2 * Kernel Probes (KProbes)
3 * arch/x86/kernel/kprobes.c
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 * Copyright (C) IBM Corporation, 2002, 2004
23 * Dynamic Binary Instrumentation Module based on KProbes
24 * modules/kprobe/arch/asm-x86/dbi_kprobes.c
26 * This program is free software; you can redistribute it and/or modify
27 * it under the terms of the GNU General Public License as published by
28 * the Free Software Foundation; either version 2 of the License, or
29 * (at your option) any later version.
31 * This program is distributed in the hope that it will be useful,
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
34 * GNU General Public License for more details.
36 * You should have received a copy of the GNU General Public License
37 * along with this program; if not, write to the Free Software
38 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
40 * Copyright (C) Samsung Electronics, 2006-2010
42 * 2008-2009 Alexey Gerenkov <a.gerenkov@samsung.com> User-Space
43 * Probes initial implementation; Support x86/ARM/MIPS for both user and kernel spaces.
44 * 2010 Ekaterina Gorelkina <e.gorelkina@samsung.com>: redesign module for separating core and arch parts
45 * 2012 Stanislav Andreev <s.andreev@samsung.com>: added time debug profiling support; BUG() message fix
48 #include<linux/module.h>
49 #include <linux/kdebug.h>
51 #include "dbi_kprobes.h"
52 #include <kprobe/dbi_kprobes.h>
54 #include <kprobe/dbi_kdebug.h>
55 #include <kprobe/dbi_insn_slots.h>
56 #include <kprobe/dbi_kprobes_deps.h>
57 #define SUPRESS_BUG_MESSAGES
59 extern struct kprobe * per_cpu__current_kprobe;
60 extern struct kprobe * per_cpu__current_kprobe;
61 extern struct kprobe * current_kprobe;
63 DECLARE_MOD_FUNC_DEP(module_alloc, void *, unsigned long size);
64 DECLARE_MOD_FUNC_DEP(module_free, void, struct module *mod, void *module_region);
65 DECLARE_MOD_FUNC_DEP(fixup_exception, int, struct pt_regs * regs);
67 DECLARE_MOD_FUNC_DEP(freeze_processes, int, void);
68 DECLARE_MOD_FUNC_DEP(thaw_processes, void, void);
70 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 26))
71 DECLARE_MOD_FUNC_DEP(text_poke, void, void *addr, unsigned char *opcode, int len);
73 DECLARE_MOD_FUNC_DEP(text_poke, void *, void *addr, const void *opcode, size_t len);
75 DECLARE_MOD_FUNC_DEP(show_registers, void, struct pt_regs * regs);
77 DECLARE_MOD_DEP_WRAPPER (module_alloc, void *, unsigned long size)
78 IMP_MOD_DEP_WRAPPER (module_alloc, size)
80 DECLARE_MOD_DEP_WRAPPER (module_free, void, struct module *mod, void *module_region)
81 IMP_MOD_DEP_WRAPPER (module_free, mod, module_region)
83 DECLARE_MOD_DEP_WRAPPER (fixup_exception, int, struct pt_regs * regs)
84 IMP_MOD_DEP_WRAPPER (fixup_exception, regs)
86 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 26))
87 DECLARE_MOD_DEP_WRAPPER(text_poke, \
88 void, void *addr, unsigned char *opcode, int len)
90 DECLARE_MOD_DEP_WRAPPER(text_poke, \
91 void *, void *addr, const void *opcode, size_t len)
93 IMP_MOD_DEP_WRAPPER(text_poke, addr, opcode, len)
95 DECLARE_MOD_DEP_WRAPPER(show_registers, void, struct pt_regs * regs)
96 IMP_MOD_DEP_WRAPPER(show_registers, regs)
98 #define stack_addr(regs) ((unsigned long *)kernel_stack_pointer(regs))
101 * Function return probe trampoline:
102 * - init_kprobes() establishes a probepoint here
103 * - When the probed function returns, this probe
104 * causes the handlers to fire
106 static __used void kretprobe_trampoline_holder(void)
108 asm volatile(".global kretprobe_trampoline\n"
109 "kretprobe_trampoline:\n"
111 /* skip cs, ip, orig_ax and gs. */
124 " call trampoline_probe_handler_x86\n"
125 /* move eflags to cs */
126 " movl 56(%esp), %edx\n"
127 " movl %edx, 52(%esp)\n"
128 /* replace saved flags with true return address. */
129 " movl %eax, 56(%esp)\n"
137 /* skip ds, es, fs, gs, orig_ax, and ip. Note: don't pop cs here*/
143 void kretprobe_trampoline(void);
145 /* insert a jmp code */
146 static __always_inline void set_jmp_op (void *from, void *to)
152 } __attribute__ ((packed)) * jop;
153 jop = (struct __arch_jmp_op *) from;
154 jop->raddr = (long) (to) - ((long) (from) + 5);
155 jop->op = RELATIVEJUMP_INSTRUCTION;
159 * returns non-zero if opcodes can be boosted.
