1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Kprobes-based tracing events |
4 | * |
5 | * Created by Masami Hiramatsu <mhiramat@redhat.com> |
6 | * |
7 | */ |
8 | #define pr_fmt(fmt) "trace_kprobe: " fmt |
9 | |
10 | #include <linux/bpf-cgroup.h> |
11 | #include <linux/security.h> |
12 | #include <linux/module.h> |
13 | #include <linux/uaccess.h> |
14 | #include <linux/rculist.h> |
15 | #include <linux/error-injection.h> |
16 | |
17 | #include <asm/setup.h> /* for COMMAND_LINE_SIZE */ |
18 | |
19 | #include "trace_dynevent.h" |
20 | #include "trace_kprobe_selftest.h" |
21 | #include "trace_probe.h" |
22 | #include "trace_probe_tmpl.h" |
23 | #include "trace_probe_kernel.h" |
24 | |
25 | #define KPROBE_EVENT_SYSTEM "kprobes" |
26 | #define KRETPROBE_MAXACTIVE_MAX 4096 |
27 | |
28 | /* Kprobe early definition from command line */ |
29 | static char kprobe_boot_events_buf[COMMAND_LINE_SIZE] __initdata; |
30 | |
31 | static int __init set_kprobe_boot_events(char *str) |
32 | { |
33 | strscpy(kprobe_boot_events_buf, str, COMMAND_LINE_SIZE); |
34 | disable_tracing_selftest(reason: "running kprobe events" ); |
35 | |
36 | return 1; |
37 | } |
38 | __setup("kprobe_event=" , set_kprobe_boot_events); |
39 | |
40 | static int trace_kprobe_create(const char *raw_command); |
41 | static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev); |
42 | static int trace_kprobe_release(struct dyn_event *ev); |
43 | static bool trace_kprobe_is_busy(struct dyn_event *ev); |
44 | static bool trace_kprobe_match(const char *system, const char *event, |
45 | int argc, const char **argv, struct dyn_event *ev); |
46 | |
47 | static struct dyn_event_operations trace_kprobe_ops = { |
48 | .create = trace_kprobe_create, |
49 | .show = trace_kprobe_show, |
50 | .is_busy = trace_kprobe_is_busy, |
51 | .free = trace_kprobe_release, |
52 | .match = trace_kprobe_match, |
53 | }; |
54 | |
55 | /* |
56 | * Kprobe event core functions |
57 | */ |
58 | struct trace_kprobe { |
59 | struct dyn_event devent; |
60 | struct kretprobe rp; /* Use rp.kp for kprobe use */ |
61 | unsigned long __percpu *nhit; |
62 | const char *symbol; /* symbol name */ |
63 | struct trace_probe tp; |
64 | }; |
65 | |
66 | static bool is_trace_kprobe(struct dyn_event *ev) |
67 | { |
68 | return ev->ops == &trace_kprobe_ops; |
69 | } |
70 | |
71 | static struct trace_kprobe *to_trace_kprobe(struct dyn_event *ev) |
72 | { |
73 | return container_of(ev, struct trace_kprobe, devent); |
74 | } |
75 | |
76 | /** |
77 | * for_each_trace_kprobe - iterate over the trace_kprobe list |
78 | * @pos: the struct trace_kprobe * for each entry |
79 | * @dpos: the struct dyn_event * to use as a loop cursor |
80 | */ |
81 | #define for_each_trace_kprobe(pos, dpos) \ |
82 | for_each_dyn_event(dpos) \ |
83 | if (is_trace_kprobe(dpos) && (pos = to_trace_kprobe(dpos))) |
84 | |
85 | static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk) |
86 | { |
87 | return tk->rp.handler != NULL; |
88 | } |
89 | |
90 | static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk) |
91 | { |
92 | return tk->symbol ? tk->symbol : "unknown" ; |
93 | } |
94 | |
95 | static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk) |
96 | { |
97 | return tk->rp.kp.offset; |
98 | } |
99 | |
100 | static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk) |
101 | { |
102 | return kprobe_gone(p: &tk->rp.kp); |
103 | } |
104 | |
105 | static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk, |
106 | struct module *mod) |
107 | { |
108 | int len = strlen(module_name(mod)); |
109 | const char *name = trace_kprobe_symbol(tk); |
110 | |
111 | return strncmp(module_name(mod), name, len) == 0 && name[len] == ':'; |
112 | } |
113 | |
114 | static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk) |
115 | { |
116 | char *p; |
117 | bool ret; |
118 | |
119 | if (!tk->symbol) |
120 | return false; |
121 | p = strchr(tk->symbol, ':'); |
122 | if (!p) |
123 | return true; |
124 | *p = '\0'; |
125 | rcu_read_lock_sched(); |
126 | ret = !!find_module(name: tk->symbol); |
127 | rcu_read_unlock_sched(); |
128 | *p = ':'; |
129 | |
130 | return ret; |
131 | } |
132 | |
133 | static bool trace_kprobe_is_busy(struct dyn_event *ev) |
134 | { |
135 | struct trace_kprobe *tk = to_trace_kprobe(ev); |
136 | |
137 | return trace_probe_is_enabled(tp: &tk->tp); |
138 | } |
139 | |
140 | static bool trace_kprobe_match_command_head(struct trace_kprobe *tk, |
141 | int argc, const char **argv) |
142 | { |
143 | char buf[MAX_ARGSTR_LEN + 1]; |
144 | |
145 | if (!argc) |
146 | return true; |
147 | |
148 | if (!tk->symbol) |
149 | snprintf(buf, size: sizeof(buf), fmt: "0x%p" , tk->rp.kp.addr); |
150 | else if (tk->rp.kp.offset) |
151 | snprintf(buf, size: sizeof(buf), fmt: "%s+%u" , |
152 | trace_kprobe_symbol(tk), tk->rp.kp.offset); |
153 | else |
154 | snprintf(buf, size: sizeof(buf), fmt: "%s" , trace_kprobe_symbol(tk)); |
155 | if (strcmp(buf, argv[0])) |
156 | return false; |
157 | argc--; argv++; |
158 | |
159 | return trace_probe_match_command_args(tp: &tk->tp, argc, argv); |
160 | } |
161 | |
162 | static bool trace_kprobe_match(const char *system, const char *event, |
163 | int argc, const char **argv, struct dyn_event *ev) |
164 | { |
165 | struct trace_kprobe *tk = to_trace_kprobe(ev); |
166 | |
167 | return (event[0] == '\0' || |
168 | strcmp(trace_probe_name(tp: &tk->tp), event) == 0) && |
169 | (!system || strcmp(trace_probe_group_name(tp: &tk->tp), system) == 0) && |
170 | trace_kprobe_match_command_head(tk, argc, argv); |
171 | } |
172 | |
173 | static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk) |
174 | { |
175 | unsigned long nhit = 0; |
176 | int cpu; |
177 | |
178 | for_each_possible_cpu(cpu) |
179 | nhit += *per_cpu_ptr(tk->nhit, cpu); |
180 | |
181 | return nhit; |
182 | } |
183 | |
184 | static nokprobe_inline bool trace_kprobe_is_registered(struct trace_kprobe *tk) |
185 | { |
186 | return !(list_empty(head: &tk->rp.kp.list) && |
187 | hlist_unhashed(h: &tk->rp.kp.hlist)); |
188 | } |
189 | |
190 | /* Return 0 if it fails to find the symbol address */ |
191 | static nokprobe_inline |
192 | unsigned long trace_kprobe_address(struct trace_kprobe *tk) |
193 | { |
194 | unsigned long addr; |
195 | |
196 | if (tk->symbol) { |
197 | addr = (unsigned long) |
198 | kallsyms_lookup_name(name: trace_kprobe_symbol(tk)); |
199 | if (addr) |
200 | addr += tk->rp.kp.offset; |
201 | } else { |
202 | addr = (unsigned long)tk->rp.kp.addr; |
203 | } |
204 | return addr; |
205 | } |
206 | |
207 | static nokprobe_inline struct trace_kprobe * |
208 | trace_kprobe_primary_from_call(struct trace_event_call *call) |
209 | { |
210 | struct trace_probe *tp; |
211 | |
212 | tp = trace_probe_primary_from_call(call); |
213 | if (WARN_ON_ONCE(!tp)) |
214 | return NULL; |
215 | |
216 | return container_of(tp, struct trace_kprobe, tp); |
217 | } |
218 | |
219 | bool trace_kprobe_on_func_entry(struct trace_event_call *call) |
220 | { |
221 | struct trace_kprobe *tk = trace_kprobe_primary_from_call(call); |
222 | |
223 | return tk ? (kprobe_on_func_entry(addr: tk->rp.kp.addr, |
224 | sym: tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name, |
225 | offset: tk->rp.kp.addr ? 0 : tk->rp.kp.offset) == 0) : false; |
226 | } |
227 | |
228 | bool trace_kprobe_error_injectable(struct trace_event_call *call) |
229 | { |
230 | struct trace_kprobe *tk = trace_kprobe_primary_from_call(call); |
231 | |
232 | return tk ? within_error_injection_list(addr: trace_kprobe_address(tk)) : |
233 | false; |
234 | } |
235 | |
236 | static int register_kprobe_event(struct trace_kprobe *tk); |
237 | static int unregister_kprobe_event(struct trace_kprobe *tk); |
238 | |
239 | static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs); |
240 | static int kretprobe_dispatcher(struct kretprobe_instance *ri, |
241 | struct pt_regs *regs); |
242 | |
243 | static void free_trace_kprobe(struct trace_kprobe *tk) |
244 | { |
245 | if (tk) { |
246 | trace_probe_cleanup(tp: &tk->tp); |
247 | kfree(objp: tk->symbol); |
248 | free_percpu(pdata: tk->nhit); |
249 | kfree(objp: tk); |
250 | } |
251 | } |
252 | |
253 | /* |
254 | * Allocate new trace_probe and initialize it (including kprobes). |
255 | */ |
256 | static struct trace_kprobe *alloc_trace_kprobe(const char *group, |
257 | const char *event, |
258 | void *addr, |
259 | const char *symbol, |
260 | unsigned long offs, |
261 | int maxactive, |
262 | int nargs, bool is_return) |
263 | { |
264 | struct trace_kprobe *tk; |
265 | int ret = -ENOMEM; |
266 | |
267 | tk = kzalloc(struct_size(tk, tp.args, nargs), GFP_KERNEL); |
268 | if (!tk) |
269 | return ERR_PTR(error: ret); |
