1 // SPDX-License-Identifier: GPL-2.0
3 * Kprobes-based tracing events
5 * Created by Masami Hiramatsu <mhiramat@redhat.com>
8 #define pr_fmt(fmt) "trace_kprobe: " fmt
10 #include <linux/module.h>
11 #include <linux/uaccess.h>
12 #include <linux/rculist.h>
13 #include <linux/error-injection.h>
15 #include "trace_dynevent.h"
16 #include "trace_kprobe_selftest.h"
17 #include "trace_probe.h"
18 #include "trace_probe_tmpl.h"
20 #define KPROBE_EVENT_SYSTEM "kprobes"
21 #define KRETPROBE_MAXACTIVE_MAX 4096
23 static int trace_kprobe_create(int argc, const char **argv);
24 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev);
25 static int trace_kprobe_release(struct dyn_event *ev);
26 static bool trace_kprobe_is_busy(struct dyn_event *ev);
27 static bool trace_kprobe_match(const char *system, const char *event,
28 struct dyn_event *ev);
30 static struct dyn_event_operations trace_kprobe_ops = {
31 .create = trace_kprobe_create,
32 .show = trace_kprobe_show,
33 .is_busy = trace_kprobe_is_busy,
34 .free = trace_kprobe_release,
35 .match = trace_kprobe_match,
39 * Kprobe event core functions
42 struct dyn_event devent;
43 struct kretprobe rp; /* Use rp.kp for kprobe use */
44 unsigned long __percpu *nhit;
45 const char *symbol; /* symbol name */
46 struct trace_probe tp;
49 static bool is_trace_kprobe(struct dyn_event *ev)
51 return ev->ops == &trace_kprobe_ops;
54 static struct trace_kprobe *to_trace_kprobe(struct dyn_event *ev)
56 return container_of(ev, struct trace_kprobe, devent);
60 * for_each_trace_kprobe - iterate over the trace_kprobe list
61 * @pos: the struct trace_kprobe * for each entry
62 * @dpos: the struct dyn_event * to use as a loop cursor
64 #define for_each_trace_kprobe(pos, dpos) \
65 for_each_dyn_event(dpos) \
66 if (is_trace_kprobe(dpos) && (pos = to_trace_kprobe(dpos)))
68 #define SIZEOF_TRACE_KPROBE(n) \
69 (offsetof(struct trace_kprobe, tp.args) + \
70 (sizeof(struct probe_arg) * (n)))
72 static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk)
74 return tk->rp.handler != NULL;
77 static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk)
79 return tk->symbol ? tk->symbol : "unknown";
82 static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk)
84 return tk->rp.kp.offset;
87 static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk)
89 return !!(kprobe_gone(&tk->rp.kp));
92 static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
95 int len = strlen(mod->name);
96 const char *name = trace_kprobe_symbol(tk);
97 return strncmp(mod->name, name, len) == 0 && name[len] == ':';
100 static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
107 p = strchr(tk->symbol, ':');
111 mutex_lock(&module_mutex);
112 ret = !!find_module(tk->symbol);
113 mutex_unlock(&module_mutex);
119 static bool trace_kprobe_is_busy(struct dyn_event *ev)
121 struct trace_kprobe *tk = to_trace_kprobe(ev);
123 return trace_probe_is_enabled(&tk->tp);
126 static bool trace_kprobe_match(const char *system, const char *event,
127 struct dyn_event *ev)
129 struct trace_kprobe *tk = to_trace_kprobe(ev);
131 return strcmp(trace_event_name(&tk->tp.call), event) == 0 &&
132 (!system || strcmp(tk->tp.call.class->system, system) == 0);
135 static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk)
137 unsigned long nhit = 0;
140 for_each_possible_cpu(cpu)
141 nhit += *per_cpu_ptr(tk->nhit, cpu);
146 /* Return 0 if it fails to find the symbol address */
147 static nokprobe_inline
148 unsigned long trace_kprobe_address(struct trace_kprobe *tk)
153 addr = (unsigned long)
154 kallsyms_lookup_name(trace_kprobe_symbol(tk));
156 addr += tk->rp.kp.offset;
158 addr = (unsigned long)tk->rp.kp.addr;
163 bool trace_kprobe_on_func_entry(struct trace_event_call *call)
165 struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
167 return kprobe_on_func_entry(tk->rp.kp.addr,
168 tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name,
169 tk->rp.kp.addr ? 0 : tk->rp.kp.offset);
172 bool trace_kprobe_error_injectable(struct trace_event_call *call)
174 struct trace_kprobe *tk = (struct trace_kprobe *)call->data;
176 return within_error_injection_list(trace_kprobe_address(tk));
179 static int register_kprobe_event(struct trace_kprobe *tk);
180 static int unregister_kprobe_event(struct trace_kprobe *tk);
182 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs);
183 static int kretprobe_dispatcher(struct kretprobe_instance *ri,
184 struct pt_regs *regs);
187 * Allocate new trace_probe and initialize it (including kprobes).