161 int can_boost(kprobe_opcode_t *opcodes)
163 #define W(row,b0,b1,b2,b3,b4,b5,b6,b7,b8,b9,ba,bb,bc,bd,be,bf) \
164 (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) | \
165 (b4##UL << 0x4)|(b5##UL << 0x5)|(b6##UL << 0x6)|(b7##UL << 0x7) | \
166 (b8##UL << 0x8)|(b9##UL << 0x9)|(ba##UL << 0xa)|(bb##UL << 0xb) | \
167 (bc##UL << 0xc)|(bd##UL << 0xd)|(be##UL << 0xe)|(bf##UL << 0xf)) \
170 * Undefined/reserved opcodes, conditional jump, Opcode Extension
171 * Groups, and some special opcodes can not be boost.
173 static const unsigned long twobyte_is_boostable[256 / 32] = {
174 /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
175 /* ------------------------------- */
176 W (0x00, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0) | /* 00 */
177 W (0x10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 10 */
178 W (0x20, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 20 */
179 W (0x30, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 30 */
180 W (0x40, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 40 */
181 W (0x50, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 50 */
182 W (0x60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1) | /* 60 */
183 W (0x70, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1), /* 70 */
184 W (0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 80 */
185 W (0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1), /* 90 */
186 W (0xa0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1) | /* a0 */
187 W (0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1), /* b0 */
188 W (0xc0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1) | /* c0 */
189 W (0xd0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1), /* d0 */
190 W (0xe0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1) | /* e0 */
191 W (0xf0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0) /* f0 */
192 /* ------------------------------- */
193 /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
196 kprobe_opcode_t opcode;
197 kprobe_opcode_t *orig_opcodes = opcodes;
199 if (opcodes - orig_opcodes > MAX_INSN_SIZE - 1)
201 opcode = *(opcodes++);
203 /* 2nd-byte opcode */
206 if (opcodes - orig_opcodes > MAX_INSN_SIZE - 1)
208 return test_bit (*opcodes, twobyte_is_boostable);
211 switch (opcode & 0xf0)
214 if (0x63 < opcode && opcode < 0x67)
215 goto retry; /* prefixes */
216 /* can't boost Address-size override and bound */
217 return (opcode != 0x62 && opcode != 0x67);
219 return 0; /* can't boost conditional jump */
221 /* can't boost software-interruptions */
222 return (0xc1 < opcode && opcode < 0xcc) || opcode == 0xcf;
224 /* can boost AA* and XLAT */
225 return (opcode == 0xd4 || opcode == 0xd5 || opcode == 0xd7);
227 /* can boost in/out and absolute jmps */
228 return ((opcode & 0x04) || opcode == 0xea);
230 if ((opcode & 0x0c) == 0 && opcode != 0xf1)
231 goto retry; /* lock/rep(ne) prefix */
232 /* clear and set flags can be boost */
233 return (opcode == 0xf5 || (0xf7 < opcode && opcode < 0xfe));
235 if (opcode == 0x26 || opcode == 0x36 || opcode == 0x3e)
236 goto retry; /* prefixes */
237 /* can't boost CS override and call */
238 return (opcode != 0x2e && opcode != 0x9a);
241 EXPORT_SYMBOL_GPL(can_boost);
244 * returns non-zero if opcode modifies the interrupt flag.