270 | |
271 | tk->nhit = alloc_percpu(unsigned long); |
272 | if (!tk->nhit) |
273 | goto error; |
274 | |
275 | if (symbol) { |
276 | tk->symbol = kstrdup(s: symbol, GFP_KERNEL); |
277 | if (!tk->symbol) |
278 | goto error; |
279 | tk->rp.kp.symbol_name = tk->symbol; |
280 | tk->rp.kp.offset = offs; |
281 | } else |
282 | tk->rp.kp.addr = addr; |
283 | |
284 | if (is_return) |
285 | tk->rp.handler = kretprobe_dispatcher; |
286 | else |
287 | tk->rp.kp.pre_handler = kprobe_dispatcher; |
288 | |
289 | tk->rp.maxactive = maxactive; |
290 | INIT_HLIST_NODE(h: &tk->rp.kp.hlist); |
291 | INIT_LIST_HEAD(list: &tk->rp.kp.list); |
292 | |
293 | ret = trace_probe_init(tp: &tk->tp, event, group, alloc_filter: false, nargs); |
294 | if (ret < 0) |
295 | goto error; |
296 | |
297 | dyn_event_init(ev: &tk->devent, ops: &trace_kprobe_ops); |
298 | return tk; |
299 | error: |
300 | free_trace_kprobe(tk); |
301 | return ERR_PTR(error: ret); |
302 | } |
303 | |
304 | static struct trace_kprobe *find_trace_kprobe(const char *event, |
305 | const char *group) |
306 | { |
307 | struct dyn_event *pos; |
308 | struct trace_kprobe *tk; |
309 | |
310 | for_each_trace_kprobe(tk, pos) |
311 | if (strcmp(trace_probe_name(tp: &tk->tp), event) == 0 && |
312 | strcmp(trace_probe_group_name(tp: &tk->tp), group) == 0) |
313 | return tk; |
314 | return NULL; |
315 | } |
316 | |
317 | static inline int __enable_trace_kprobe(struct trace_kprobe *tk) |
318 | { |
319 | int ret = 0; |
320 | |
321 | if (trace_kprobe_is_registered(tk) && !trace_kprobe_has_gone(tk)) { |
322 | if (trace_kprobe_is_return(tk)) |
323 | ret = enable_kretprobe(rp: &tk->rp); |
324 | else |
325 | ret = enable_kprobe(kp: &tk->rp.kp); |
326 | } |
327 | |
328 | return ret; |
329 | } |
330 | |
331 | static void __disable_trace_kprobe(struct trace_probe *tp) |
332 | { |
333 | struct trace_kprobe *tk; |
334 | |
335 | list_for_each_entry(tk, trace_probe_probe_list(tp), tp.list) { |
336 | if (!trace_kprobe_is_registered(tk)) |
337 | continue; |
338 | if (trace_kprobe_is_return(tk)) |
339 | disable_kretprobe(rp: &tk->rp); |
340 | else |
341 | disable_kprobe(kp: &tk->rp.kp); |
342 | } |
343 | } |
344 | |
345 | /* |
346 | * Enable trace_probe |
347 | * if the file is NULL, enable "perf" handler, or enable "trace" handler. |
348 | */ |
349 | static int enable_trace_kprobe(struct trace_event_call *call, |
350 | struct trace_event_file *file) |
351 | { |
352 | struct trace_probe *tp; |
353 | struct trace_kprobe *tk; |
354 | bool enabled; |
355 | int ret = 0; |
356 | |
357 | tp = trace_probe_primary_from_call(call); |
358 | if (WARN_ON_ONCE(!tp)) |
359 | return -ENODEV; |
360 | enabled = trace_probe_is_enabled(tp); |
361 | |
362 | /* This also changes "enabled" state */ |
363 | if (file) { |
364 | ret = trace_probe_add_file(tp, file); |
365 | if (ret) |
366 | return ret; |
367 | } else |
368 | trace_probe_set_flag(tp, TP_FLAG_PROFILE); |
369 | |
370 | if (enabled) |
371 | return 0; |
372 | |
373 | list_for_each_entry(tk, trace_probe_probe_list(tp), tp.list) { |
374 | if (trace_kprobe_has_gone(tk)) |
375 | continue; |
376 | ret = __enable_trace_kprobe(tk); |
377 | if (ret) |
378 | break; |
379 | enabled = true; |
380 | } |
381 | |
382 | if (ret) { |
383 | /* Failed to enable one of them. Roll back all */ |
384 | if (enabled) |
385 | __disable_trace_kprobe(tp); |
386 | if (file) |
387 | trace_probe_remove_file(tp, file); |
388 | else |
389 | trace_probe_clear_flag(tp, TP_FLAG_PROFILE); |
390 | } |
391 | |
392 | return ret; |
393 | } |
394 | |
395 | /* |
396 | * Disable trace_probe |
397 | * if the file is NULL, disable "perf" handler, or disable "trace" handler. |
398 | */ |
399 | static int disable_trace_kprobe(struct trace_event_call *call, |
400 | struct trace_event_file *file) |
401 | { |
402 | struct trace_probe *tp; |
403 | |
404 | tp = trace_probe_primary_from_call(call); |
405 | if (WARN_ON_ONCE(!tp)) |
406 | return -ENODEV; |
407 | |
408 | if (file) { |
409 | if (!trace_probe_get_file_link(tp, file)) |
410 | return -ENOENT; |
411 | if (!trace_probe_has_single_file(tp)) |
412 | goto out; |
413 | trace_probe_clear_flag(tp, TP_FLAG_TRACE); |
414 | } else |
415 | trace_probe_clear_flag(tp, TP_FLAG_PROFILE); |
416 | |
417 | if (!trace_probe_is_enabled(tp)) |
418 | __disable_trace_kprobe(tp); |
419 | |
420 | out: |
421 | if (file) |
422 | /* |
423 | * Synchronization is done in below function. For perf event, |
424 | * file == NULL and perf_trace_event_unreg() calls |
425 | * tracepoint_synchronize_unregister() to ensure synchronize |
426 | * event. We don't need to care about it. |
427 | */ |
428 | trace_probe_remove_file(tp, file); |
429 | |
430 | return 0; |
431 | } |
432 | |
433 | #if defined(CONFIG_DYNAMIC_FTRACE) && \ |
434 | !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE) |
435 | static bool __within_notrace_func(unsigned long addr) |
436 | { |
437 | unsigned long offset, size; |
438 | |
439 | if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset)) |
440 | return false; |
441 | |
442 | /* Get the entry address of the target function */ |
443 | addr -= offset; |
444 | |
445 | /* |
446 | * Since ftrace_location_range() does inclusive range check, we need |
447 | * to subtract 1 byte from the end address. |
448 | */ |
449 | return !ftrace_location_range(addr, addr + size - 1); |
450 | } |
451 | |
452 | static bool within_notrace_func(struct trace_kprobe *tk) |
453 | { |
454 | unsigned long addr = trace_kprobe_address(tk); |
455 | char symname[KSYM_NAME_LEN], *p; |
456 | |
457 | if (!__within_notrace_func(addr)) |
458 | return false; |
459 | |
460 | /* Check if the address is on a suffixed-symbol */ |
461 | if (!lookup_symbol_name(addr, symname)) { |
462 | p = strchr(symname, '.'); |
463 | if (!p) |
464 | return true; |
465 | *p = '\0'; |
466 | addr = (unsigned long)kprobe_lookup_name(symname, 0); |
467 | if (addr) |
468 | return __within_notrace_func(addr); |
469 | } |
470 | |
471 | return true; |
472 | } |
473 | #else |
474 | #define within_notrace_func(tk) (false) |
475 | #endif |
476 | |
477 | /* Internal register function - just handle k*probes and flags */ |
478 | static int __register_trace_kprobe(struct trace_kprobe *tk) |
479 | { |
480 | int i, ret; |
481 | |
482 | ret = security_locked_down(what: LOCKDOWN_KPROBES); |
483 | if (ret) |
484 | return ret; |
485 | |
486 | if (trace_kprobe_is_registered(tk)) |
487 | return -EINVAL; |
488 | |
489 | if (within_notrace_func(tk)) { |
490 | pr_warn("Could not probe notrace function %ps\n" , |
491 | (void *)trace_kprobe_address(tk)); |
492 | return -EINVAL; |
493 | } |
494 | |
495 | for (i = 0; i < tk->tp.nr_args; i++) { |
496 | ret = traceprobe_update_arg(arg: &tk->tp.args[i]); |
497 | if (ret) |
498 | return ret; |
499 | } |
500 | |
501 | /* Set/clear disabled flag according to tp->flag */ |
502 | if (trace_probe_is_enabled(tp: &tk->tp)) |
503 | tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED; |
504 | else |
505 | tk->rp.kp.flags |= KPROBE_FLAG_DISABLED; |
506 | |
507 | if (trace_kprobe_is_return(tk)) |
508 | ret = register_kretprobe(rp: &tk->rp); |
509 | else |
510 | ret = register_kprobe(p: &tk->rp.kp); |
511 | |
512 | return ret; |
513 | } |
514 | |
515 | /* Internal unregister function - just handle k*probes and flags */ |
516 | static void __unregister_trace_kprobe(struct trace_kprobe *tk) |
517 | { |
518 | if (trace_kprobe_is_registered(tk)) { |
519 | if (trace_kprobe_is_return(tk)) |
520 | unregister_kretprobe(rp: &tk->rp); |
521 | else |
522 | unregister_kprobe(p: &tk->rp.kp); |
523 | /* Cleanup kprobe for reuse and mark it unregistered */ |
524 | INIT_HLIST_NODE(h: &tk->rp.kp.hlist); |
525 | INIT_LIST_HEAD(list: &tk->rp.kp.list); |
526 | if (tk->rp.kp.symbol_name) |
527 | tk->rp.kp.addr = NULL; |
528 | } |
529 | } |
530 | |
531 | /* Unregister a trace_probe and probe_event */ |
532 | static int unregister_trace_kprobe(struct trace_kprobe *tk) |
533 | { |
534 | /* If other probes are on the event, just unregister kprobe */ |
535 | if (trace_probe_has_sibling(tp: &tk->tp)) |
536 | goto unreg; |
537 | |
538 | /* Enabled event can not be unregistered */ |
539 | if (trace_probe_is_enabled(tp: &tk->tp)) |
540 | return -EBUSY; |
541 | |
542 | /* If there's a reference to the dynamic event */ |
543 | if (trace_event_dyn_busy(call: trace_probe_event_call(tp: &tk->tp))) |
544 | return -EBUSY; |
545 | |
546 | /* Will fail if probe is being used by ftrace or perf */ |
547 | if (unregister_kprobe_event(tk)) |
548 | return -EBUSY; |
549 | |
550 | unreg: |
551 | __unregister_trace_kprobe(tk); |
552 | dyn_event_remove(ev: &tk->devent); |
553 | trace_probe_unlink(tp: &tk->tp); |
554 | |