189 static struct trace_kprobe *alloc_trace_kprobe(const char *group,
195 int nargs, bool is_return)
197 struct trace_kprobe *tk;
200 tk = kzalloc(SIZEOF_TRACE_KPROBE(nargs), GFP_KERNEL);
204 tk->nhit = alloc_percpu(unsigned long);
209 tk->symbol = kstrdup(symbol, GFP_KERNEL);
212 tk->rp.kp.symbol_name = tk->symbol;
213 tk->rp.kp.offset = offs;
215 tk->rp.kp.addr = addr;
218 tk->rp.handler = kretprobe_dispatcher;
220 tk->rp.kp.pre_handler = kprobe_dispatcher;
222 tk->rp.maxactive = maxactive;
224 if (!event || !is_good_name(event)) {
229 tk->tp.call.class = &tk->tp.class;
230 tk->tp.call.name = kstrdup(event, GFP_KERNEL);
231 if (!tk->tp.call.name)
234 if (!group || !is_good_name(group)) {
239 tk->tp.class.system = kstrdup(group, GFP_KERNEL);
240 if (!tk->tp.class.system)
243 dyn_event_init(&tk->devent, &trace_kprobe_ops);
244 INIT_LIST_HEAD(&tk->tp.files);
247 kfree(tk->tp.call.name);
249 free_percpu(tk->nhit);
254 static void free_trace_kprobe(struct trace_kprobe *tk)
261 for (i = 0; i < tk->tp.nr_args; i++)
262 traceprobe_free_probe_arg(&tk->tp.args[i]);
264 kfree(tk->tp.call.class->system);
265 kfree(tk->tp.call.name);
267 free_percpu(tk->nhit);
271 static struct trace_kprobe *find_trace_kprobe(const char *event,
274 struct dyn_event *pos;
275 struct trace_kprobe *tk;
277 for_each_trace_kprobe(tk, pos)
278 if (strcmp(trace_event_name(&tk->tp.call), event) == 0 &&
279 strcmp(tk->tp.call.class->system, group) == 0)
284 static inline int __enable_trace_kprobe(struct trace_kprobe *tk)
288 if (trace_probe_is_registered(&tk->tp) && !trace_kprobe_has_gone(tk)) {
289 if (trace_kprobe_is_return(tk))
290 ret = enable_kretprobe(&tk->rp);
292 ret = enable_kprobe(&tk->rp.kp);
300 * if the file is NULL, enable "perf" handler, or enable "trace" handler.
303 enable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
305 struct event_file_link *link;
309 link = kmalloc(sizeof(*link), GFP_KERNEL);
316 list_add_tail_rcu(&link->list, &tk->tp.files);
318 tk->tp.flags |= TP_FLAG_TRACE;
319 ret = __enable_trace_kprobe(tk);
321 list_del_rcu(&link->list);
323 tk->tp.flags &= ~TP_FLAG_TRACE;
327 tk->tp.flags |= TP_FLAG_PROFILE;
328 ret = __enable_trace_kprobe(tk);
330 tk->tp.flags &= ~TP_FLAG_PROFILE;
337 * Disable trace_probe
338 * if the file is NULL, disable "perf" handler, or disable "trace" handler.
341 disable_trace_kprobe(struct trace_kprobe *tk, struct trace_event_file *file)
343 struct event_file_link *link = NULL;
348 link = find_event_file_link(&tk->tp, file);
354 list_del_rcu(&link->list);
356 if (!list_empty(&tk->tp.files))
359 tk->tp.flags &= ~TP_FLAG_TRACE;
361 tk->tp.flags &= ~TP_FLAG_PROFILE;
363 if (!trace_probe_is_enabled(&tk->tp) && trace_probe_is_registered(&tk->tp)) {
364 if (trace_kprobe_is_return(tk))
365 disable_kretprobe(&tk->rp);
367 disable_kprobe(&tk->rp.kp);
372 * if tk is not added to any list, it must be a local trace_kprobe
373 * created with perf_event_open. We don't need to wait for these
376 if (list_empty(&tk->devent.list))
381 * Synchronize with kprobe_trace_func/kretprobe_trace_func
382 * to ensure disabled (all running handlers are finished).
383 * This is not only for kfree(), but also the caller,
384 * trace_remove_event_call() supposes it for releasing
385 * event_call related objects, which will be accessed in
386 * the kprobe_trace_func/kretprobe_trace_func.
389 kfree(link); /* Ignored if link == NULL */
395 #if defined(CONFIG_KPROBES_ON_FTRACE) && \
396 !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE)
397 static bool within_notrace_func(struct trace_kprobe *tk)
399 unsigned long offset, size, addr;
401 addr = trace_kprobe_address(tk);
402 if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset))
405 /* Get the entry address of the target function */
409 * Since ftrace_location_range() does inclusive range check, we need
410 * to subtract 1 byte from the end address.