246 static int is_IF_modifier (kprobe_opcode_t opcode)
252 case 0xcf: /* iret/iretd */
253 case 0x9d: /* popf/popfd */
259 int arch_prepare_kprobe(struct kprobe *p, struct slot_manager *sm)
261 /* insn: must be on special executable page on i386. */
262 p->ainsn.insn = alloc_insn_slot(sm);
263 if (p->ainsn.insn == NULL)
266 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE);
268 p->opcode = *p->addr;
269 p->ainsn.boostable = can_boost(p->addr) ? 0 : -1;
274 void prepare_singlestep (struct kprobe *p, struct pt_regs *regs)
278 regs->EREG (ip) = (unsigned long)p->ss_addr;
283 regs->EREG (flags) |= TF_MASK;
284 regs->EREG (flags) &= ~IF_MASK;
285 /*single step inline if the instruction is an int3 */
286 if (p->opcode == BREAKPOINT_INSTRUCTION){
287 regs->EREG (ip) = (unsigned long) p->addr;
288 //printk("break_insn!!!\n");
291 regs->EREG (ip) = (unsigned long) p->ainsn.insn;
294 EXPORT_SYMBOL_GPL(prepare_singlestep);
296 void save_previous_kprobe (struct kprobe_ctlblk *kcb, struct kprobe *cur_p)
298 if (kcb->prev_kprobe.kp != NULL)
300 panic("no space to save new probe[]: task = %d/%s, prev %p, current %p, new %p,",
301 current->pid, current->comm, kcb->prev_kprobe.kp->addr,
302 kprobe_running()->addr, cur_p->addr);
306 kcb->prev_kprobe.kp = kprobe_running();
307 kcb->prev_kprobe.status = kcb->kprobe_status;
311 void restore_previous_kprobe (struct kprobe_ctlblk *kcb)
313 __get_cpu_var (current_kprobe) = kcb->prev_kprobe.kp;
314 kcb->kprobe_status = kcb->prev_kprobe.status;
315 kcb->prev_kprobe.kp = NULL;
316 kcb->prev_kprobe.status = 0;
319 void set_current_kprobe (struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
321 __get_cpu_var (current_kprobe) = p;
322 DBPRINTF ("set_current_kprobe[]: p=%p addr=%p\n", p, p->addr);
323 kcb->kprobe_saved_eflags = kcb->kprobe_old_eflags = (regs->EREG (flags) & (TF_MASK | IF_MASK));
324 if (is_IF_modifier (p->opcode))
325 kcb->kprobe_saved_eflags &= ~IF_MASK;
328 int kprobe_handler (struct pt_regs *regs)
330 struct kprobe *p = 0;
331 int ret = 0, reenter = 0;
332 kprobe_opcode_t *addr = NULL;
333 struct kprobe_ctlblk *kcb;
334 #ifdef SUPRESS_BUG_MESSAGES
335 int swap_oops_in_progress;
338 /* We're in an interrupt, but this is clear and BUG()-safe. */
339 addr = (kprobe_opcode_t *) (regs->EREG (ip) - sizeof (kprobe_opcode_t));
340 DBPRINTF ("KPROBE: regs->eip = 0x%lx addr = 0x%p\n", regs->EREG (ip), addr);
341 #ifdef SUPRESS_BUG_MESSAGES
342 // oops_in_progress used to avoid BUG() messages that slow down kprobe_handler() execution
343 swap_oops_in_progress = oops_in_progress;
344 oops_in_progress = 1;
348 kcb = get_kprobe_ctlblk ();
350 /* Check we're not actually recursing */
351 if (kprobe_running()) {
352 p = get_kprobe(addr);
354 if (kcb->kprobe_status == KPROBE_HIT_SS && *p->ainsn.insn == BREAKPOINT_INSTRUCTION) {
355 regs->EREG(flags) &= ~TF_MASK;
356 regs->EREG(flags) |= kcb->kprobe_saved_eflags;
361 /* We have reentered the kprobe_handler(), since
362 * another probe was hit while within the handler.