555 | return 0; |
556 | } |
557 | |
558 | static bool trace_kprobe_has_same_kprobe(struct trace_kprobe *orig, |
559 | struct trace_kprobe *comp) |
560 | { |
561 | struct trace_probe_event *tpe = orig->tp.event; |
562 | int i; |
563 | |
564 | list_for_each_entry(orig, &tpe->probes, tp.list) { |
565 | if (strcmp(trace_kprobe_symbol(tk: orig), |
566 | trace_kprobe_symbol(tk: comp)) || |
567 | trace_kprobe_offset(tk: orig) != trace_kprobe_offset(tk: comp)) |
568 | continue; |
569 | |
570 | /* |
571 | * trace_probe_compare_arg_type() ensured that nr_args and |
572 | * each argument name and type are same. Let's compare comm. |
573 | */ |
574 | for (i = 0; i < orig->tp.nr_args; i++) { |
575 | if (strcmp(orig->tp.args[i].comm, |
576 | comp->tp.args[i].comm)) |
577 | break; |
578 | } |
579 | |
580 | if (i == orig->tp.nr_args) |
581 | return true; |
582 | } |
583 | |
584 | return false; |
585 | } |
586 | |
587 | static int append_trace_kprobe(struct trace_kprobe *tk, struct trace_kprobe *to) |
588 | { |
589 | int ret; |
590 | |
591 | ret = trace_probe_compare_arg_type(a: &tk->tp, b: &to->tp); |
592 | if (ret) { |
593 | /* Note that argument starts index = 2 */ |
594 | trace_probe_log_set_index(index: ret + 1); |
595 | trace_probe_log_err(0, DIFF_ARG_TYPE); |
596 | return -EEXIST; |
597 | } |
598 | if (trace_kprobe_has_same_kprobe(orig: to, comp: tk)) { |
599 | trace_probe_log_set_index(index: 0); |
600 | trace_probe_log_err(0, SAME_PROBE); |
601 | return -EEXIST; |
602 | } |
603 | |
604 | /* Append to existing event */ |
605 | ret = trace_probe_append(tp: &tk->tp, to: &to->tp); |
606 | if (ret) |
607 | return ret; |
608 | |
609 | /* Register k*probe */ |
610 | ret = __register_trace_kprobe(tk); |
611 | if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) { |
612 | pr_warn("This probe might be able to register after target module is loaded. Continue.\n" ); |
613 | ret = 0; |
614 | } |
615 | |
616 | if (ret) |
617 | trace_probe_unlink(tp: &tk->tp); |
618 | else |
619 | dyn_event_add(ev: &tk->devent, call: trace_probe_event_call(tp: &tk->tp)); |
620 | |
621 | return ret; |
622 | } |
623 | |
624 | /* Register a trace_probe and probe_event */ |
625 | static int register_trace_kprobe(struct trace_kprobe *tk) |
626 | { |
627 | struct trace_kprobe *old_tk; |
628 | int ret; |
629 | |
630 | mutex_lock(&event_mutex); |
631 | |
632 | old_tk = find_trace_kprobe(event: trace_probe_name(tp: &tk->tp), |
633 | group: trace_probe_group_name(tp: &tk->tp)); |
634 | if (old_tk) { |
635 | if (trace_kprobe_is_return(tk) != trace_kprobe_is_return(tk: old_tk)) { |
636 | trace_probe_log_set_index(index: 0); |
637 | trace_probe_log_err(0, DIFF_PROBE_TYPE); |
638 | ret = -EEXIST; |
639 | } else { |
640 | ret = append_trace_kprobe(tk, to: old_tk); |
641 | } |
642 | goto end; |
643 | } |
644 | |
645 | /* Register new event */ |
646 | ret = register_kprobe_event(tk); |
647 | if (ret) { |
648 | if (ret == -EEXIST) { |
649 | trace_probe_log_set_index(index: 0); |
650 | trace_probe_log_err(0, EVENT_EXIST); |
651 | } else |
652 | pr_warn("Failed to register probe event(%d)\n" , ret); |
653 | goto end; |
654 | } |
655 | |
656 | /* Register k*probe */ |
657 | ret = __register_trace_kprobe(tk); |
658 | if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) { |
659 | pr_warn("This probe might be able to register after target module is loaded. Continue.\n" ); |
660 | ret = 0; |
661 | } |
662 | |
663 | if (ret < 0) |
664 | unregister_kprobe_event(tk); |
665 | else |
666 | dyn_event_add(ev: &tk->devent, call: trace_probe_event_call(tp: &tk->tp)); |
667 | |
668 | end: |
669 | mutex_unlock(lock: &event_mutex); |
670 | return ret; |
671 | } |
672 | |
673 | /* Module notifier call back, checking event on the module */ |
674 | static int trace_kprobe_module_callback(struct notifier_block *nb, |
675 | unsigned long val, void *data) |
676 | { |
677 | struct module *mod = data; |
678 | struct dyn_event *pos; |
679 | struct trace_kprobe *tk; |
680 | int ret; |
681 | |
682 | if (val != MODULE_STATE_COMING) |
683 | return NOTIFY_DONE; |
684 | |
685 | /* Update probes on coming module */ |
686 | mutex_lock(&event_mutex); |
687 | for_each_trace_kprobe(tk, pos) { |
688 | if (trace_kprobe_within_module(tk, mod)) { |
689 | /* Don't need to check busy - this should have gone. */ |
690 | __unregister_trace_kprobe(tk); |
691 | ret = __register_trace_kprobe(tk); |
692 | if (ret) |
693 | pr_warn("Failed to re-register probe %s on %s: %d\n" , |
694 | trace_probe_name(&tk->tp), |
695 | module_name(mod), ret); |
696 | } |
697 | } |
698 | mutex_unlock(lock: &event_mutex); |
699 | |
700 | return NOTIFY_DONE; |
701 | } |
702 | |
703 | static struct notifier_block trace_kprobe_module_nb = { |
704 | .notifier_call = trace_kprobe_module_callback, |
705 | .priority = 1 /* Invoked after kprobe module callback */ |
706 | }; |
707 | |
708 | static int count_symbols(void *data, unsigned long unused) |
709 | { |
710 | unsigned int *count = data; |
711 | |
712 | (*count)++; |
713 | |
714 | return 0; |
715 | } |
716 | |
717 | struct sym_count_ctx { |
718 | unsigned int count; |
719 | const char *name; |
720 | }; |
721 | |
722 | static int count_mod_symbols(void *data, const char *name, unsigned long unused) |
723 | { |
724 | struct sym_count_ctx *ctx = data; |
725 | |
726 | if (strcmp(name, ctx->name) == 0) |
727 | ctx->count++; |
728 | |
729 | return 0; |
730 | } |
731 | |
732 | static unsigned int number_of_same_symbols(char *func_name) |
733 | { |
734 | struct sym_count_ctx ctx = { .count = 0, .name = func_name }; |
735 | |
736 | kallsyms_on_each_match_symbol(fn: count_symbols, name: func_name, data: &ctx.count); |
737 | |
738 | module_kallsyms_on_each_symbol(NULL, fn: count_mod_symbols, data: &ctx); |
739 | |
740 | return ctx.count; |
741 | } |
742 | |
743 | static int trace_kprobe_entry_handler(struct kretprobe_instance *ri, |
744 | struct pt_regs *regs); |
745 | |
746 | static int __trace_kprobe_create(int argc, const char *argv[]) |
747 | { |
748 | /* |
749 | * Argument syntax: |
750 | * - Add kprobe: |
751 | * p[:[GRP/][EVENT]] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS] |
752 | * - Add kretprobe: |
753 | * r[MAXACTIVE][:[GRP/][EVENT]] [MOD:]KSYM[+0] [FETCHARGS] |
754 | * Or |
755 | * p[:[GRP/][EVENT]] [MOD:]KSYM[+0]%return [FETCHARGS] |
756 | * |
757 | * Fetch args: |
758 | * $retval : fetch return value |
759 | * $stack : fetch stack address |
760 | * $stackN : fetch Nth of stack (N:0-) |
761 | * $comm : fetch current task comm |
762 | * @ADDR : fetch memory at ADDR (ADDR should be in kernel) |
763 | * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol) |
764 | * %REG : fetch register REG |
765 | * Dereferencing memory fetch: |
766 | * +|-offs(ARG) : fetch memory at ARG +|- offs address. |
767 | * Alias name of args: |
768 | * NAME=FETCHARG : set NAME as alias of FETCHARG. |
769 | * Type of args: |
770 | * FETCHARG:TYPE : use TYPE instead of unsigned long. |
771 | */ |
772 | struct trace_kprobe *tk = NULL; |
773 | int i, len, new_argc = 0, ret = 0; |
774 | bool is_return = false; |
775 | char *symbol = NULL, *tmp = NULL; |
776 | const char **new_argv = NULL; |
777 | const char *event = NULL, *group = KPROBE_EVENT_SYSTEM; |
778 | enum probe_print_type ptype; |
779 | int maxactive = 0; |
780 | long offset = 0; |
781 | void *addr = NULL; |
782 | char buf[MAX_EVENT_NAME_LEN]; |
783 | char gbuf[MAX_EVENT_NAME_LEN]; |
784 | char abuf[MAX_BTF_ARGS_LEN]; |
785 | struct traceprobe_parse_context ctx = { .flags = TPARG_FL_KERNEL }; |
786 | |
787 | switch (argv[0][0]) { |
788 | case 'r': |
789 | is_return = true; |
790 | break; |
791 | case 'p': |
792 | break; |
793 | default: |
794 | return -ECANCELED; |
795 | } |
796 | if (argc < 2) |
797 | return -ECANCELED; |
798 | |
799 | trace_probe_log_init(subsystem: "trace_kprobe" , argc, argv); |
800 | |
801 | event = strchr(&argv[0][1], ':'); |
802 | if (event) |
803 | event++; |
804 | |
805 | if (isdigit(c: argv[0][1])) { |
806 | if (!is_return) { |
807 | trace_probe_log_err(1, BAD_MAXACT_TYPE); |
808 | goto parse_error; |
809 | } |
810 | if (event) |
811 | len = event - &argv[0][1] - 1; |
812 | else |
813 | len = strlen(&argv[0][1]); |
814 | if (len > MAX_EVENT_NAME_LEN - 1) { |
815 | trace_probe_log_err(1, BAD_MAXACT); |
816 | goto parse_error; |
817 | } |
818 | memcpy(buf, &argv[0][1], len); |
819 | buf[len] = '\0'; |
820 | ret = kstrtouint(s: buf, base: 0, res: &maxactive); |
821 | if (ret || !maxactive) { |
822 | trace_probe_log_err(1, BAD_MAXACT); |
823 | goto parse_error; |
824 | } |
825 | /* kretprobes instances are iterated over via a list. The |
826 | * maximum should stay reasonable. |