412 return !ftrace_location_range(addr, addr + size - 1);
415 #define within_notrace_func(tk) (false)
418 /* Internal register function - just handle k*probes and flags */
419 static int __register_trace_kprobe(struct trace_kprobe *tk)
423 if (trace_probe_is_registered(&tk->tp))
426 if (within_notrace_func(tk)) {
427 pr_warn("Could not probe notrace function %s\n",
428 trace_kprobe_symbol(tk));
432 for (i = 0; i < tk->tp.nr_args; i++) {
433 ret = traceprobe_update_arg(&tk->tp.args[i]);
438 /* Set/clear disabled flag according to tp->flag */
439 if (trace_probe_is_enabled(&tk->tp))
440 tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED;
442 tk->rp.kp.flags |= KPROBE_FLAG_DISABLED;
444 if (trace_kprobe_is_return(tk))
445 ret = register_kretprobe(&tk->rp);
447 ret = register_kprobe(&tk->rp.kp);
450 tk->tp.flags |= TP_FLAG_REGISTERED;
451 } else if (ret == -EILSEQ) {
452 pr_warn("Probing address(0x%p) is not an instruction boundary.\n",
459 /* Internal unregister function - just handle k*probes and flags */
460 static void __unregister_trace_kprobe(struct trace_kprobe *tk)
462 if (trace_probe_is_registered(&tk->tp)) {
463 if (trace_kprobe_is_return(tk))
464 unregister_kretprobe(&tk->rp);
466 unregister_kprobe(&tk->rp.kp);
467 tk->tp.flags &= ~TP_FLAG_REGISTERED;
468 /* Cleanup kprobe for reuse */
469 if (tk->rp.kp.symbol_name)
470 tk->rp.kp.addr = NULL;
474 /* Unregister a trace_probe and probe_event */
475 static int unregister_trace_kprobe(struct trace_kprobe *tk)
477 /* Enabled event can not be unregistered */
478 if (trace_probe_is_enabled(&tk->tp))
481 /* Will fail if probe is being used by ftrace or perf */
482 if (unregister_kprobe_event(tk))
485 __unregister_trace_kprobe(tk);
486 dyn_event_remove(&tk->devent);
491 /* Register a trace_probe and probe_event */
492 static int register_trace_kprobe(struct trace_kprobe *tk)
494 struct trace_kprobe *old_tk;
497 mutex_lock(&event_mutex);
499 /* Delete old (same name) event if exist */
500 old_tk = find_trace_kprobe(trace_event_name(&tk->tp.call),
501 tk->tp.call.class->system);
503 ret = unregister_trace_kprobe(old_tk);
506 free_trace_kprobe(old_tk);
509 /* Register new event */
510 ret = register_kprobe_event(tk);
512 pr_warn("Failed to register probe event(%d)\n", ret);
516 /* Register k*probe */
517 ret = __register_trace_kprobe(tk);
518 if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) {
519 pr_warn("This probe might be able to register after target module is loaded. Continue.\n");
524 unregister_kprobe_event(tk);
526 dyn_event_add(&tk->devent);
529 mutex_unlock(&event_mutex);
533 /* Module notifier call back, checking event on the module */
534 static int trace_kprobe_module_callback(struct notifier_block *nb,
535 unsigned long val, void *data)
537 struct module *mod = data;
538 struct dyn_event *pos;
539 struct trace_kprobe *tk;
542 if (val != MODULE_STATE_COMING)
545 /* Update probes on coming module */
546 mutex_lock(&event_mutex);
547 for_each_trace_kprobe(tk, pos) {
548 if (trace_kprobe_within_module(tk, mod)) {
549 /* Don't need to check busy - this should have gone. */
550 __unregister_trace_kprobe(tk);
551 ret = __register_trace_kprobe(tk);
553 pr_warn("Failed to re-register probe %s on %s: %d\n",
554 trace_event_name(&tk->tp.call),
558 mutex_unlock(&event_mutex);
563 static struct notifier_block trace_kprobe_module_nb = {
564 .notifier_call = trace_kprobe_module_callback,
565 .priority = 1 /* Invoked after kprobe module callback */
568 /* Convert certain expected symbols into '_' when generating event names */
569 static inline void sanitize_event_name(char *name)
571 while (*name++ != '\0')
572 if (*name == ':' || *name == '.')
576 static int trace_kprobe_create(int argc, const char *argv[])
581 * p[:[GRP/]EVENT] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS]
583 * r[MAXACTIVE][:[GRP/]EVENT] [MOD:]KSYM[+0] [FETCHARGS]
585 * $retval : fetch return value
586 * $stack : fetch stack address
587 * $stackN : fetch Nth of stack (N:0-)
588 * $comm : fetch current task comm
589 * @ADDR : fetch memory at ADDR (ADDR should be in kernel)
590 * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol)
591 * %REG : fetch register REG
592 * Dereferencing memory fetch:
593 * +|-offs(ARG) : fetch memory at ARG +|- offs address.
594 * Alias name of args:
595 * NAME=FETCHARG : set NAME as alias of FETCHARG.
597 * FETCHARG:TYPE : use TYPE instead of unsigned long.
599 struct trace_kprobe *tk;
601 bool is_return = false;
602 char *symbol = NULL, *tmp = NULL;
603 const char *event = NULL, *group = KPROBE_EVENT_SYSTEM;
607 char buf[MAX_EVENT_NAME_LEN];
608 unsigned int flags = TPARG_FL_KERNEL;
610 /* argc must be >= 1 */
611 if (argv[0][0] == 'r') {
613 flags |= TPARG_FL_RETURN;
614 } else if (argv[0][0] != 'p' || argc < 2)
617 event = strchr(&argv[0][1], ':');
621 if (is_return && isdigit(argv[0][1])) {
623 len = event - &argv[0][1] - 1;
625 len = strlen(&argv[0][1]);
626 if (len > MAX_EVENT_NAME_LEN - 1)
628 memcpy(buf, &argv[0][1], len);
630 ret = kstrtouint(buf, 0, &maxactive);
632 pr_info("Failed to parse maxactive.\n");
635 /* kretprobes instances are iterated over via a list. The
636 * maximum should stay reasonable.