363 * We here save the original kprobes variables and
364 * just single step on the instruction of the new probe
365 * without calling any user handlers.
367 save_previous_kprobe (kcb, p);
368 set_current_kprobe (p, regs, kcb);
369 kprobes_inc_nmissed_count (p);
370 prepare_singlestep (p, regs);
371 kcb->kprobe_status = KPROBE_REENTER;
372 // FIXME should we enable preemption here??...
373 //preempt_enable_no_resched ();
374 #ifdef SUPRESS_BUG_MESSAGES
375 oops_in_progress = swap_oops_in_progress;
379 if (*addr != BREAKPOINT_INSTRUCTION) {
380 /* The breakpoint instruction was removed by
381 * another cpu right after we hit, no further
382 * handling of this interrupt is appropriate
384 regs->EREG(ip) -= sizeof(kprobe_opcode_t);
389 p = __get_cpu_var(current_kprobe);
390 if (p->break_handler && p->break_handler(p, regs))
397 DBPRINTF ("get_kprobe %p", addr);
399 p = get_kprobe(addr);
402 if (*addr != BREAKPOINT_INSTRUCTION) {
404 * The breakpoint instruction was removed right
405 * after we hit it. Another cpu has removed
406 * either a probepoint or a debugger breakpoint
407 * at this address. In either case, no further
408 * handling of this interrupt is appropriate.
409 * Back up over the (now missing) int3 and run
410 * the original instruction.
412 regs->EREG(ip) -= sizeof(kprobe_opcode_t);
417 /* Not one of ours: let kernel handle it */
418 DBPRINTF ("no_kprobe");
423 set_current_kprobe (p, regs, kcb);
426 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
429 ret = p->pre_handler(p, regs);
433 if (ret == 2) { // we have alreadyc called the handler, so just single step the instruction
434 DBPRINTF ("p->pre_handler[] 2");
437 DBPRINTF ("p->pre_handler[] 1");
438 // FIXME should we enable preemption here??...
439 //preempt_enable_no_resched ();
440 #ifdef SUPRESS_BUG_MESSAGES
441 oops_in_progress = swap_oops_in_progress;
443 /* handler has already set things up, so skip ss setup */
444 prepare_singlestep(p, regs);
447 DBPRINTF ("p->pre_handler[] 0");
450 DBPRINTF ("p = %p\n", p);
451 DBPRINTF ("p->opcode = 0x%lx *p->addr = 0x%lx p->addr = 0x%p\n", (unsigned long) p->opcode, p->tgid ? 0 : (unsigned long) (*p->addr), p->addr);
453 #if !defined(CONFIG_PREEMPT) || defined(CONFIG_PM)
454 if (p->ainsn.boostable == 1 && !p->post_handler)
456 /* Boost up -- we can execute copied instructions directly */
457 reset_current_kprobe ();
458 regs->EREG (ip) = (unsigned long) p->ainsn.insn;
459 preempt_enable_no_resched ();
460 #ifdef SUPRESS_BUG_MESSAGES
461 oops_in_progress = swap_oops_in_progress;
465 #endif // !CONFIG_PREEMPT
466 prepare_singlestep (p, regs);
467 kcb->kprobe_status = KPROBE_HIT_SS;
468 // FIXME should we enable preemption here??...
