace_entry_head *entry;
1198 struct hlist_head *head;
1199 int size, __size, dsize;
1202 if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs))
1205 head = this_cpu_ptr(call->perf_events);
1206 if (hlist_empty(head))
1209 dsize = __get_data_size(&tk->tp, regs);
1210 __size = sizeof(*entry) + tk->tp.size + dsize;
1211 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1212 size -= sizeof(u32);
1214 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1218 entry->func = (unsigned long)tk->rp.kp.addr;
1219 entry->ret_ip = (unsigned long)ri->ret_addr;
1220 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1221 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1224 NOKPROBE_SYMBOL(kretprobe_perf_func);
1226 int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type,
1227 const char **symbol, u64 *probe_offset,
1228 u64 *probe_addr, bool perf_type_tracepoint)
1230 const char *pevent = trace_event_name(event->tp_event);
1231 const char *group = event->tp_event->class->system;
1232 struct trace_kprobe *tk;
1234 if (perf_type_tracepoint)
1235 tk = find_trace_kprobe(pevent, group);
1237 tk = event->tp_event->data;
1241 *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE
1242 : BPF_FD_TYPE_KPROBE;
1244 *symbol = tk->symbol;
1245 *probe_offset = tk->rp.kp.offset;
1250 *probe_addr = (unsigned long)tk->rp.kp.addr;
1254 #endif /* CONFIG_PERF_EVENTS */
1257 * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex.
1259 * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe
1260 * lockless, but we can't race with this __init function.
1262 static int kprobe_register(struct trace_event_call *event,
1263 enum trace_reg type, void *data)
1265 struct trace_kprobe *tk = (struct trace_kprobe *)event->data;
1266 struct trace_event_file *file = data;
1269 case TRACE_REG_REGISTER:
1270 return enable_trace_kprobe(tk, file);
1271 case TRACE_REG_UNREGISTER:
1272 return disable_trace_kprobe(tk, file);
1274 #ifdef CONFIG_PERF_EVENTS
1275 case TRACE_REG_PERF_REGISTER:
1276 return enable_trace_kprobe(tk, NULL);
1277 case TRACE_REG_PERF_UNREGISTER:
1278 return disable_trace_kprobe(tk, NULL);
1279 case TRACE_REG_PERF_OPEN:
1280 case TRACE_REG_PERF_CLOSE:
1281 case TRACE_REG_PERF_ADD:
1282 case TRACE_REG_PERF_DEL:
1289 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs)
1291 struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp);
1294 raw_cpu_inc(*tk->nhit);
1296 if (tk->tp.flags & TP_FLAG_TRACE)
1297 kprobe_trace_func(tk, regs);
1298 #ifdef CONFIG_PERF_EVENTS
1299 if (tk->tp.flags & TP_FLAG_PROFILE)
1300 ret = kprobe_perf_func(tk, regs);
1304 NOKPROBE_SYMBOL(kprobe_dispatcher);
1307 kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs)
1309 struct trace_kprobe *tk = container_of(ri->rp, struct trace_kprobe, rp);
1311 raw_cpu_inc(*tk->nhit);
1313 if (tk->tp.flags & TP_FLAG_TRACE)
1314 kretprobe_trace_func(tk, ri, regs);
1315 #ifdef CONFIG_PERF_EVENTS
1316 if (tk->tp.flags & TP_FLAG_PROFILE)
1317 kretprobe_perf_func(tk, ri, regs);
1319 return 0; /* We don't tweek kernel, so just return 0 */
1321 NOKPROBE_SYMBOL(kretprobe_dispatcher);
1323 static struct trace_event_functions kretprobe_funcs = {
1324 .trace = print_kretprobe_event
1327 static struct trace_event_functions kprobe_funcs = {
1328 .trace = print_kprobe_event
1331 static inline void init_trace_event_call(struct trace_kprobe *tk,
1332 struct trace_event_call *call)
1334 INIT_LIST_HEAD(&call->class->fields);
1335 if (trace_kprobe_is_return(tk)) {