638 if (maxactive > KRETPROBE_MAXACTIVE_MAX) {
639 pr_info("Maxactive is too big (%d > %d).\n",
640 maxactive, KRETPROBE_MAXACTIVE_MAX);
645 /* try to parse an address. if that fails, try to read the
646 * input as a symbol. */
647 if (kstrtoul(argv[1], 0, (unsigned long *)&addr)) {
648 /* Check whether uprobe event specified */
649 if (strchr(argv[1], '/') && strchr(argv[1], ':'))
651 /* a symbol specified */
652 symbol = kstrdup(argv[1], GFP_KERNEL);
655 /* TODO: support .init module functions */
656 ret = traceprobe_split_symbol_offset(symbol, &offset);
657 if (ret || offset < 0 || offset > UINT_MAX) {
658 pr_info("Failed to parse either an address or a symbol.\n");
661 if (kprobe_on_func_entry(NULL, symbol, offset))
662 flags |= TPARG_FL_FENTRY;
663 if (offset && is_return && !(flags & TPARG_FL_FENTRY)) {
664 pr_info("Given offset is not valid for return probe.\n");
669 argc -= 2; argv += 2;
672 ret = traceprobe_parse_event_name(&event, &group, buf);
676 /* Make a new event name */
678 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_%ld",
679 is_return ? 'r' : 'p', symbol, offset);
681 snprintf(buf, MAX_EVENT_NAME_LEN, "%c_0x%p",
682 is_return ? 'r' : 'p', addr);
683 sanitize_event_name(buf);
688 tk = alloc_trace_kprobe(group, event, addr, symbol, offset, maxactive,
691 pr_info("Failed to allocate trace_probe.(%d)\n",
697 /* parse arguments */
698 for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
699 tmp = kstrdup(argv[i], GFP_KERNEL);
705 ret = traceprobe_parse_probe_arg(&tk->tp, i, tmp, flags);
711 ret = register_trace_kprobe(tk);
719 free_trace_kprobe(tk);
723 static int create_or_delete_trace_kprobe(int argc, char **argv)
727 if (argv[0][0] == '-')
728 return dyn_event_release(argc, argv, &trace_kprobe_ops);
730 ret = trace_kprobe_create(argc, (const char **)argv);
731 return ret == -ECANCELED ? -EINVAL : ret;
734 static int trace_kprobe_release(struct dyn_event *ev)
736 struct trace_kprobe *tk = to_trace_kprobe(ev);
737 int ret = unregister_trace_kprobe(tk);
740 free_trace_kprobe(tk);
744 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev)
746 struct trace_kprobe *tk = to_trace_kprobe(ev);
749 seq_putc(m, trace_kprobe_is_return(tk) ? 'r' : 'p');
750 seq_printf(m, ":%s/%s", tk->tp.call.class->system,
751 trace_event_name(&tk->tp.call));
754 seq_printf(m, " 0x%p", tk->rp.kp.addr);
755 else if (tk->rp.kp.offset)
756 seq_printf(m, " %s+%u", trace_kprobe_symbol(tk),
759 seq_printf(m, " %s", trace_kprobe_symbol(tk));
761 for (i = 0; i < tk->tp.nr_args; i++)
762 seq_printf(m, " %s=%s", tk->tp.args[i].name, tk->tp.args[i].comm);
768 static int probes_seq_show(struct seq_file *m, void *v)
770 struct dyn_event *ev = v;
772 if (!is_trace_kprobe(ev))
775 return trace_kprobe_show(m, ev);
778 static const struct seq_operations probes_seq_op = {
779 .start = dyn_event_seq_start,
780 .next = dyn_event_seq_next,
781 .stop = dyn_event_seq_stop,
782 .show = probes_seq_show
785 static int probes_open(struct inode *inode, struct file *file)
789 if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
790 ret = dyn_events_release_all(&trace_kprobe_ops);
795 return seq_open(file, &probes_seq_op);
798 static ssize_t probes_write(struct file *file, const char __user *buffer,
799 size_t count, loff_t *ppos)
801 return trace_parse_run_command(file, buffer, count, ppos,
802 create_or_delete_trace_kprobe);
805 static const struct file_operations kprobe_events_ops = {
806 .owner = THIS_MODULE,
810 .release = seq_release,
811 .write = probes_write,
814 /* Probes profiling interfaces */
815 static int probes_profile_seq_show(struct seq_file *m, void *v)
817 struct dyn_event *ev = v;
818 struct trace_kprobe *tk;
820 if (!is_trace_kprobe(ev))
823 tk = to_trace_kprobe(ev);
824 seq_printf(m, " %-44s %15lu %15lu\n",
825 trace_event_name(&tk->tp.call),
826 trace_kprobe_nhit(tk),
832 static const struct seq_operations profile_seq_op = {
833 .start = dyn_event_seq_start,
834 .next = dyn_event_seq_next,
835 .stop = dyn_event_seq_stop,
836 .show = probes_profile_seq_show
839 static int profile_open(struct inode *inode, struct file *file)
841 return seq_open(file, &profile_seq_op);
844 static const struct file_operations kprobe_profile_ops = {
845 .owner = THIS_MODULE,
846 .open = profile_open,
849 .release = seq_release,
852 /* Kprobe specific fetch functions */
854 /* Return the length of string -- including null terminal byte */
855 static nokprobe_inline int
856 fetch_store_strlen(unsigned long addr)
867 ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1);
869 } while (c && ret == 0 && len < MAX_STRING_SIZE);
874 return (ret < 0) ? ret : len;
878 * Fetch a null-terminated string. Caller MUST set *(u32 *)buf with max
879 * length and relative data location.
