2 * Kernel Probes (KProbes)
3 * arch/x86/kernel/kprobes.c
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 * Copyright (C) IBM Corporation, 2002, 2004
23 * Dynamic Binary Instrumentation Module based on KProbes
24 * modules/kprobe/arch/asm-x86/swap_kprobes.c
26 * This program is free software; you can redistribute it and/or modify
27 * it under the terms of the GNU General Public License as published by
28 * the Free Software Foundation; either version 2 of the License, or
29 * (at your option) any later version.
31 * This program is distributed in the hope that it will be useful,
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
34 * GNU General Public License for more details.
36 * You should have received a copy of the GNU General Public License
37 * along with this program; if not, write to the Free Software
38 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
40 * Copyright (C) Samsung Electronics, 2006-2010
42 * 2008-2009 Alexey Gerenkov <a.gerenkov@samsung.com> User-Space
43 * Probes initial implementation; Support x86/ARM/MIPS for both user and kernel spaces.
44 * 2010 Ekaterina Gorelkina <e.gorelkina@samsung.com>: redesign module for separating core and arch parts
45 * 2012 Stanislav Andreev <s.andreev@samsung.com>: added time debug profiling support; BUG() message fix
48 #include<linux/module.h>
49 #include <linux/kdebug.h>
51 #include "swap_kprobes.h"
52 #include <kprobe/swap_kprobes.h>
54 #include <kprobe/swap_kdebug.h>
55 #include <kprobe/swap_slots.h>
56 #include <kprobe/swap_kprobes_deps.h>
57 #define SUPRESS_BUG_MESSAGES
59 extern struct kprobe * per_cpu__current_kprobe;
60 extern struct kprobe * per_cpu__current_kprobe;
61 extern struct kprobe * current_kprobe;
64 static int (*swap_fixup_exception)(struct pt_regs * regs);
65 static void *(*swap_text_poke)(void *addr, const void *opcode, size_t len);
66 static void (*swap_show_registers)(struct pt_regs * regs);
69 #define stack_addr(regs) ((unsigned long *)kernel_stack_pointer(regs))
72 * Function return probe trampoline:
73 * - init_kprobes() establishes a probepoint here
74 * - When the probed function returns, this probe
75 * causes the handlers to fire
77 static __used void kretprobe_trampoline_holder(void)
79 asm volatile(".global kretprobe_trampoline\n"
80 "kretprobe_trampoline:\n"
82 /* skip cs, ip, orig_ax and gs. */
95 " call trampoline_probe_handler_x86\n"
96 /* move eflags to cs */
97 " movl 56(%esp), %edx\n"
98 " movl %edx, 52(%esp)\n"
99 /* replace saved flags with true return address. */
100 " movl %eax, 56(%esp)\n"
108 /* skip ds, es, fs, gs, orig_ax, and ip. Note: don't pop cs here*/
114 void kretprobe_trampoline(void);
116 /* insert a jmp code */
117 static __always_inline void set_jmp_op (void *from, void *to)
123 } __attribute__ ((packed)) * jop;
124 jop = (struct __arch_jmp_op *) from;
125 jop->raddr = (long) (to) - ((long) (from) + 5);
126 jop->op = RELATIVEJUMP_INSTRUCTION;
130 * returns non-zero if opcodes can be boosted.
132 int can_boost(kprobe_opcode_t *opcodes)
134 #define W(row,b0,b1,b2,b3,b4,b5,b6,b7,b8,b9,ba,bb,bc,bd,be,bf) \
135 (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) | \
136 (b4##UL << 0x4)|(b5##UL << 0x5)|(b6##UL << 0x6)|(b7##UL << 0x7) | \
137 (b8##UL << 0x8)|(b9##UL << 0x9)|(ba##UL << 0xa)|(bb##UL << 0xb) | \
138 (bc##UL << 0xc)|(bd##UL << 0xd)|(be##UL << 0xe)|(bf##UL << 0xf)) \
141 * Undefined/reserved opcodes, conditional jump, Opcode Extension
142 * Groups, and some special opcodes can not be boost.