1336 call->event.funcs = &kretprobe_funcs;
1337 call->class->define_fields = kretprobe_event_define_fields;
1339 call->event.funcs = &kprobe_funcs;
1340 call->class->define_fields = kprobe_event_define_fields;
1343 call->flags = TRACE_EVENT_FL_KPROBE;
1344 call->class->reg = kprobe_register;
1348 static int register_kprobe_event(struct trace_kprobe *tk)
1350 struct trace_event_call *call = &tk->tp.call;
1353 init_trace_event_call(tk, call);
1355 if (traceprobe_set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0)
1357 ret = register_trace_event(&call->event);
1359 kfree(call->print_fmt);
1362 ret = trace_add_event_call(call);
1364 pr_info("Failed to register kprobe event: %s\n",
1365 trace_event_name(call));
1366 kfree(call->print_fmt);
1367 unregister_trace_event(&call->event);
1372 static int unregister_kprobe_event(struct trace_kprobe *tk)
1376 /* tp->event is unregistered in trace_remove_event_call() */
1377 ret = trace_remove_event_call(&tk->tp.call);
1379 kfree(tk->tp.call.print_fmt);
1383 #ifdef CONFIG_PERF_EVENTS
1384 /* create a trace_kprobe, but don't add it to global lists */
1385 struct trace_event_call *
1386 create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
1389 struct trace_kprobe *tk;
1394 * local trace_kprobes are not added to dyn_event, so they are never
1395 * searched in find_trace_kprobe(). Therefore, there is no concern of
1396 * duplicated name here.
1398 event = func ? func : "DUMMY_EVENT";
1400 tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, (void *)addr, func,
1401 offs, 0 /* maxactive */, 0 /* nargs */,
1405 pr_info("Failed to allocate trace_probe.(%d)\n",
1407 return ERR_CAST(tk);
1410 init_trace_event_call(tk, &tk->tp.call);
1412 if (traceprobe_set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0) {
1417 ret = __register_trace_kprobe(tk);
1419 kfree(tk->tp.call.print_fmt);
1423 return &tk->tp.call;
1425 free_trace_kprobe(tk);
1426 return ERR_PTR(ret);
1429 void destroy_local_trace_kprobe(struct trace_event_call *event_call)
1431 struct trace_kprobe *tk;
1433 tk = container_of(event_call, struct trace_kprobe, tp.call);
1435 if (trace_probe_is_enabled(&tk->tp)) {
1440 __unregister_trace_kprobe(tk);
1442 kfree(tk->tp.call.print_fmt);
1443 free_trace_kprobe(tk);
1445 #endif /* CONFIG_PERF_EVENTS */
1447 /* Make a tracefs interface for controlling probe points */
1448 static __init int init_kprobe_trace(void)
1450 struct dentry *d_tracer;
1451 struct dentry *entry;
1454 ret = dyn_event_register(&trace_kprobe_ops);
1458 if (register_module_notifier(&trace_kprobe_module_nb))
1461 d_tracer = tracing_init_dentry();
1462 if (IS_ERR(d_tracer))
1465 entry = tracefs_create_file("kprobe_events", 0644, d_tracer,
1466 NULL, &kprobe_events_ops);
1468 /* Event list interface */
1470 pr_warn("Could not create tracefs 'kprobe_events' entry\n");
1472 /* Profile interface */
1473 entry = tracefs_create_file("kprobe_profile", 0444, d_tracer,
1474 NULL, &kprobe_profile_ops);
1477 pr_warn("Could not create tracefs 'kprobe_profile' entry\n");
1480 fs_initcall(init_kprobe_trace);
1483 #ifdef CONFIG_FTRACE_STARTUP_TEST
1484 static __init struct trace_event_file *
1485 find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr)
1487 struct trace_event_file *file;
1489 list_for_each_entry(file, &tr->events, list)
1490 if (file->event_call == &tk->tp.call)
1497 * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this
1498 * stage, we can do this lockless.