827 | */ |
828 | if (maxactive > KRETPROBE_MAXACTIVE_MAX) { |
829 | trace_probe_log_err(1, MAXACT_TOO_BIG); |
830 | goto parse_error; |
831 | } |
832 | } |
833 | |
834 | /* try to parse an address. if that fails, try to read the |
835 | * input as a symbol. */ |
836 | if (kstrtoul(s: argv[1], base: 0, res: (unsigned long *)&addr)) { |
837 | trace_probe_log_set_index(index: 1); |
838 | /* Check whether uprobe event specified */ |
839 | if (strchr(argv[1], '/') && strchr(argv[1], ':')) { |
840 | ret = -ECANCELED; |
841 | goto error; |
842 | } |
843 | /* a symbol specified */ |
844 | symbol = kstrdup(s: argv[1], GFP_KERNEL); |
845 | if (!symbol) |
846 | return -ENOMEM; |
847 | |
848 | tmp = strchr(symbol, '%'); |
849 | if (tmp) { |
850 | if (!strcmp(tmp, "%return" )) { |
851 | *tmp = '\0'; |
852 | is_return = true; |
853 | } else { |
854 | trace_probe_log_err(tmp - symbol, BAD_ADDR_SUFFIX); |
855 | goto parse_error; |
856 | } |
857 | } |
858 | |
859 | /* TODO: support .init module functions */ |
860 | ret = traceprobe_split_symbol_offset(symbol, offset: &offset); |
861 | if (ret || offset < 0 || offset > UINT_MAX) { |
862 | trace_probe_log_err(0, BAD_PROBE_ADDR); |
863 | goto parse_error; |
864 | } |
865 | if (is_return) |
866 | ctx.flags |= TPARG_FL_RETURN; |
867 | ret = kprobe_on_func_entry(NULL, sym: symbol, offset); |
868 | if (ret == 0 && !is_return) |
869 | ctx.flags |= TPARG_FL_FENTRY; |
870 | /* Defer the ENOENT case until register kprobe */ |
871 | if (ret == -EINVAL && is_return) { |
872 | trace_probe_log_err(0, BAD_RETPROBE); |
873 | goto parse_error; |
874 | } |
875 | } |
876 | |
877 | if (symbol && !strchr(symbol, ':')) { |
878 | unsigned int count; |
879 | |
880 | count = number_of_same_symbols(func_name: symbol); |
881 | if (count > 1) { |
882 | /* |
883 | * Users should use ADDR to remove the ambiguity of |
884 | * using KSYM only. |
885 | */ |
886 | trace_probe_log_err(0, NON_UNIQ_SYMBOL); |
887 | ret = -EADDRNOTAVAIL; |
888 | |
889 | goto error; |
890 | } else if (count == 0) { |
891 | /* |
892 | * We can return ENOENT earlier than when register the |
893 | * kprobe. |
894 | */ |
895 | trace_probe_log_err(0, BAD_PROBE_ADDR); |
896 | ret = -ENOENT; |
897 | |
898 | goto error; |
899 | } |
900 | } |
901 | |
902 | trace_probe_log_set_index(index: 0); |
903 | if (event) { |
904 | ret = traceprobe_parse_event_name(pevent: &event, pgroup: &group, buf: gbuf, |
905 | offset: event - argv[0]); |
906 | if (ret) |
907 | goto parse_error; |
908 | } |
909 | |
910 | if (!event) { |
911 | /* Make a new event name */ |
912 | if (symbol) |
913 | snprintf(buf, MAX_EVENT_NAME_LEN, fmt: "%c_%s_%ld" , |
914 | is_return ? 'r' : 'p', symbol, offset); |
915 | else |
916 | snprintf(buf, MAX_EVENT_NAME_LEN, fmt: "%c_0x%p" , |
917 | is_return ? 'r' : 'p', addr); |
918 | sanitize_event_name(name: buf); |
919 | event = buf; |
920 | } |
921 | |
922 | argc -= 2; argv += 2; |
923 | ctx.funcname = symbol; |
924 | new_argv = traceprobe_expand_meta_args(argc, argv, new_argc: &new_argc, |
925 | buf: abuf, MAX_BTF_ARGS_LEN, ctx: &ctx); |
926 | if (IS_ERR(ptr: new_argv)) { |
927 | ret = PTR_ERR(ptr: new_argv); |
928 | new_argv = NULL; |
929 | goto out; |
930 | } |
931 | if (new_argv) { |
932 | argc = new_argc; |
933 | argv = new_argv; |
934 | } |
935 | |
936 | /* setup a probe */ |
937 | tk = alloc_trace_kprobe(group, event, addr, symbol, offs: offset, maxactive, |
938 | nargs: argc, is_return); |
939 | if (IS_ERR(ptr: tk)) { |
940 | ret = PTR_ERR(ptr: tk); |
941 | /* This must return -ENOMEM, else there is a bug */ |
942 | WARN_ON_ONCE(ret != -ENOMEM); |
943 | goto out; /* We know tk is not allocated */ |
944 | } |
945 | |
946 | /* parse arguments */ |
947 | for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) { |
948 | trace_probe_log_set_index(index: i + 2); |
949 | ctx.offset = 0; |
950 | ret = traceprobe_parse_probe_arg(tp: &tk->tp, i, argv: argv[i], ctx: &ctx); |
951 | if (ret) |
952 | goto error; /* This can be -ENOMEM */ |
953 | } |
954 | /* entry handler for kretprobe */ |
955 | if (is_return && tk->tp.entry_arg) { |
956 | tk->rp.entry_handler = trace_kprobe_entry_handler; |
957 | tk->rp.data_size = traceprobe_get_entry_data_size(tp: &tk->tp); |
958 | } |
959 | |
960 | ptype = is_return ? PROBE_PRINT_RETURN : PROBE_PRINT_NORMAL; |
961 | ret = traceprobe_set_print_fmt(tp: &tk->tp, ptype); |
962 | if (ret < 0) |
963 | goto error; |
964 | |
965 | ret = register_trace_kprobe(tk); |
966 | if (ret) { |
967 | trace_probe_log_set_index(index: 1); |
968 | if (ret == -EILSEQ) |
969 | trace_probe_log_err(0, BAD_INSN_BNDRY); |
970 | else if (ret == -ENOENT) |
971 | trace_probe_log_err(0, BAD_PROBE_ADDR); |
972 | else if (ret != -ENOMEM && ret != -EEXIST) |
973 | trace_probe_log_err(0, FAIL_REG_PROBE); |
974 | goto error; |
975 | } |
976 | |
977 | out: |
978 | traceprobe_finish_parse(ctx: &ctx); |
979 | trace_probe_log_clear(); |
980 | kfree(objp: new_argv); |
981 | kfree(objp: symbol); |
982 | return ret; |
983 | |
984 | parse_error: |
985 | ret = -EINVAL; |
986 | error: |
987 | free_trace_kprobe(tk); |
988 | goto out; |
989 | } |
990 | |
991 | static int trace_kprobe_create(const char *raw_command) |
992 | { |
993 | return trace_probe_create(raw_command, createfn: __trace_kprobe_create); |
994 | } |
995 | |
996 | static int create_or_delete_trace_kprobe(const char *raw_command) |
997 | { |
998 | int ret; |
999 | |
1000 | if (raw_command[0] == '-') |
1001 | return dyn_event_release(raw_command, type: &trace_kprobe_ops); |
1002 | |
1003 | ret = trace_kprobe_create(raw_command); |
1004 | return ret == -ECANCELED ? -EINVAL : ret; |
1005 | } |
1006 | |
1007 | static int trace_kprobe_run_command(struct dynevent_cmd *cmd) |
1008 | { |
1009 | return create_or_delete_trace_kprobe(raw_command: cmd->seq.buffer); |
1010 | } |
1011 | |
1012 | /** |
1013 | * kprobe_event_cmd_init - Initialize a kprobe event command object |
1014 | * @cmd: A pointer to the dynevent_cmd struct representing the new event |
1015 | * @buf: A pointer to the buffer used to build the command |
1016 | * @maxlen: The length of the buffer passed in @buf |
1017 | * |
1018 | * Initialize a synthetic event command object. Use this before |
1019 | * calling any of the other kprobe_event functions. |
1020 | */ |
1021 | void kprobe_event_cmd_init(struct dynevent_cmd *cmd, char *buf, int maxlen) |
1022 | { |
1023 | dynevent_cmd_init(cmd, buf, maxlen, type: DYNEVENT_TYPE_KPROBE, |
1024 | run_command: trace_kprobe_run_command); |
1025 | } |
1026 | EXPORT_SYMBOL_GPL(kprobe_event_cmd_init); |
1027 | |
1028 | /** |
1029 | * __kprobe_event_gen_cmd_start - Generate a kprobe event command from arg list |
1030 | * @cmd: A pointer to the dynevent_cmd struct representing the new event |
1031 | * @kretprobe: Is this a return probe? |
1032 | * @name: The name of the kprobe event |
1033 | * @loc: The location of the kprobe event |
1034 | * @...: Variable number of arg (pairs), one pair for each field |
1035 | * |
1036 | * NOTE: Users normally won't want to call this function directly, but |
1037 | * rather use the kprobe_event_gen_cmd_start() wrapper, which automatically |
1038 | * adds a NULL to the end of the arg list. If this function is used |
1039 | * directly, make sure the last arg in the variable arg list is NULL. |
1040 | * |
1041 | * Generate a kprobe event command to be executed by |
1042 | * kprobe_event_gen_cmd_end(). This function can be used to generate the |
1043 | * complete command or only the first part of it; in the latter case, |
1044 | * kprobe_event_add_fields() can be used to add more fields following this. |
1045 | * |
1046 | * Unlikely the synth_event_gen_cmd_start(), @loc must be specified. This |
1047 | * returns -EINVAL if @loc == NULL. |
1048 | * |
1049 | * Return: 0 if successful, error otherwise. |
1050 | */ |
1051 | int __kprobe_event_gen_cmd_start(struct dynevent_cmd *cmd, bool kretprobe, |
1052 | const char *name, const char *loc, ...) |
1053 | { |
1054 | char buf[MAX_EVENT_NAME_LEN]; |
1055 | struct dynevent_arg arg; |
1056 | va_list args; |
1057 | int ret; |
1058 | |
1059 | if (cmd->type != DYNEVENT_TYPE_KPROBE) |
1060 | return -EINVAL; |
1061 | |
1062 | if (!loc) |
1063 | return -EINVAL; |
1064 | |
1065 | if (kretprobe) |
1066 | snprintf(buf, MAX_EVENT_NAME_LEN, fmt: "r:kprobes/%s" , name); |
1067 | else |
1068 | snprintf(buf, MAX_EVENT_NAME_LEN, fmt: "p:kprobes/%s" , name); |
1069 | |
1070 | ret = dynevent_str_add(cmd, str: buf); |
1071 | if (ret) |
1072 | return ret; |
1073 | |
1074 | dynevent_arg_init(arg: &arg, separator: 0); |
1075 | arg.str = loc; |
1076 | ret = dynevent_arg_add(cmd, arg: &arg, NULL); |
1077 | if (ret) |