469 //preempt_enable_no_resched ();
470 #ifdef SUPRESS_BUG_MESSAGES
471 oops_in_progress = swap_oops_in_progress;
477 preempt_enable_no_resched ();
478 #ifdef SUPRESS_BUG_MESSAGES
479 oops_in_progress = swap_oops_in_progress;
484 int setjmp_pre_handler (struct kprobe *p, struct pt_regs *regs)
486 struct jprobe *jp = container_of (p, struct jprobe, kp);
487 kprobe_pre_entry_handler_t pre_entry;
491 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
493 DBPRINTF ("setjmp_pre_handler %p:%d", p->addr, p->tgid);
494 pre_entry = (kprobe_pre_entry_handler_t) jp->pre_entry;
495 entry = (entry_point_t) jp->entry;
497 kcb->jprobe_saved_regs = *regs;
498 kcb->jprobe_saved_esp = stack_addr(regs);
499 addr = (unsigned long)(kcb->jprobe_saved_esp);
501 /* TBD: As Linus pointed out, gcc assumes that the callee
502 * owns the argument space and could overwrite it, e.g.
503 * tailcall optimization. So, to be absolutely safe
504 * we also save and restore enough stack bytes to cover
505 * the argument area. */
506 memcpy(kcb->jprobes_stack, (kprobe_opcode_t *)addr, MIN_STACK_SIZE (addr));
507 regs->EREG(flags) &= ~IF_MASK;
508 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 18)
509 trace_hardirqs_off();
512 p->ss_addr = (kprobe_opcode_t *)pre_entry(jp->priv_arg, regs);
514 regs->EREG(ip) = (unsigned long)(jp->entry);
519 void dbi_jprobe_return (void)
521 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
523 asm volatile(" xchgl %%ebx,%%esp \n"
525 " .globl dbi_jprobe_return_end \n"
526 " dbi_jprobe_return_end: \n"
527 " nop \n"::"b" (kcb->jprobe_saved_esp):"memory");
530 void arch_ujprobe_return(void)
535 * Called after single-stepping. p->addr is the address of the
536 * instruction whose first byte has been replaced by the "int 3"
537 * instruction. To avoid the SMP problems that can occur when we
538 * temporarily put back the original opcode to single-step, we
539 * single-stepped a copy of the instruction. The address of this
540 * copy is p->ainsn.insn.
542 * This function prepares to return from the post-single-step
543 * interrupt. We have to fix up the stack as follows:
545 * 0) Except in the case of absolute or indirect jump or call instructions,
546 * the new eip is relative to the copied instruction. We need to make
547 * it relative to the original instruction.
549 * 1) If the single-stepped instruction was pushfl, then the TF and IF
550 * flags are set in the just-pushed eflags, and may need to be cleared.
552 * 2) If the single-stepped instruction was a call, the return address
553 * that is atop the stack is the address following the copied instruction.
554 * We need to make it the address following the original instruction.
556 * This function also checks instruction size for preparing direct execution.
558 static void resume_execution (struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
561 unsigned long copy_eip = (unsigned long) p->ainsn.insn;
562 unsigned long orig_eip = (unsigned long) p->addr;
563 kprobe_opcode_t insns[2];
565 regs->EREG (flags) &= ~TF_MASK;
567 tos = stack_addr(regs);
568 insns[0] = p->ainsn.insn[0];
569 insns[1] = p->ainsn.insn[1];
573 case 0x9c: /* pushfl */
574 *tos &= ~(TF_MASK | IF_MASK);
575 *tos |= kcb->kprobe_old_eflags;
577 case 0xc2: /* iret/ret/lret */
582 case 0xea: /* jmp absolute -- eip is correct */
583 /* eip is already adjusted, no more changes required */
584 p->ainsn.boostable = 1;
586 case 0xe8: /* call relative - Fix return addr */
587 *tos = orig_eip + (*tos - copy_eip);
589 case 0x9a: /* call absolute -- same as call absolute, indirect */
590 *tos = orig_eip + (*tos - copy_eip);
593 if ((insns[1] & 0x30) == 0x10)
596 * call absolute, indirect
597 * Fix return addr; eip is correct.