144 static const unsigned long twobyte_is_boostable[256 / 32] = {
145 /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
146 /* ------------------------------- */
147 W (0x00, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0) | /* 00 */
148 W (0x10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 10 */
149 W (0x20, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 20 */
150 W (0x30, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 30 */
151 W (0x40, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1) | /* 40 */
152 W (0x50, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), /* 50 */
153 W (0x60, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1) | /* 60 */
154 W (0x70, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1), /* 70 */
155 W (0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) | /* 80 */
156 W (0x90, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1), /* 90 */
157 W (0xa0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1) | /* a0 */
158 W (0xb0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1), /* b0 */
159 W (0xc0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1) | /* c0 */
160 W (0xd0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1), /* d0 */
161 W (0xe0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1) | /* e0 */
162 W (0xf0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0) /* f0 */
163 /* ------------------------------- */
164 /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */
167 kprobe_opcode_t opcode;
168 kprobe_opcode_t *orig_opcodes = opcodes;
170 if (opcodes - orig_opcodes > MAX_INSN_SIZE - 1)
172 opcode = *(opcodes++);
174 /* 2nd-byte opcode */
177 if (opcodes - orig_opcodes > MAX_INSN_SIZE - 1)
179 return test_bit (*opcodes, twobyte_is_boostable);
182 switch (opcode & 0xf0)
185 if (0x63 < opcode && opcode < 0x67)
186 goto retry; /* prefixes */
187 /* can't boost Address-size override and bound */
188 return (opcode != 0x62 && opcode != 0x67);
190 return 0; /* can't boost conditional jump */
192 /* can't boost software-interruptions */
193 return (0xc1 < opcode && opcode < 0xcc) || opcode == 0xcf;
195 /* can boost AA* and XLAT */
196 return (opcode == 0xd4 || opcode == 0xd5 || opcode == 0xd7);
198 /* can boost in/out and absolute jmps */
199 return ((opcode & 0x04) || opcode == 0xea);
201 if ((opcode & 0x0c) == 0 && opcode != 0xf1)
202 goto retry; /* lock/rep(ne) prefix */
203 /* clear and set flags can be boost */
204 return (opcode == 0xf5 || (0xf7 < opcode && opcode < 0xfe));
206 if (opcode == 0x26 || opcode == 0x36 || opcode == 0x3e)
207 goto retry; /* prefixes */
208 /* can't boost CS override and call */
209 return (opcode != 0x2e && opcode != 0x9a);
212 EXPORT_SYMBOL_GPL(can_boost);
215 * returns non-zero if opcode modifies the interrupt flag.
217 static int is_IF_modifier (kprobe_opcode_t opcode)
223 case 0xcf: /* iret/iretd */
224 case 0x9d: /* popf/popfd */
230 int arch_prepare_kprobe(struct kprobe *p, struct slot_manager *sm)
232 /* insn: must be on special executable page on i386. */
233 p->ainsn.insn = swap_slot_alloc(sm);
234 if (p->ainsn.insn == NULL)
237 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE);
239 p->opcode = *p->addr;
240 p->ainsn.boostable = can_boost(p->addr) ? 0 : -1;
245 void prepare_singlestep (struct kprobe *p, struct pt_regs *regs)
247 int cpu = smp_processor_id();
249 if (p->ss_addr[cpu]) {
250 regs->EREG(ip) = (unsigned long)p->ss_addr[cpu];
251 p->ss_addr[cpu] = NULL;
255 regs->EREG (flags) |= TF_MASK;
256 regs->EREG (flags) &= ~IF_MASK;
257 /*single step inline if the instruction is an int3 */
258 if (p->opcode == BREAKPOINT_INSTRUCTION){
259 regs->EREG (ip) = (unsigned long) p->addr;
260 //printk("break_insn!!!\n");
263 regs->EREG (ip) = (unsigned long) p->ainsn.insn;
266 EXPORT_SYMBOL_GPL(prepare_singlestep);
268 void save_previous_kprobe (struct kprobe_ctlblk *kcb, struct kprobe *cur_p)
270 if (kcb->prev_kprobe.kp != NULL)
272 panic("no space to save new probe[]: task = %d/%s, prev %p, current %p, new %p,",
273 current->pid, current->comm, kcb->prev_kprobe.kp->addr,
274 kprobe_running()->addr, cur_p->addr);
278 kcb->prev_kprobe.kp = kprobe_running();