1078 | return ret; |
1079 | |
1080 | va_start(args, loc); |
1081 | for (;;) { |
1082 | const char *field; |
1083 | |
1084 | field = va_arg(args, const char *); |
1085 | if (!field) |
1086 | break; |
1087 | |
1088 | if (++cmd->n_fields > MAX_TRACE_ARGS) { |
1089 | ret = -EINVAL; |
1090 | break; |
1091 | } |
1092 | |
1093 | arg.str = field; |
1094 | ret = dynevent_arg_add(cmd, arg: &arg, NULL); |
1095 | if (ret) |
1096 | break; |
1097 | } |
1098 | va_end(args); |
1099 | |
1100 | return ret; |
1101 | } |
1102 | EXPORT_SYMBOL_GPL(__kprobe_event_gen_cmd_start); |
1103 | |
1104 | /** |
1105 | * __kprobe_event_add_fields - Add probe fields to a kprobe command from arg list |
1106 | * @cmd: A pointer to the dynevent_cmd struct representing the new event |
1107 | * @...: Variable number of arg (pairs), one pair for each field |
1108 | * |
1109 | * NOTE: Users normally won't want to call this function directly, but |
1110 | * rather use the kprobe_event_add_fields() wrapper, which |
1111 | * automatically adds a NULL to the end of the arg list. If this |
1112 | * function is used directly, make sure the last arg in the variable |
1113 | * arg list is NULL. |
1114 | * |
1115 | * Add probe fields to an existing kprobe command using a variable |
1116 | * list of args. Fields are added in the same order they're listed. |
1117 | * |
1118 | * Return: 0 if successful, error otherwise. |
1119 | */ |
1120 | int __kprobe_event_add_fields(struct dynevent_cmd *cmd, ...) |
1121 | { |
1122 | struct dynevent_arg arg; |
1123 | va_list args; |
1124 | int ret = 0; |
1125 | |
1126 | if (cmd->type != DYNEVENT_TYPE_KPROBE) |
1127 | return -EINVAL; |
1128 | |
1129 | dynevent_arg_init(arg: &arg, separator: 0); |
1130 | |
1131 | va_start(args, cmd); |
1132 | for (;;) { |
1133 | const char *field; |
1134 | |
1135 | field = va_arg(args, const char *); |
1136 | if (!field) |
1137 | break; |
1138 | |
1139 | if (++cmd->n_fields > MAX_TRACE_ARGS) { |
1140 | ret = -EINVAL; |
1141 | break; |
1142 | } |
1143 | |
1144 | arg.str = field; |
1145 | ret = dynevent_arg_add(cmd, arg: &arg, NULL); |
1146 | if (ret) |
1147 | break; |
1148 | } |
1149 | va_end(args); |
1150 | |
1151 | return ret; |
1152 | } |
1153 | EXPORT_SYMBOL_GPL(__kprobe_event_add_fields); |
1154 | |
1155 | /** |
1156 | * kprobe_event_delete - Delete a kprobe event |
1157 | * @name: The name of the kprobe event to delete |
1158 | * |
1159 | * Delete a kprobe event with the give @name from kernel code rather |
1160 | * than directly from the command line. |
1161 | * |
1162 | * Return: 0 if successful, error otherwise. |
1163 | */ |
1164 | int kprobe_event_delete(const char *name) |
1165 | { |
1166 | char buf[MAX_EVENT_NAME_LEN]; |
1167 | |
1168 | snprintf(buf, MAX_EVENT_NAME_LEN, fmt: "-:%s" , name); |
1169 | |
1170 | return create_or_delete_trace_kprobe(raw_command: buf); |
1171 | } |
1172 | EXPORT_SYMBOL_GPL(kprobe_event_delete); |
1173 | |
1174 | static int trace_kprobe_release(struct dyn_event *ev) |
1175 | { |
1176 | struct trace_kprobe *tk = to_trace_kprobe(ev); |
1177 | int ret = unregister_trace_kprobe(tk); |
1178 | |
1179 | if (!ret) |
1180 | free_trace_kprobe(tk); |
1181 | return ret; |
1182 | } |
1183 | |
1184 | static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev) |
1185 | { |
1186 | struct trace_kprobe *tk = to_trace_kprobe(ev); |
1187 | int i; |
1188 | |
1189 | seq_putc(m, c: trace_kprobe_is_return(tk) ? 'r' : 'p'); |
1190 | if (trace_kprobe_is_return(tk) && tk->rp.maxactive) |
1191 | seq_printf(m, fmt: "%d" , tk->rp.maxactive); |
1192 | seq_printf(m, fmt: ":%s/%s" , trace_probe_group_name(tp: &tk->tp), |
1193 | trace_probe_name(tp: &tk->tp)); |
1194 | |
1195 | if (!tk->symbol) |
1196 | seq_printf(m, fmt: " 0x%p" , tk->rp.kp.addr); |
1197 | else if (tk->rp.kp.offset) |
1198 | seq_printf(m, fmt: " %s+%u" , trace_kprobe_symbol(tk), |
1199 | tk->rp.kp.offset); |
1200 | else |
1201 | seq_printf(m, fmt: " %s" , trace_kprobe_symbol(tk)); |
1202 | |
1203 | for (i = 0; i < tk->tp.nr_args; i++) |
1204 | seq_printf(m, fmt: " %s=%s" , tk->tp.args[i].name, tk->tp.args[i].comm); |
1205 | seq_putc(m, c: '\n'); |
1206 | |
1207 | return 0; |
1208 | } |
1209 | |
1210 | static int probes_seq_show(struct seq_file *m, void *v) |
1211 | { |
1212 | struct dyn_event *ev = v; |
1213 | |
1214 | if (!is_trace_kprobe(ev)) |
1215 | return 0; |
1216 | |
1217 | return trace_kprobe_show(m, ev); |
1218 | } |
1219 | |
1220 | static const struct seq_operations probes_seq_op = { |
1221 | .start = dyn_event_seq_start, |
1222 | .next = dyn_event_seq_next, |
1223 | .stop = dyn_event_seq_stop, |
1224 | .show = probes_seq_show |
1225 | }; |
1226 | |
1227 | static int probes_open(struct inode *inode, struct file *file) |
1228 | { |
1229 | int ret; |
1230 | |
1231 | ret = security_locked_down(what: LOCKDOWN_TRACEFS); |
1232 | if (ret) |
1233 | return ret; |
1234 | |
1235 | if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) { |
1236 | ret = dyn_events_release_all(type: &trace_kprobe_ops); |
1237 | if (ret < 0) |
1238 | return ret; |
1239 | } |
1240 | |
1241 | return seq_open(file, &probes_seq_op); |
1242 | } |
1243 | |
1244 | static ssize_t probes_write(struct file *file, const char __user *buffer, |
1245 | size_t count, loff_t *ppos) |
1246 | { |
1247 | return trace_parse_run_command(file, buffer, count, ppos, |
1248 | createfn: create_or_delete_trace_kprobe); |
1249 | } |
1250 | |
1251 | static const struct file_operations kprobe_events_ops = { |
1252 | .owner = THIS_MODULE, |
1253 | .open = probes_open, |
1254 | .read = seq_read, |
1255 | .llseek = seq_lseek, |
1256 | .release = seq_release, |
1257 | .write = probes_write, |
1258 | }; |
1259 | |
1260 | static unsigned long trace_kprobe_missed(struct trace_kprobe *tk) |
1261 | { |
1262 | return trace_kprobe_is_return(tk) ? |
1263 | tk->rp.kp.nmissed + tk->rp.nmissed : tk->rp.kp.nmissed; |
1264 | } |
1265 | |
1266 | /* Probes profiling interfaces */ |
1267 | static int probes_profile_seq_show(struct seq_file *m, void *v) |
1268 | { |
1269 | struct dyn_event *ev = v; |
1270 | struct trace_kprobe *tk; |
1271 | unsigned long nmissed; |
1272 | |
1273 | if (!is_trace_kprobe(ev)) |
1274 | return 0; |
1275 | |
1276 | tk = to_trace_kprobe(ev); |
1277 | nmissed = trace_kprobe_missed(tk); |
1278 | seq_printf(m, fmt: " %-44s %15lu %15lu\n" , |
1279 | trace_probe_name(tp: &tk->tp), |
1280 | trace_kprobe_nhit(tk), |
1281 | nmissed); |
1282 | |
1283 | return 0; |
1284 | } |
1285 | |
1286 | static const struct seq_operations profile_seq_op = { |
1287 | .start = dyn_event_seq_start, |
1288 | .next = dyn_event_seq_next, |
1289 | .stop = dyn_event_seq_stop, |
1290 | .show = probes_profile_seq_show |
1291 | }; |
1292 | |
1293 | static int profile_open(struct inode *inode, struct file *file) |
1294 | { |
1295 | int ret; |
1296 | |
1297 | ret = security_locked_down(what: LOCKDOWN_TRACEFS); |
1298 | if (ret) |
1299 | return ret; |
1300 | |
1301 | return seq_open(file, &profile_seq_op); |
1302 | } |
1303 | |
1304 | static const struct file_operations kprobe_profile_ops = { |
1305 | .owner = THIS_MODULE, |
1306 | .open = profile_open, |
1307 | .read = seq_read, |
1308 | .llseek = seq_lseek, |
1309 | .release = seq_release, |
1310 | }; |
1311 | |
1312 | /* Note that we don't verify it, since the code does not come from user space */ |
1313 | static int |
1314 | process_fetch_insn(struct fetch_insn *code, void *rec, void *edata, |
1315 | void *dest, void *base) |
1316 | { |
1317 | struct pt_regs *regs = rec; |
1318 | unsigned long val; |
1319 | int ret; |
1320 | |
1321 | retry: |
1322 | /* 1st stage: get value from context */ |
1323 | switch (code->op) { |
1324 | case FETCH_OP_REG: |
1325 | val = regs_get_register(regs, offset: code->param); |
1326 | break; |
1327 | case FETCH_OP_STACK: |
1328 | val = regs_get_kernel_stack_nth(regs, n: code->param); |
1329 | break; |
1330 | case FETCH_OP_STACKP: |
1331 | val = kernel_stack_pointer(regs); |
1332 | break; |
1333 | case FETCH_OP_RETVAL: |
1334 | val = regs_return_value(regs); |
1335 | break; |
1336 | #ifdef CONFIG_HAVE_FUNCTION_ARG_ACCESS_API |
1337 | case FETCH_OP_ARG: |
1338 | val = regs_get_kernel_argument(regs, n: code->param); |
1339 | break; |
1340 | case FETCH_OP_EDATA: |
1341 | val = *(unsigned long *)((unsigned long)edata + code->offset); |
1342 | break; |
1343 | #endif |
1344 | case FETCH_NOP_SYMBOL: /* Ignore a place holder */ |
1345 | code++; |
1346 | goto retry; |
1347 | default: |
1348 | ret = process_common_fetch_insn(code, val: &val); |
1349 | if (ret < 0) |
1350 | return ret; |
1351 | } |
1352 | code++; |
1353 | |
1354 | return process_fetch_insn_bottom(code, val, dest, base); |