598 * But this is not boostable
600 *tos = orig_eip + (*tos - copy_eip);
603 else if (((insns[1] & 0x31) == 0x20) || /* jmp near, absolute indirect */
604 ((insns[1] & 0x31) == 0x21))
605 { /* jmp far, absolute indirect */
606 /* eip is correct. And this is boostable */
607 p->ainsn.boostable = 1;
614 if (p->ainsn.boostable == 0)
616 if ((regs->EREG (ip) > copy_eip) && (regs->EREG (ip) - copy_eip) + 5 < MAX_INSN_SIZE)
619 * These instructions can be executed directly if it
620 * jumps back to correct address.
622 set_jmp_op((void *)regs->EREG(ip), (void *)orig_eip + (regs->EREG(ip) - copy_eip));
623 p->ainsn.boostable = 1;
627 p->ainsn.boostable = -1;
631 regs->EREG (ip) = orig_eip + (regs->EREG (ip) - copy_eip);
638 * Interrupts are disabled on entry as trap1 is an interrupt gate and they
639 * remain disabled thoroughout this function.
641 static int post_kprobe_handler (struct pt_regs *regs)
643 struct kprobe *cur = kprobe_running ();
644 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
648 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler)
650 kcb->kprobe_status = KPROBE_HIT_SSDONE;
651 cur->post_handler (cur, regs, 0);
654 resume_execution (cur, regs, kcb);
655 regs->EREG (flags) |= kcb->kprobe_saved_eflags;
657 trace_hardirqs_fixup_flags (regs->EREG (flags));
659 /*Restore back the original saved kprobes variables and continue. */
660 if (kcb->kprobe_status == KPROBE_REENTER)
662 restore_previous_kprobe (kcb);
665 reset_current_kprobe ();
667 preempt_enable_no_resched ();
670 * if somebody else is singlestepping across a probe point, eflags
671 * will have TF set, in which case, continue the remaining processing
672 * of do_debug, as if this is not a probe hit.
674 if (regs->EREG (flags) & TF_MASK)
680 int kprobe_fault_handler (struct pt_regs *regs, int trapnr)
682 struct kprobe *cur = kprobe_running ();
683 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
685 switch (kcb->kprobe_status)
690 * We are here because the instruction being single
691 * stepped caused a page fault. We reset the current
692 * kprobe and the eip points back to the probe address
693 * and allow the page fault handler to continue as a
696 regs->EREG (ip) = (unsigned long) cur->addr;
697 regs->EREG (flags) |= kcb->kprobe_old_eflags;
698 if (kcb->kprobe_status == KPROBE_REENTER)
699 restore_previous_kprobe (kcb);
701 reset_current_kprobe ();
702 preempt_enable_no_resched ();
704 case KPROBE_HIT_ACTIVE:
705 case KPROBE_HIT_SSDONE:
707 * We increment the nmissed count for accounting,
708 * we can also use npre/npostfault count for accouting
709 * these specific fault cases.
711 kprobes_inc_nmissed_count (cur);
714 * We come here because instructions in the pre/post
715 * handler caused the page_fault, this could happen
716 * if handler tries to access user space by
717 * copy_from_user(), get_user() etc. Let the
718 * user-specified handler try to fix it first.
720 if (cur->fault_handler && cur->fault_handler (cur, regs, trapnr))
724 * In case the user-specified fault handler returned
725 * zero, try to fix up.
727 if (fixup_exception (regs))
731 * fixup_exception() could not handle it,
732 * Let do_page_fault() fix it.