881 static nokprobe_inline int
882 fetch_store_string(unsigned long addr, void *dest, void *base)
884 int maxlen = get_loc_len(*(u32 *)dest);
885 u8 *dst = get_loc_data(dest, base);
888 if (unlikely(!maxlen))
891 * Try to get string again, since the string can be changed while
894 ret = strncpy_from_unsafe(dst, (void *)addr, maxlen);
897 *(u32 *)dest = make_data_loc(ret, (void *)dst - base);
901 static nokprobe_inline int
902 probe_mem_read(void *dest, void *src, size_t size)
904 return probe_kernel_read(dest, src, size);
907 /* Note that we don't verify it, since the code does not come from user space */
909 process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest,
915 /* 1st stage: get value from context */
918 val = regs_get_register(regs, code->param);
921 val = regs_get_kernel_stack_nth(regs, code->param);
923 case FETCH_OP_STACKP:
924 val = kernel_stack_pointer(regs);
926 case FETCH_OP_RETVAL:
927 val = regs_return_value(regs);
930 val = code->immediate;
933 val = (unsigned long)current->comm;
935 #ifdef CONFIG_HAVE_FUNCTION_ARG_ACCESS_API
937 val = regs_get_kernel_argument(regs, code->param);
940 case FETCH_NOP_SYMBOL: /* Ignore a place holder */
948 return process_fetch_insn_bottom(code, val, dest, base);
950 NOKPROBE_SYMBOL(process_fetch_insn)
953 static nokprobe_inline void
954 __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs,
955 struct trace_event_file *trace_file)
957 struct kprobe_trace_entry_head *entry;
958 struct ring_buffer_event *event;
959 struct ring_buffer *buffer;
961 unsigned long irq_flags;
962 struct trace_event_call *call = &tk->tp.call;
964 WARN_ON(call != trace_file->event_call);
966 if (trace_trigger_soft_disabled(trace_file))
969 local_save_flags(irq_flags);
970 pc = preempt_count();
972 dsize = __get_data_size(&tk->tp, regs);
973 size = sizeof(*entry) + tk->tp.size + dsize;
975 event = trace_event_buffer_lock_reserve(&buffer, trace_file,
977 size, irq_flags, pc);
981 entry = ring_buffer_event_data(event);
982 entry->ip = (unsigned long)tk->rp.kp.addr;
983 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
985 event_trigger_unlock_commit_regs(trace_file, buffer, event,
986 entry, irq_flags, pc, regs);
990 kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs)
992 struct event_file_link *link;
994 list_for_each_entry_rcu(link, &tk->tp.files, list)
995 __kprobe_trace_func(tk, regs, link->file);
997 NOKPROBE_SYMBOL(kprobe_trace_func);
999 /* Kretprobe handler */
1000 static nokprobe_inline void
1001 __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1002 struct pt_regs *regs,
1003 struct trace_event_file *trace_file)
1005 struct kretprobe_trace_entry_head *entry;
1006 struct ring_buffer_event *event;
1007 struct ring_buffer *buffer;
1008 int size, pc, dsize;
1009 unsigned long irq_flags;
1010 struct trace_event_call *call = &tk->tp.call;
1012 WARN_ON(call != trace_file->event_call);
1014 if (trace_trigger_soft_disabled(trace_file))
1017 local_save_flags(irq_flags);
1018 pc = preempt_count();
1020 dsize = __get_data_size(&tk->tp, regs);
1021 size = sizeof(*entry) + tk->tp.size + dsize;
1023 event = trace_event_buffer_lock_reserve(&buffer, trace_file,
1025 size, irq_flags, pc);
1029 entry = ring_buffer_event_data(event);
1030 entry->func = (unsigned long)tk->rp.kp.addr;
1031 entry->ret_ip = (unsigned long)ri->ret_addr;
1032 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1034 event_trigger_unlock_commit_regs(trace_file, buffer, event,
1035 entry, irq_flags, pc, regs);
1039 kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1040 struct pt_regs *regs)
1042 struct event_file_link *link;
1044 list_for_each_entry_rcu(link, &tk->tp.files, list)
1045 __kretprobe_trace_func(tk, ri, regs, link->file);
1047 NOKPROBE_SYMBOL(kretprobe_trace_func);
1049 /* Event entry printers */
1050 static enum print_line_t
1051 print_kprobe_event(struct trace_iterator *iter, int flags,
1052 struct trace_event *event)
1054 struct kprobe_trace_entry_head *field;
1055 struct trace_seq *s = &iter->seq;
1056 struct trace_probe *tp;
1058 field = (struct kprobe_trace_entry_head *)iter->ent;
1059 tp = container_of(event, struct trace_probe, call.event);
1061 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1063 if (!seq_print_ip_sym(s, field->ip, flags | TRACE_ITER_SYM_OFFSET))
1066 trace_seq_putc(s, ')');
1068 if (print_probe_args(s, tp->args, tp->nr_args,
1069 (u8 *)&field[1], field) < 0)
1072 trace_seq_putc(s, '\n');
1074 return trace_handle_return(s);