1355 | } |
1356 | NOKPROBE_SYMBOL(process_fetch_insn) |
1357 | |
1358 | /* Kprobe handler */ |
1359 | static nokprobe_inline void |
1360 | __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs, |
1361 | struct trace_event_file *trace_file) |
1362 | { |
1363 | struct kprobe_trace_entry_head *entry; |
1364 | struct trace_event_call *call = trace_probe_event_call(tp: &tk->tp); |
1365 | struct trace_event_buffer fbuffer; |
1366 | int dsize; |
1367 | |
1368 | WARN_ON(call != trace_file->event_call); |
1369 | |
1370 | if (trace_trigger_soft_disabled(file: trace_file)) |
1371 | return; |
1372 | |
1373 | dsize = __get_data_size(tp: &tk->tp, regs, NULL); |
1374 | |
1375 | entry = trace_event_buffer_reserve(fbuffer: &fbuffer, trace_file, |
1376 | len: sizeof(*entry) + tk->tp.size + dsize); |
1377 | if (!entry) |
1378 | return; |
1379 | |
1380 | fbuffer.regs = regs; |
1381 | entry->ip = (unsigned long)tk->rp.kp.addr; |
1382 | store_trace_args(data: &entry[1], tp: &tk->tp, rec: regs, NULL, header_size: sizeof(*entry), maxlen: dsize); |
1383 | |
1384 | trace_event_buffer_commit(fbuffer: &fbuffer); |
1385 | } |
1386 | |
1387 | static void |
1388 | kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs) |
1389 | { |
1390 | struct event_file_link *link; |
1391 | |
1392 | trace_probe_for_each_link_rcu(link, &tk->tp) |
1393 | __kprobe_trace_func(tk, regs, trace_file: link->file); |
1394 | } |
1395 | NOKPROBE_SYMBOL(kprobe_trace_func); |
1396 | |
1397 | /* Kretprobe handler */ |
1398 | |
1399 | static int trace_kprobe_entry_handler(struct kretprobe_instance *ri, |
1400 | struct pt_regs *regs) |
1401 | { |
1402 | struct kretprobe *rp = get_kretprobe(ri); |
1403 | struct trace_kprobe *tk; |
1404 | |
1405 | /* |
1406 | * There is a small chance that get_kretprobe(ri) returns NULL when |
1407 | * the kretprobe is unregister on another CPU between kretprobe's |
1408 | * trampoline_handler and this function. |
1409 | */ |
1410 | if (unlikely(!rp)) |
1411 | return -ENOENT; |
1412 | |
1413 | tk = container_of(rp, struct trace_kprobe, rp); |
1414 | |
1415 | /* store argument values into ri->data as entry data */ |
1416 | if (tk->tp.entry_arg) |
1417 | store_trace_entry_data(edata: ri->data, tp: &tk->tp, regs); |
1418 | |
1419 | return 0; |
1420 | } |
1421 | |
1422 | |
1423 | static nokprobe_inline void |
1424 | __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, |
1425 | struct pt_regs *regs, |
1426 | struct trace_event_file *trace_file) |
1427 | { |
1428 | struct kretprobe_trace_entry_head *entry; |
1429 | struct trace_event_buffer fbuffer; |
1430 | struct trace_event_call *call = trace_probe_event_call(tp: &tk->tp); |
1431 | int dsize; |
1432 | |
1433 | WARN_ON(call != trace_file->event_call); |
1434 | |
1435 | if (trace_trigger_soft_disabled(file: trace_file)) |
1436 | return; |
1437 | |
1438 | dsize = __get_data_size(tp: &tk->tp, regs, edata: ri->data); |
1439 | |
1440 | entry = trace_event_buffer_reserve(fbuffer: &fbuffer, trace_file, |
1441 | len: sizeof(*entry) + tk->tp.size + dsize); |
1442 | if (!entry) |
1443 | return; |
1444 | |
1445 | fbuffer.regs = regs; |
1446 | entry->func = (unsigned long)tk->rp.kp.addr; |
1447 | entry->ret_ip = get_kretprobe_retaddr(ri); |
1448 | store_trace_args(data: &entry[1], tp: &tk->tp, rec: regs, edata: ri->data, header_size: sizeof(*entry), maxlen: dsize); |
1449 | |
1450 | trace_event_buffer_commit(fbuffer: &fbuffer); |
1451 | } |
1452 | |
1453 | static void |
1454 | kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, |
1455 | struct pt_regs *regs) |
1456 | { |
1457 | struct event_file_link *link; |
1458 | |
1459 | trace_probe_for_each_link_rcu(link, &tk->tp) |
1460 | __kretprobe_trace_func(tk, ri, regs, trace_file: link->file); |
1461 | } |
1462 | NOKPROBE_SYMBOL(kretprobe_trace_func); |
1463 | |
1464 | /* Event entry printers */ |
1465 | static enum print_line_t |
1466 | print_kprobe_event(struct trace_iterator *iter, int flags, |
1467 | struct trace_event *event) |
1468 | { |
1469 | struct kprobe_trace_entry_head *field; |
1470 | struct trace_seq *s = &iter->seq; |
1471 | struct trace_probe *tp; |
1472 | |
1473 | field = (struct kprobe_trace_entry_head *)iter->ent; |
1474 | tp = trace_probe_primary_from_call( |
1475 | container_of(event, struct trace_event_call, event)); |
1476 | if (WARN_ON_ONCE(!tp)) |
1477 | goto out; |
1478 | |
1479 | trace_seq_printf(s, fmt: "%s: (" , trace_probe_name(tp)); |
1480 | |
1481 | if (!seq_print_ip_sym(s, ip: field->ip, sym_flags: flags | TRACE_ITER_SYM_OFFSET)) |
1482 | goto out; |
1483 | |
1484 | trace_seq_putc(s, c: ')'); |
1485 | |
1486 | if (trace_probe_print_args(s, args: tp->args, nr_args: tp->nr_args, |
1487 | data: (u8 *)&field[1], field) < 0) |
1488 | goto out; |
1489 | |
1490 | trace_seq_putc(s, c: '\n'); |
1491 | out: |
1492 | return trace_handle_return(s); |
1493 | } |
1494 | |
1495 | static enum print_line_t |
1496 | print_kretprobe_event(struct trace_iterator *iter, int flags, |
1497 | struct trace_event *event) |
1498 | { |
1499 | struct kretprobe_trace_entry_head *field; |
1500 | struct trace_seq *s = &iter->seq; |
1501 | struct trace_probe *tp; |
1502 | |
1503 | field = (struct kretprobe_trace_entry_head *)iter->ent; |
1504 | tp = trace_probe_primary_from_call( |
1505 | container_of(event, struct trace_event_call, event)); |
1506 | if (WARN_ON_ONCE(!tp)) |
1507 | goto out; |
1508 | |
1509 | trace_seq_printf(s, fmt: "%s: (" , trace_probe_name(tp)); |
1510 | |
1511 | if (!seq_print_ip_sym(s, ip: field->ret_ip, sym_flags: flags | TRACE_ITER_SYM_OFFSET)) |
1512 | goto out; |
1513 | |
1514 | trace_seq_puts(s, str: " <- " ); |
1515 | |
1516 | if (!seq_print_ip_sym(s, ip: field->func, sym_flags: flags & ~TRACE_ITER_SYM_OFFSET)) |
1517 | goto out; |
1518 | |
1519 | trace_seq_putc(s, c: ')'); |
1520 | |
1521 | if (trace_probe_print_args(s, args: tp->args, nr_args: tp->nr_args, |
1522 | data: (u8 *)&field[1], field) < 0) |
1523 | goto out; |
1524 | |
1525 | trace_seq_putc(s, c: '\n'); |
1526 | |
1527 | out: |
1528 | return trace_handle_return(s); |
1529 | } |
1530 | |
1531 | |
1532 | static int kprobe_event_define_fields(struct trace_event_call *event_call) |
1533 | { |
1534 | int ret; |
1535 | struct kprobe_trace_entry_head field; |
1536 | struct trace_probe *tp; |
1537 | |
1538 | tp = trace_probe_primary_from_call(call: event_call); |
1539 | if (WARN_ON_ONCE(!tp)) |
1540 | return -ENOENT; |
1541 | |
1542 | DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0); |
1543 | |
1544 | return traceprobe_define_arg_fields(event_call, offset: sizeof(field), tp); |
1545 | } |
1546 | |
1547 | static int kretprobe_event_define_fields(struct trace_event_call *event_call) |
1548 | { |
1549 | int ret; |
1550 | struct kretprobe_trace_entry_head field; |
1551 | struct trace_probe *tp; |
1552 | |
1553 | tp = trace_probe_primary_from_call(call: event_call); |
1554 | if (WARN_ON_ONCE(!tp)) |
1555 | return -ENOENT; |
1556 | |
1557 | DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0); |
1558 | DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0); |
1559 | |
1560 | return traceprobe_define_arg_fields(event_call, offset: sizeof(field), tp); |
1561 | } |
1562 | |
1563 | #ifdef CONFIG_PERF_EVENTS |
1564 | |
1565 | /* Kprobe profile handler */ |
1566 | static int |
1567 | kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs) |
1568 | { |
1569 | struct trace_event_call *call = trace_probe_event_call(tp: &tk->tp); |
1570 | struct kprobe_trace_entry_head *entry; |
1571 | struct hlist_head *head; |
1572 | int size, __size, dsize; |
1573 | int rctx; |
1574 | |
1575 | if (bpf_prog_array_valid(call)) { |
1576 | unsigned long orig_ip = instruction_pointer(regs); |
1577 | int ret; |
1578 | |
1579 | ret = trace_call_bpf(call, ctx: regs); |
1580 | |
1581 | /* |
1582 | * We need to check and see if we modified the pc of the |
1583 | * pt_regs, and if so return 1 so that we don't do the |
1584 | * single stepping. |
1585 | */ |
1586 | if (orig_ip != instruction_pointer(regs)) |
1587 | return 1; |
1588 | if (!ret) |
1589 | return 0; |
1590 | } |
1591 | |
1592 | head = this_cpu_ptr(call->perf_events); |
1593 | if (hlist_empty(h: head)) |
1594 | return 0; |
1595 | |
1596 | dsize = __get_data_size(tp: &tk->tp, regs, NULL); |
1597 | __size = sizeof(*entry) + tk->tp.size + dsize; |
1598 | size = ALIGN(__size + sizeof(u32), sizeof(u64)); |
1599 | size -= sizeof(u32); |
1600 | |
1601 | entry = perf_trace_buf_alloc(size, NULL, rctxp: &rctx); |
1602 | if (!entry) |
1603 | return 0; |
1604 | |
1605 | entry->ip = (unsigned long)tk->rp.kp.addr; |
1606 | memset(&entry[1], 0, dsize); |