741 int kprobe_exceptions_notify (struct notifier_block *self, unsigned long val, void *data)
743 struct die_args *args = (struct die_args *) data;
744 int ret = NOTIFY_DONE;
746 DBPRINTF ("val = %ld, data = 0x%X", val, (unsigned int) data);
748 if (args->regs == NULL || user_mode_vm(args->regs))
751 DBPRINTF ("switch (val) %lu %d %d", val, DIE_INT3, DIE_TRAP);
754 #ifdef CONFIG_KPROBES
759 DBPRINTF ("before kprobe_handler ret=%d %p", ret, args->regs);
760 if (kprobe_handler (args->regs))
762 DBPRINTF ("after kprobe_handler ret=%d %p", ret, args->regs);
765 if (post_kprobe_handler (args->regs))
769 // kprobe_running() needs smp_processor_id()
771 if (kprobe_running () && kprobe_fault_handler (args->regs, args->trapnr))
778 DBPRINTF ("ret=%d", ret);
779 /* if(ret == NOTIFY_STOP) */
780 /* handled_exceptions++; */
785 static struct notifier_block kprobe_exceptions_nb = {
786 .notifier_call = kprobe_exceptions_notify,
790 int longjmp_break_handler (struct kprobe *p, struct pt_regs *regs)
792 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
793 u8 *addr = (u8 *) (regs->EREG (ip) - 1);
794 unsigned long stack_addr = (unsigned long) (kcb->jprobe_saved_esp);
795 struct jprobe *jp = container_of (p, struct jprobe, kp);
797 DBPRINTF ("p = %p\n", p);
799 if ((addr > (u8 *) dbi_jprobe_return) && (addr < (u8 *) dbi_jprobe_return_end))
801 if (stack_addr(regs) != kcb->jprobe_saved_esp) {
802 struct pt_regs *saved_regs = &kcb->jprobe_saved_regs;
803 printk("current esp %p does not match saved esp %p\n",
804 stack_addr(regs), kcb->jprobe_saved_esp);
805 printk ("Saved registers for jprobe %p\n", jp);
806 show_registers (saved_regs);
807 printk ("Current registers\n");
808 show_registers (regs);
812 *regs = kcb->jprobe_saved_regs;
813 memcpy ((kprobe_opcode_t *) stack_addr, kcb->jprobes_stack, MIN_STACK_SIZE (stack_addr));
814 preempt_enable_no_resched ();
821 void arch_arm_kprobe (struct kprobe *p)
823 text_poke (p->addr, ((unsigned char[])
824 {BREAKPOINT_INSTRUCTION}), 1);
827 void arch_disarm_kprobe (struct kprobe *p)
829 text_poke (p->addr, &p->opcode, 1);
832 static __used void *trampoline_probe_handler_x86(struct pt_regs *regs)
834 return (void *)trampoline_probe_handler(NULL, regs);
837 void arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs)
839 unsigned long *ptr_ret_addr = stack_addr(regs);
841 /* for __switch_to probe */
842 if ((unsigned long)ri->rp->kp.addr == sched_addr) {
844 ri->task = (struct task_struct *)regs->dx;
846 ri->sp = ptr_ret_addr;
849 /* Save the return address */
850 ri->ret_addr = (unsigned long *)*ptr_ret_addr;
852 /* Replace the return addr with trampoline addr */
853 *ptr_ret_addr = (unsigned long)&kretprobe_trampoline;
856 int arch_init_module_deps()
858 INIT_MOD_DEP_VAR(module_alloc, module_alloc);
859 INIT_MOD_DEP_VAR(module_free, module_free);
860 INIT_MOD_DEP_VAR(fixup_exception, fixup_exception);
861 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23)
862 # error this kernel version has no text_poke function which is necessaryf for x86 ach!!!
864 INIT_MOD_DEP_VAR(text_poke, text_poke);
866 INIT_MOD_DEP_VAR(show_registers, show_registers);
867 #if defined(CONFIG_PREEMPT) && defined(CONFIG_PM)
868 INIT_MOD_DEP_VAR(freeze_processes, freeze_processes);
869 INIT_MOD_DEP_VAR(thaw_processes, thaw_processes);
875 int arch_init_kprobes(void)
877 return register_die_notifier (&kprobe_exceptions_nb);
880 void arch_exit_kprobes(void)
882 unregister_die_notifier (&kprobe_exceptions_nb);