1077 static enum print_line_t
1078 print_kretprobe_event(struct trace_iterator *iter, int flags,
1079 struct trace_event *event)
1081 struct kretprobe_trace_entry_head *field;
1082 struct trace_seq *s = &iter->seq;
1083 struct trace_probe *tp;
1085 field = (struct kretprobe_trace_entry_head *)iter->ent;
1086 tp = container_of(event, struct trace_probe, call.event);
1088 trace_seq_printf(s, "%s: (", trace_event_name(&tp->call));
1090 if (!seq_print_ip_sym(s, field->ret_ip, flags | TRACE_ITER_SYM_OFFSET))
1093 trace_seq_puts(s, " <- ");
1095 if (!seq_print_ip_sym(s, field->func, flags & ~TRACE_ITER_SYM_OFFSET))
1098 trace_seq_putc(s, ')');
1100 if (print_probe_args(s, tp->args, tp->nr_args,
1101 (u8 *)&field[1], field) < 0)
1104 trace_seq_putc(s, '\n');
1107 return trace_handle_return(s);
1111 static int kprobe_event_define_fields(struct trace_event_call *event_call)
1114 struct kprobe_trace_entry_head field;
1115 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1117 DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0);
1119 return traceprobe_define_arg_fields(event_call, sizeof(field), &tk->tp);
1122 static int kretprobe_event_define_fields(struct trace_event_call *event_call)
1125 struct kretprobe_trace_entry_head field;
1126 struct trace_kprobe *tk = (struct trace_kprobe *)event_call->data;
1128 DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0);
1129 DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0);
1131 return traceprobe_define_arg_fields(event_call, sizeof(field), &tk->tp);
1134 #ifdef CONFIG_PERF_EVENTS
1136 /* Kprobe profile handler */
1138 kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs)
1140 struct trace_event_call *call = &tk->tp.call;
1141 struct kprobe_trace_entry_head *entry;
1142 struct hlist_head *head;
1143 int size, __size, dsize;
1146 if (bpf_prog_array_valid(call)) {
1147 unsigned long orig_ip = instruction_pointer(regs);
1150 ret = trace_call_bpf(call, regs);
1153 * We need to check and see if we modified the pc of the
1154 * pt_regs, and if so return 1 so that we don't do the
1157 if (orig_ip != instruction_pointer(regs))
1163 head = this_cpu_ptr(call->perf_events);
1164 if (hlist_empty(head))
1167 dsize = __get_data_size(&tk->tp, regs);
1168 __size = sizeof(*entry) + tk->tp.size + dsize;
1169 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1170 size -= sizeof(u32);
1172 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1176 entry->ip = (unsigned long)tk->rp.kp.addr;
1177 memset(&entry[1], 0, dsize);
1178 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1179 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1183 NOKPROBE_SYMBOL(kprobe_perf_func);
1185 /* Kretprobe profile handler */
1187 kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1188 struct pt_regs *regs)
1190 struct trace_event_call *call = &tk->tp.call;
1191 struct kretprobe_trace_entry_head *entry;
1192 struct hlist_head *head;
1193 int size, __size, dsize;
1196 if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs))
1199 head = this_cpu_ptr(call->perf_events);
1200 if (hlist_empty(head))
1203 dsize = __get_data_size(&tk->tp, regs);
1204 __size = sizeof(*entry) + tk->tp.size + dsize;
1205 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1206 size -= sizeof(u32);
1208 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1212 entry->func = (unsigned long)tk->rp.kp.addr;
1213 entry->ret_ip = (unsigned long)ri->ret_addr;
1214 store_trace_args(&entry[1], &tk->tp, regs, sizeof(*entry), dsize);
1215 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1218 NOKPROBE_SYMBOL(kretprobe_perf_func);
1220 int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type,
1221 const char **symbol, u64 *probe_offset,
1222 u64 *probe_addr, bool perf_type_tracepoint)
1224 const char *pevent = trace_event_name(event->tp_event);
1225 const char *group = event->tp_event->class->system;
1226 struct trace_kprobe *tk;
1228 if (perf_type_tracepoint)
1229 tk = find_trace_kprobe(pevent, group);
1231 tk = event->tp_event->data;
1235 *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE
1236 : BPF_FD_TYPE_KPROBE;
1238 *symbol = tk->symbol;
1239 *probe_offset = tk->rp.kp.offset;
1244 *probe_addr = (unsigned long)tk->rp.kp.addr;
1248 #endif /* CONFIG_PERF_EVENTS */
1251 * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex.
1253 * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe
1254 * lockless, but we can't race with this __init function.