1607 | store_trace_args(data: &entry[1], tp: &tk->tp, rec: regs, NULL, header_size: sizeof(*entry), maxlen: dsize); |
1608 | perf_trace_buf_submit(raw_data: entry, size, rctx, type: call->event.type, count: 1, regs, |
1609 | head, NULL); |
1610 | return 0; |
1611 | } |
1612 | NOKPROBE_SYMBOL(kprobe_perf_func); |
1613 | |
1614 | /* Kretprobe profile handler */ |
1615 | static void |
1616 | kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri, |
1617 | struct pt_regs *regs) |
1618 | { |
1619 | struct trace_event_call *call = trace_probe_event_call(tp: &tk->tp); |
1620 | struct kretprobe_trace_entry_head *entry; |
1621 | struct hlist_head *head; |
1622 | int size, __size, dsize; |
1623 | int rctx; |
1624 | |
1625 | if (bpf_prog_array_valid(call) && !trace_call_bpf(call, ctx: regs)) |
1626 | return; |
1627 | |
1628 | head = this_cpu_ptr(call->perf_events); |
1629 | if (hlist_empty(h: head)) |
1630 | return; |
1631 | |
1632 | dsize = __get_data_size(tp: &tk->tp, regs, edata: ri->data); |
1633 | __size = sizeof(*entry) + tk->tp.size + dsize; |
1634 | size = ALIGN(__size + sizeof(u32), sizeof(u64)); |
1635 | size -= sizeof(u32); |
1636 | |
1637 | entry = perf_trace_buf_alloc(size, NULL, rctxp: &rctx); |
1638 | if (!entry) |
1639 | return; |
1640 | |
1641 | entry->func = (unsigned long)tk->rp.kp.addr; |
1642 | entry->ret_ip = get_kretprobe_retaddr(ri); |
1643 | store_trace_args(data: &entry[1], tp: &tk->tp, rec: regs, edata: ri->data, header_size: sizeof(*entry), maxlen: dsize); |
1644 | perf_trace_buf_submit(raw_data: entry, size, rctx, type: call->event.type, count: 1, regs, |
1645 | head, NULL); |
1646 | } |
1647 | NOKPROBE_SYMBOL(kretprobe_perf_func); |
1648 | |
1649 | int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type, |
1650 | const char **symbol, u64 *probe_offset, |
1651 | u64 *probe_addr, unsigned long *missed, |
1652 | bool perf_type_tracepoint) |
1653 | { |
1654 | const char *pevent = trace_event_name(call: event->tp_event); |
1655 | const char *group = event->tp_event->class->system; |
1656 | struct trace_kprobe *tk; |
1657 | |
1658 | if (perf_type_tracepoint) |
1659 | tk = find_trace_kprobe(event: pevent, group); |
1660 | else |
1661 | tk = trace_kprobe_primary_from_call(call: event->tp_event); |
1662 | if (!tk) |
1663 | return -EINVAL; |
1664 | |
1665 | *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE |
1666 | : BPF_FD_TYPE_KPROBE; |
1667 | *probe_offset = tk->rp.kp.offset; |
1668 | *probe_addr = kallsyms_show_value(current_cred()) ? |
1669 | (unsigned long)tk->rp.kp.addr : 0; |
1670 | *symbol = tk->symbol; |
1671 | if (missed) |
1672 | *missed = trace_kprobe_missed(tk); |
1673 | return 0; |
1674 | } |
1675 | #endif /* CONFIG_PERF_EVENTS */ |
1676 | |
1677 | /* |
1678 | * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex. |
1679 | * |
1680 | * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe |
1681 | * lockless, but we can't race with this __init function. |
1682 | */ |
1683 | static int kprobe_register(struct trace_event_call *event, |
1684 | enum trace_reg type, void *data) |
1685 | { |
1686 | struct trace_event_file *file = data; |
1687 | |
1688 | switch (type) { |
1689 | case TRACE_REG_REGISTER: |
1690 | return enable_trace_kprobe(call: event, file); |
1691 | case TRACE_REG_UNREGISTER: |
1692 | return disable_trace_kprobe(call: event, file); |
1693 | |
1694 | #ifdef CONFIG_PERF_EVENTS |
1695 | case TRACE_REG_PERF_REGISTER: |
1696 | return enable_trace_kprobe(call: event, NULL); |
1697 | case TRACE_REG_PERF_UNREGISTER: |
1698 | return disable_trace_kprobe(call: event, NULL); |
1699 | case TRACE_REG_PERF_OPEN: |
1700 | case TRACE_REG_PERF_CLOSE: |
1701 | case TRACE_REG_PERF_ADD: |
1702 | case TRACE_REG_PERF_DEL: |
1703 | return 0; |
1704 | #endif |
1705 | } |
1706 | return 0; |
1707 | } |
1708 | |
1709 | static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs) |
1710 | { |
1711 | struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp); |
1712 | int ret = 0; |
1713 | |
1714 | raw_cpu_inc(*tk->nhit); |
1715 | |
1716 | if (trace_probe_test_flag(tp: &tk->tp, TP_FLAG_TRACE)) |
1717 | kprobe_trace_func(tk, regs); |
1718 | #ifdef CONFIG_PERF_EVENTS |
1719 | if (trace_probe_test_flag(tp: &tk->tp, TP_FLAG_PROFILE)) |
1720 | ret = kprobe_perf_func(tk, regs); |
1721 | #endif |
1722 | return ret; |
1723 | } |
1724 | NOKPROBE_SYMBOL(kprobe_dispatcher); |
1725 | |
1726 | static int |
1727 | kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs) |
1728 | { |
1729 | struct kretprobe *rp = get_kretprobe(ri); |
1730 | struct trace_kprobe *tk; |
1731 | |
1732 | /* |
1733 | * There is a small chance that get_kretprobe(ri) returns NULL when |
1734 | * the kretprobe is unregister on another CPU between kretprobe's |
1735 | * trampoline_handler and this function. |
1736 | */ |
1737 | if (unlikely(!rp)) |
1738 | return 0; |
1739 | |
1740 | tk = container_of(rp, struct trace_kprobe, rp); |
1741 | raw_cpu_inc(*tk->nhit); |
1742 | |
1743 | if (trace_probe_test_flag(tp: &tk->tp, TP_FLAG_TRACE)) |
1744 | kretprobe_trace_func(tk, ri, regs); |
1745 | #ifdef CONFIG_PERF_EVENTS |
1746 | if (trace_probe_test_flag(tp: &tk->tp, TP_FLAG_PROFILE)) |
1747 | kretprobe_perf_func(tk, ri, regs); |
1748 | #endif |
1749 | return 0; /* We don't tweak kernel, so just return 0 */ |
1750 | } |
1751 | NOKPROBE_SYMBOL(kretprobe_dispatcher); |
1752 | |
1753 | static struct trace_event_functions kretprobe_funcs = { |
1754 | .trace = print_kretprobe_event |
1755 | }; |
1756 | |
1757 | static struct trace_event_functions kprobe_funcs = { |
1758 | .trace = print_kprobe_event |
1759 | }; |
1760 | |
1761 | static struct trace_event_fields kretprobe_fields_array[] = { |
1762 | { .type = TRACE_FUNCTION_TYPE, |
1763 | .define_fields = kretprobe_event_define_fields }, |
1764 | {} |
1765 | }; |
1766 | |
1767 | static struct trace_event_fields kprobe_fields_array[] = { |
1768 | { .type = TRACE_FUNCTION_TYPE, |
1769 | .define_fields = kprobe_event_define_fields }, |
1770 | {} |
1771 | }; |
1772 | |
1773 | static inline void init_trace_event_call(struct trace_kprobe *tk) |
1774 | { |
1775 | struct trace_event_call *call = trace_probe_event_call(tp: &tk->tp); |
1776 | |
1777 | if (trace_kprobe_is_return(tk)) { |
1778 | call->event.funcs = &kretprobe_funcs; |
1779 | call->class->fields_array = kretprobe_fields_array; |
1780 | } else { |
1781 | call->event.funcs = &kprobe_funcs; |
1782 | call->class->fields_array = kprobe_fields_array; |
1783 | } |
1784 | |
1785 | call->flags = TRACE_EVENT_FL_KPROBE; |
1786 | call->class->reg = kprobe_register; |
1787 | } |
1788 | |
1789 | static int register_kprobe_event(struct trace_kprobe *tk) |
1790 | { |
1791 | init_trace_event_call(tk); |
1792 | |
1793 | return trace_probe_register_event_call(tp: &tk->tp); |
1794 | } |
1795 | |
1796 | static int unregister_kprobe_event(struct trace_kprobe *tk) |
1797 | { |
1798 | return trace_probe_unregister_event_call(tp: &tk->tp); |
1799 | } |
1800 | |
1801 | #ifdef CONFIG_PERF_EVENTS |
1802 | |
1803 | /* create a trace_kprobe, but don't add it to global lists */ |
1804 | struct trace_event_call * |
1805 | create_local_trace_kprobe(char *func, void *addr, unsigned long offs, |
1806 | bool is_return) |
1807 | { |
1808 | enum probe_print_type ptype; |
1809 | struct trace_kprobe *tk; |
1810 | int ret; |
1811 | char *event; |
1812 | |
1813 | if (func) { |
1814 | unsigned int count; |
1815 | |
1816 | count = number_of_same_symbols(func_name: func); |
1817 | if (count > 1) |
1818 | /* |
1819 | * Users should use addr to remove the ambiguity of |
1820 | * using func only. |
1821 | */ |
1822 | return ERR_PTR(error: -EADDRNOTAVAIL); |
1823 | else if (count == 0) |
1824 | /* |
1825 | * We can return ENOENT earlier than when register the |
1826 | * kprobe. |
1827 | */ |
1828 | return ERR_PTR(error: -ENOENT); |
1829 | } |
1830 | |
1831 | /* |
1832 | * local trace_kprobes are not added to dyn_event, so they are never |
1833 | * searched in find_trace_kprobe(). Therefore, there is no concern of |
1834 | * duplicated name here. |
1835 | */ |
1836 | event = func ? func : "DUMMY_EVENT" ; |
1837 | |
1838 | tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, addr: (void *)addr, symbol: func, |
1839 | offs, maxactive: 0 /* maxactive */, nargs: 0 /* nargs */, |
1840 | is_return); |
1841 | |
1842 | if (IS_ERR(ptr: tk)) { |
1843 | pr_info("Failed to allocate trace_probe.(%d)\n" , |
1844 | (int)PTR_ERR(tk)); |
1845 | return ERR_CAST(ptr: tk); |
1846 | } |
1847 | |
1848 | init_trace_event_call(tk); |
1849 | |
1850 | ptype = trace_kprobe_is_return(tk) ? |
1851 | PROBE_PRINT_RETURN : PROBE_PRINT_NORMAL; |
1852 | if (traceprobe_set_print_fmt(tp: &tk->tp, ptype) < 0) { |
1853 | ret = -ENOMEM; |