1500 static __init int kprobe_trace_self_tests_init(void)
1503 int (*target)(int, int, int, int, int, int);
1504 struct trace_kprobe *tk;
1505 struct trace_event_file *file;
1507 if (tracing_is_disabled())
1510 target = kprobe_trace_selftest_target;
1512 pr_info("Testing kprobe tracing: ");
1514 ret = trace_run_command("p:testprobe kprobe_trace_selftest_target $stack $stack0 +0($stack)",
1515 create_or_delete_trace_kprobe);
1516 if (WARN_ON_ONCE(ret)) {
1517 pr_warn("error on probing function entry.\n");
1520 /* Enable trace point */
1521 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1522 if (WARN_ON_ONCE(tk == NULL)) {
1523 pr_warn("error on getting new probe.\n");
1526 file = find_trace_probe_file(tk, top_trace_array());
1527 if (WARN_ON_ONCE(file == NULL)) {
1528 pr_warn("error on getting probe file.\n");
1531 enable_trace_kprobe(tk, file);
1535 ret = trace_run_command("r:testprobe2 kprobe_trace_selftest_target $retval",
1536 create_or_delete_trace_kprobe);
1537 if (WARN_ON_ONCE(ret)) {
1538 pr_warn("error on probing function return.\n");
1541 /* Enable trace point */
1542 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1543 if (WARN_ON_ONCE(tk == NULL)) {
1544 pr_warn("error on getting 2nd new probe.\n");
1547 file = find_trace_probe_file(tk, top_trace_array());
1548 if (WARN_ON_ONCE(file == NULL)) {
1549 pr_warn("error on getting probe file.\n");
1552 enable_trace_kprobe(tk, file);
1559 ret = target(1, 2, 3, 4, 5, 6);
1562 * Not expecting an error here, the check is only to prevent the
1563 * optimizer from removing the call to target() as otherwise there
1564 * are no side-effects and the call is never performed.
1569 /* Disable trace points before removing it */
1570 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1571 if (WARN_ON_ONCE(tk == NULL)) {
1572 pr_warn("error on getting test probe.\n");
1575 if (trace_kprobe_nhit(tk) != 1) {
1576 pr_warn("incorrect number of testprobe hits\n");
1580 file = find_trace_probe_file(tk, top_trace_array());
1581 if (WARN_ON_ONCE(file == NULL)) {
1582 pr_warn("error on getting probe file.\n");
1585 disable_trace_kprobe(tk, file);
1588 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1589 if (WARN_ON_ONCE(tk == NULL)) {
1590 pr_warn("error on getting 2nd test probe.\n");
1593 if (trace_kprobe_nhit(tk) != 1) {
1594 pr_warn("incorrect number of testprobe2 hits\n");
1598 file = find_trace_probe_file(tk, top_trace_array());
1599 if (WARN_ON_ONCE(file == NULL)) {
1600 pr_warn("error on getting probe file.\n");
1603 disable_trace_kprobe(tk, file);
1606 ret = trace_run_command("-:testprobe", create_or_delete_trace_kprobe);
1607 if (WARN_ON_ONCE(ret)) {
1608 pr_warn("error on deleting a probe.\n");
1612 ret = trace_run_command("-:testprobe2", create_or_delete_trace_kprobe);
1613 if (WARN_ON_ONCE(ret)) {
1614 pr_warn("error on deleting a probe.\n");
1619 ret = dyn_events_release_all(&trace_kprobe_ops);
1620 if (WARN_ON_ONCE(ret)) {
1621 pr_warn("error on cleaning up probes.\n");
1625 * Wait for the optimizer work to finish. Otherwise it might fiddle
1626 * with probes in already freed __init text.
1628 wait_for_kprobe_optimizer();
1630 pr_cont("NG: Some tests are failed. Please check them.\n");
1636 late_initcall(kprobe_trace_self_tests_init);
git.samba.org / sfrench / cifs-2.6.git / blob