1256 static int kprobe_register(struct trace_event_call *event,
1257 enum trace_reg type, void *data)
1259 struct trace_kprobe *tk = (struct trace_kprobe *)event->data;
1260 struct trace_event_file *file = data;
1263 case TRACE_REG_REGISTER:
1264 return enable_trace_kprobe(tk, file);
1265 case TRACE_REG_UNREGISTER:
1266 return disable_trace_kprobe(tk, file);
1268 #ifdef CONFIG_PERF_EVENTS
1269 case TRACE_REG_PERF_REGISTER:
1270 return enable_trace_kprobe(tk, NULL);
1271 case TRACE_REG_PERF_UNREGISTER:
1272 return disable_trace_kprobe(tk, NULL);
1273 case TRACE_REG_PERF_OPEN:
1274 case TRACE_REG_PERF_CLOSE:
1275 case TRACE_REG_PERF_ADD:
1276 case TRACE_REG_PERF_DEL:
1283 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs)
1285 struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp);
1288 raw_cpu_inc(*tk->nhit);
1290 if (tk->tp.flags & TP_FLAG_TRACE)
1291 kprobe_trace_func(tk, regs);
1292 #ifdef CONFIG_PERF_EVENTS
1293 if (tk->tp.flags & TP_FLAG_PROFILE)
1294 ret = kprobe_perf_func(tk, regs);
1298 NOKPROBE_SYMBOL(kprobe_dispatcher);
1301 kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs)
1303 struct trace_kprobe *tk = container_of(ri->rp, struct trace_kprobe, rp);
1305 raw_cpu_inc(*tk->nhit);
1307 if (tk->tp.flags & TP_FLAG_TRACE)
1308 kretprobe_trace_func(tk, ri, regs);
1309 #ifdef CONFIG_PERF_EVENTS
1310 if (tk->tp.flags & TP_FLAG_PROFILE)
1311 kretprobe_perf_func(tk, ri, regs);
1313 return 0; /* We don't tweek kernel, so just return 0 */
1315 NOKPROBE_SYMBOL(kretprobe_dispatcher);
1317 static struct trace_event_functions kretprobe_funcs = {
1318 .trace = print_kretprobe_event
1321 static struct trace_event_functions kprobe_funcs = {
1322 .trace = print_kprobe_event
1325 static inline void init_trace_event_call(struct trace_kprobe *tk,
1326 struct trace_event_call *call)
1328 INIT_LIST_HEAD(&call->class->fields);
1329 if (trace_kprobe_is_return(tk)) {
1330 call->event.funcs = &kretprobe_funcs;
1331 call->class->define_fields = kretprobe_event_define_fields;
1333 call->event.funcs = &kprobe_funcs;
1334 call->class->define_fields = kprobe_event_define_fields;
1337 call->flags = TRACE_EVENT_FL_KPROBE;
1338 call->class->reg = kprobe_register;
1342 static int register_kprobe_event(struct trace_kprobe *tk)
1344 struct trace_event_call *call = &tk->tp.call;
1347 init_trace_event_call(tk, call);
1349 if (traceprobe_set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0)
1351 ret = register_trace_event(&call->event);
1353 kfree(call->print_fmt);
1356 ret = trace_add_event_call(call);
1358 pr_info("Failed to register kprobe event: %s\n",
1359 trace_event_name(call));
1360 kfree(call->print_fmt);
1361 unregister_trace_event(&call->event);
1366 static int unregister_kprobe_event(struct trace_kprobe *tk)
1370 /* tp->event is unregistered in trace_remove_event_call() */
1371 ret = trace_remove_event_call(&tk->tp.call);
1373 kfree(tk->tp.call.print_fmt);
1377 #ifdef CONFIG_PERF_EVENTS
1378 /* create a trace_kprobe, but don't add it to global lists */
1379 struct trace_event_call *
1380 create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
1383 struct trace_kprobe *tk;
1388 * local trace_kprobes are not added to dyn_event, so they are never
1389 * searched in find_trace_kprobe(). Therefore, there is no concern of
1390 * duplicated name here.