1854 | goto error; |
1855 | } |
1856 | |
1857 | ret = __register_trace_kprobe(tk); |
1858 | if (ret < 0) |
1859 | goto error; |
1860 | |
1861 | return trace_probe_event_call(tp: &tk->tp); |
1862 | error: |
1863 | free_trace_kprobe(tk); |
1864 | return ERR_PTR(error: ret); |
1865 | } |
1866 | |
1867 | void destroy_local_trace_kprobe(struct trace_event_call *event_call) |
1868 | { |
1869 | struct trace_kprobe *tk; |
1870 | |
1871 | tk = trace_kprobe_primary_from_call(call: event_call); |
1872 | if (unlikely(!tk)) |
1873 | return; |
1874 | |
1875 | if (trace_probe_is_enabled(tp: &tk->tp)) { |
1876 | WARN_ON(1); |
1877 | return; |
1878 | } |
1879 | |
1880 | __unregister_trace_kprobe(tk); |
1881 | |
1882 | free_trace_kprobe(tk); |
1883 | } |
1884 | #endif /* CONFIG_PERF_EVENTS */ |
1885 | |
1886 | static __init void enable_boot_kprobe_events(void) |
1887 | { |
1888 | struct trace_array *tr = top_trace_array(); |
1889 | struct trace_event_file *file; |
1890 | struct trace_kprobe *tk; |
1891 | struct dyn_event *pos; |
1892 | |
1893 | mutex_lock(&event_mutex); |
1894 | for_each_trace_kprobe(tk, pos) { |
1895 | list_for_each_entry(file, &tr->events, list) |
1896 | if (file->event_call == trace_probe_event_call(tp: &tk->tp)) |
1897 | trace_event_enable_disable(file, enable: 1, soft_disable: 0); |
1898 | } |
1899 | mutex_unlock(lock: &event_mutex); |
1900 | } |
1901 | |
1902 | static __init void setup_boot_kprobe_events(void) |
1903 | { |
1904 | char *p, *cmd = kprobe_boot_events_buf; |
1905 | int ret; |
1906 | |
1907 | strreplace(str: kprobe_boot_events_buf, old: ',', new: ' '); |
1908 | |
1909 | while (cmd && *cmd != '\0') { |
1910 | p = strchr(cmd, ';'); |
1911 | if (p) |
1912 | *p++ = '\0'; |
1913 | |
1914 | ret = create_or_delete_trace_kprobe(raw_command: cmd); |
1915 | if (ret) |
1916 | pr_warn("Failed to add event(%d): %s\n" , ret, cmd); |
1917 | |
1918 | cmd = p; |
1919 | } |
1920 | |
1921 | enable_boot_kprobe_events(); |
1922 | } |
1923 | |
1924 | /* |
1925 | * Register dynevent at core_initcall. This allows kernel to setup kprobe |
1926 | * events in postcore_initcall without tracefs. |
1927 | */ |
1928 | static __init int init_kprobe_trace_early(void) |
1929 | { |
1930 | int ret; |
1931 | |
1932 | ret = dyn_event_register(ops: &trace_kprobe_ops); |
1933 | if (ret) |
1934 | return ret; |
1935 | |
1936 | if (register_module_notifier(nb: &trace_kprobe_module_nb)) |
1937 | return -EINVAL; |
1938 | |
1939 | return 0; |
1940 | } |
1941 | core_initcall(init_kprobe_trace_early); |
1942 | |
1943 | /* Make a tracefs interface for controlling probe points */ |
1944 | static __init int init_kprobe_trace(void) |
1945 | { |
1946 | int ret; |
1947 | |
1948 | ret = tracing_init_dentry(); |
1949 | if (ret) |
1950 | return 0; |
1951 | |
1952 | /* Event list interface */ |
1953 | trace_create_file(name: "kprobe_events" , TRACE_MODE_WRITE, |
1954 | NULL, NULL, fops: &kprobe_events_ops); |
1955 | |
1956 | /* Profile interface */ |
1957 | trace_create_file(name: "kprobe_profile" , TRACE_MODE_READ, |
1958 | NULL, NULL, fops: &kprobe_profile_ops); |
1959 | |
1960 | setup_boot_kprobe_events(); |
1961 | |
1962 | return 0; |
1963 | } |
1964 | fs_initcall(init_kprobe_trace); |
1965 | |
1966 | |
1967 | #ifdef CONFIG_FTRACE_STARTUP_TEST |
1968 | static __init struct trace_event_file * |
1969 | find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr) |
1970 | { |
1971 | struct trace_event_file *file; |
1972 | |
1973 | list_for_each_entry(file, &tr->events, list) |
1974 | if (file->event_call == trace_probe_event_call(tp: &tk->tp)) |
1975 | return file; |
1976 | |
1977 | return NULL; |
1978 | } |
1979 | |
1980 | /* |
1981 | * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this |
1982 | * stage, we can do this lockless. |
1983 | */ |
1984 | static __init int kprobe_trace_self_tests_init(void) |
1985 | { |
1986 | int ret, warn = 0; |
1987 | int (*target)(int, int, int, int, int, int); |
1988 | struct trace_kprobe *tk; |
1989 | struct trace_event_file *file; |
1990 | |
1991 | if (tracing_is_disabled()) |
1992 | return -ENODEV; |
1993 | |
1994 | if (tracing_selftest_disabled) |
1995 | return 0; |
1996 | |
1997 | target = kprobe_trace_selftest_target; |
1998 | |
1999 | pr_info("Testing kprobe tracing: " ); |
2000 | |
2001 | ret = create_or_delete_trace_kprobe(raw_command: "p:testprobe kprobe_trace_selftest_target $stack $stack0 +0($stack)" ); |
2002 | if (WARN_ON_ONCE(ret)) { |
2003 | pr_warn("error on probing function entry.\n" ); |
2004 | warn++; |
2005 | } else { |
2006 | /* Enable trace point */ |
2007 | tk = find_trace_kprobe(event: "testprobe" , KPROBE_EVENT_SYSTEM); |
2008 | if (WARN_ON_ONCE(tk == NULL)) { |
2009 | pr_warn("error on getting new probe.\n" ); |
2010 | warn++; |
2011 | } else { |
2012 | file = find_trace_probe_file(tk, tr: top_trace_array()); |
2013 | if (WARN_ON_ONCE(file == NULL)) { |
2014 | pr_warn("error on getting probe file.\n" ); |
2015 | warn++; |
2016 | } else |
2017 | enable_trace_kprobe( |
2018 | call: trace_probe_event_call(tp: &tk->tp), file); |
2019 | } |
2020 | } |
2021 | |
2022 | ret = create_or_delete_trace_kprobe(raw_command: "r:testprobe2 kprobe_trace_selftest_target $retval" ); |
2023 | if (WARN_ON_ONCE(ret)) { |
2024 | pr_warn("error on probing function return.\n" ); |
2025 | warn++; |
2026 | } else { |
2027 | /* Enable trace point */ |
2028 | tk = find_trace_kprobe(event: "testprobe2" , KPROBE_EVENT_SYSTEM); |
2029 | if (WARN_ON_ONCE(tk == NULL)) { |
2030 | pr_warn("error on getting 2nd new probe.\n" ); |
2031 | warn++; |
2032 | } else { |
2033 | file = find_trace_probe_file(tk, tr: top_trace_array()); |
2034 | if (WARN_ON_ONCE(file == NULL)) { |
2035 | pr_warn("error on getting probe file.\n" ); |
2036 | warn++; |
2037 | } else |
2038 | enable_trace_kprobe( |
2039 | call: trace_probe_event_call(tp: &tk->tp), file); |
2040 | } |
2041 | } |
2042 | |
2043 | if (warn) |
2044 | goto end; |
2045 | |
2046 | ret = target(1, 2, 3, 4, 5, 6); |
2047 | |
2048 | /* |
2049 | * Not expecting an error here, the check is only to prevent the |
2050 | * optimizer from removing the call to target() as otherwise there |
2051 | * are no side-effects and the call is never performed. |
2052 | */ |
2053 | if (ret != 21) |
2054 | warn++; |
2055 | |
2056 | /* Disable trace points before removing it */ |
2057 | tk = find_trace_kprobe(event: "testprobe" , KPROBE_EVENT_SYSTEM); |
2058 | if (WARN_ON_ONCE(tk == NULL)) { |
2059 | pr_warn("error on getting test probe.\n" ); |
2060 | warn++; |
2061 | } else { |
2062 | if (trace_kprobe_nhit(tk) != 1) { |
2063 | pr_warn("incorrect number of testprobe hits\n" ); |
2064 | warn++; |
2065 | } |
2066 | |
2067 | file = find_trace_probe_file(tk, tr: top_trace_array()); |
2068 | if (WARN_ON_ONCE(file == NULL)) { |
2069 | pr_warn("error on getting probe file.\n" ); |
2070 | warn++; |
2071 | } else |
2072 | disable_trace_kprobe( |
2073 | call: trace_probe_event_call(tp: &tk->tp), file); |
2074 | } |
2075 | |
2076 | tk = find_trace_kprobe(event: "testprobe2" , KPROBE_EVENT_SYSTEM); |
2077 | if (WARN_ON_ONCE(tk == NULL)) { |
2078 | pr_warn("error on getting 2nd test probe.\n" ); |
2079 | warn++; |
2080 | } else { |
2081 | if (trace_kprobe_nhit(tk) != 1) { |
2082 | pr_warn("incorrect number of testprobe2 hits\n" ); |
2083 | warn++; |
2084 | } |
2085 | |
2086 | file = find_trace_probe_file(tk, tr: top_trace_array()); |
2087 | if (WARN_ON_ONCE(file == NULL)) { |
2088 | pr_warn("error on getting probe file.\n" ); |
2089 | warn++; |
2090 | } else |
2091 | disable_trace_kprobe( |
2092 | call: trace_probe_event_call(tp: &tk->tp), file); |
2093 | } |
2094 | |
2095 | ret = create_or_delete_trace_kprobe(raw_command: "-:testprobe" ); |
2096 | if (WARN_ON_ONCE(ret)) { |
2097 | pr_warn("error on deleting a probe.\n" ); |
2098 | warn++; |
2099 | } |
2100 | |
2101 | ret = create_or_delete_trace_kprobe(raw_command: "-:testprobe2" ); |
2102 | if (WARN_ON_ONCE(ret)) { |
2103 | pr_warn("error on deleting a probe.\n" ); |
2104 | warn++; |
2105 | } |
2106 | |
2107 | end: |
2108 | ret = dyn_events_release_all(type: &trace_kprobe_ops); |
2109 | if (WARN_ON_ONCE(ret)) { |
2110 | pr_warn("error on cleaning up probes.\n" ); |
2111 | warn++; |
2112 | } |
2113 | /* |
2114 | * Wait for the optimizer work to finish. Otherwise it might fiddle |
2115 | * with probes in already freed __init text. |
2116 | */ |
2117 | wait_for_kprobe_optimizer(); |
2118 | if (warn) |
2119 | pr_cont("NG: Some tests are failed. Please check them.\n" ); |
2120 | else |
2121 | pr_cont("OK\n" ); |
2122 | return 0; |
2123 | } |
2124 | |
2125 | late_initcall(kprobe_trace_self_tests_init); |
2126 | |
2127 | #endif |
2128 | |