1392 event = func ? func : "DUMMY_EVENT";
1394 tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, (void *)addr, func,
1395 offs, 0 /* maxactive */, 0 /* nargs */,
1399 pr_info("Failed to allocate trace_probe.(%d)\n",
1401 return ERR_CAST(tk);
1404 init_trace_event_call(tk, &tk->tp.call);
1406 if (traceprobe_set_print_fmt(&tk->tp, trace_kprobe_is_return(tk)) < 0) {
1411 ret = __register_trace_kprobe(tk);
1413 kfree(tk->tp.call.print_fmt);
1417 return &tk->tp.call;
1419 free_trace_kprobe(tk);
1420 return ERR_PTR(ret);
1423 void destroy_local_trace_kprobe(struct trace_event_call *event_call)
1425 struct trace_kprobe *tk;
1427 tk = container_of(event_call, struct trace_kprobe, tp.call);
1429 if (trace_probe_is_enabled(&tk->tp)) {
1434 __unregister_trace_kprobe(tk);
1436 kfree(tk->tp.call.print_fmt);
1437 free_trace_kprobe(tk);
1439 #endif /* CONFIG_PERF_EVENTS */
1441 /* Make a tracefs interface for controlling probe points */
1442 static __init int init_kprobe_trace(void)
1444 struct dentry *d_tracer;
1445 struct dentry *entry;
1448 ret = dyn_event_register(&trace_kprobe_ops);
1452 if (register_module_notifier(&trace_kprobe_module_nb))
1455 d_tracer = tracing_init_dentry();
1456 if (IS_ERR(d_tracer))
1459 entry = tracefs_create_file("kprobe_events", 0644, d_tracer,
1460 NULL, &kprobe_events_ops);
1462 /* Event list interface */
1464 pr_warn("Could not create tracefs 'kprobe_events' entry\n");
1466 /* Profile interface */
1467 entry = tracefs_create_file("kprobe_profile", 0444, d_tracer,
1468 NULL, &kprobe_profile_ops);
1471 pr_warn("Could not create tracefs 'kprobe_profile' entry\n");
1474 fs_initcall(init_kprobe_trace);
1477 #ifdef CONFIG_FTRACE_STARTUP_TEST
1478 static __init struct trace_event_file *
1479 find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr)
1481 struct trace_event_file *file;
1483 list_for_each_entry(file, &tr->events, list)
1484 if (file->event_call == &tk->tp.call)
1491 * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this
1492 * stage, we can do this lockless.
1494 static __init int kprobe_trace_self_tests_init(void)
1497 int (*target)(int, int, int, int, int, int);
1498 struct trace_kprobe *tk;
1499 struct trace_event_file *file;
1501 if (tracing_is_disabled())
1504 target = kprobe_trace_selftest_target;
1506 pr_info("Testing kprobe tracing: ");
1508 ret = trace_run_command("p:testprobe kprobe_trace_selftest_target $stack $stack0 +0($stack)",
1509 create_or_delete_trace_kprobe);
1510 if (WARN_ON_ONCE(ret)) {
1511 pr_warn("error on probing function entry.\n");
1514 /* Enable trace point */
1515 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1516 if (WARN_ON_ONCE(tk == NULL)) {
1517 pr_warn("error on getting new probe.\n");
1520 file = find_trace_probe_file(tk, top_trace_array());
1521 if (WARN_ON_ONCE(file == NULL)) {
1522 pr_warn("error on getting probe file.\n");
1525 enable_trace_kprobe(tk, file);
1529 ret = trace_run_command("r:testprobe2 kprobe_trace_selftest_target $retval",
1530 create_or_delete_trace_kprobe);
1531 if (WARN_ON_ONCE(ret)) {
1532 pr_warn("error on probing function return.\n");
1535 /* Enable trace point */
1536 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1537 if (WARN_ON_ONCE(tk == NULL)) {
1538 pr_warn("error on getting 2nd new probe.\n");
1541 file = find_trace_probe_file(tk, top_trace_array());
1542 if (WARN_ON_ONCE(file == NULL)) {
1543 pr_warn("error on getting probe file.\n");
1546 enable_trace_kprobe(tk, file);
1553 ret = target(1, 2, 3, 4, 5, 6);
1556 * Not expecting an error here, the check is only to prevent the
1557 * optimizer from removing the call to target() as otherwise there
1558 * are no side-effects and the call is never performed.
1563 /* Disable trace points before removing it */
1564 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
1565 if (WARN_ON_ONCE(tk == NULL)) {
1566 pr_warn("error on getting test probe.\n");
1569 if (trace_kprobe_nhit(tk) != 1) {
1570 pr_warn("incorrect number of testprobe hits\n");
1574 file = find_trace_probe_file(tk, top_trace_array());
1575 if (WARN_ON_ONCE(file == NULL)) {
1576 pr_warn("error on getting probe file.\n");
1579 disable_trace_kprobe(tk, file);
1582 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
1583 if (WARN_ON_ONCE(tk == NULL)) {
1584 pr_warn("error on getting 2nd test probe.\n");
1587 if (trace_kprobe_nhit(tk) != 1) {
1588 pr_warn("incorrect number of testprobe2 hits\n");
1592 file = find_trace_probe_file(tk, top_trace_array());
1593 if (WARN_ON_ONCE(file == NULL)) {
1594 pr_warn("error on getting probe file.\n");
1597 disable_trace_kprobe(tk, file);
1600 ret = trace_run_command("-:testprobe", create_or_delete_trace_kprobe);
1601 if (WARN_ON_ONCE(ret)) {
1602 pr_warn("error on deleting a probe.\n");
1606 ret = trace_run_command("-:testprobe2", create_or_delete_trace_kprobe);
1607 if (WARN_ON_ONCE(ret)) {
1608 pr_warn("error on deleting a probe.\n");
1613 ret = dyn_events_release_all(&trace_kprobe_ops);
1614 if (WARN_ON_ONCE(ret)) {
1615 pr_warn("error on cleaning up probes.\n");
1619 * Wait for the optimizer work to finish. Otherwise it might fiddle
1620 * with probes in already freed __init text.
1622 wait_for_kprobe_optimizer();
1624 pr_cont("NG: Some tests are failed. Please check them.\n");
1630 late_initcall(kprobe_trace_self_tests_init);
git.samba.org / sfrench / cifs-2.6.git / blob