279 kcb->prev_kprobe.status = kcb->kprobe_status;
283 void restore_previous_kprobe (struct kprobe_ctlblk *kcb)
285 __get_cpu_var (current_kprobe) = kcb->prev_kprobe.kp;
286 kcb->kprobe_status = kcb->prev_kprobe.status;
287 kcb->prev_kprobe.kp = NULL;
288 kcb->prev_kprobe.status = 0;
291 void set_current_kprobe (struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
293 __get_cpu_var (current_kprobe) = p;
294 DBPRINTF ("set_current_kprobe[]: p=%p addr=%p\n", p, p->addr);
295 kcb->kprobe_saved_eflags = kcb->kprobe_old_eflags = (regs->EREG (flags) & (TF_MASK | IF_MASK));
296 if (is_IF_modifier (p->opcode))
297 kcb->kprobe_saved_eflags &= ~IF_MASK;
300 int kprobe_handler (struct pt_regs *regs)
302 struct kprobe *p = 0;
303 int ret = 0, reenter = 0;
304 kprobe_opcode_t *addr = NULL;
305 struct kprobe_ctlblk *kcb;
306 #ifdef SUPRESS_BUG_MESSAGES
307 int swap_oops_in_progress;
310 /* We're in an interrupt, but this is clear and BUG()-safe. */
311 addr = (kprobe_opcode_t *) (regs->EREG (ip) - sizeof (kprobe_opcode_t));
312 DBPRINTF ("KPROBE: regs->eip = 0x%lx addr = 0x%p\n", regs->EREG (ip), addr);
313 #ifdef SUPRESS_BUG_MESSAGES
314 // oops_in_progress used to avoid BUG() messages that slow down kprobe_handler() execution
315 swap_oops_in_progress = oops_in_progress;
316 oops_in_progress = 1;
320 kcb = get_kprobe_ctlblk ();
322 /* Check we're not actually recursing */
323 if (kprobe_running()) {
324 p = get_kprobe(addr);
326 if (kcb->kprobe_status == KPROBE_HIT_SS && *p->ainsn.insn == BREAKPOINT_INSTRUCTION) {
327 regs->EREG(flags) &= ~TF_MASK;
328 regs->EREG(flags) |= kcb->kprobe_saved_eflags;
333 /* We have reentered the kprobe_handler(), since
334 * another probe was hit while within the handler.
335 * We here save the original kprobes variables and
336 * just single step on the instruction of the new probe
337 * without calling any user handlers.
339 save_previous_kprobe (kcb, p);
340 set_current_kprobe (p, regs, kcb);
341 kprobes_inc_nmissed_count (p);
342 prepare_singlestep (p, regs);
343 kcb->kprobe_status = KPROBE_REENTER;
344 // FIXME should we enable preemption here??...
345 //preempt_enable_no_resched ();
346 #ifdef SUPRESS_BUG_MESSAGES
347 oops_in_progress = swap_oops_in_progress;
351 if (*addr != BREAKPOINT_INSTRUCTION) {
352 /* The breakpoint instruction was removed by
353 * another cpu right after we hit, no further
354 * handling of this interrupt is appropriate
356 regs->EREG(ip) -= sizeof(kprobe_opcode_t);
361 p = __get_cpu_var(current_kprobe);
362 if (p->break_handler && p->break_handler(p, regs))
369 DBPRINTF ("get_kprobe %p", addr);
371 p = get_kprobe(addr);
374 if (*addr != BREAKPOINT_INSTRUCTION) {
376 * The breakpoint instruction was removed right
377 * after we hit it. Another cpu has removed
378 * either a probepoint or a debugger breakpoint
379 * at this address. In either case, no further
380 * handling of this interrupt is appropriate.
381 * Back up over the (now missing) int3 and run
382 * the original instruction.
384 regs->EREG(ip) -= sizeof(kprobe_opcode_t);
389 /* Not one of ours: let kernel handle it */
390 DBPRINTF ("no_kprobe");
395 set_current_kprobe (p, regs, kcb);
398 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
401 ret = p->pre_handler(p, regs);
405 if (ret == 2) { // we have alreadyc called the handler, so just single step the instruction
406 DBPRINTF ("p->pre_handler[] 2");
409 DBPRINTF ("p->pre_handler[] 1");
410 // FIXME should we enable preemption here??...
411 //preempt_enable_no_resched ();
412 #ifdef SUPRESS_BUG_MESSAGES
413 oops_in_progress = swap_oops_in_progress;
415 /* handler has already set things up, so skip ss setup */
416 prepare_singlestep(p, regs);
419 DBPRINTF ("p->pre_handler[] 0");
422 DBPRINTF ("p = %p\n", p);
423 DBPRINTF ("p->opcode = 0x%lx *p->addr = 0x%lx p->addr = 0x%p\n", (unsigned long) p->opcode, p->tgid ? 0 : (unsigned long) (*p->addr), p->addr);
425 #if !defined(CONFIG_PREEMPT) || defined(CONFIG_PM)
426 if (p->ainsn.boostable == 1 && !p->post_handler)
428 /* Boost up -- we can execute copied instructions directly */
429 reset_current_kprobe ();
430 regs->EREG (ip) = (unsigned long) p->ainsn.insn;
431 preempt_enable_no_resched ();
432 #ifdef SUPRESS_BUG_MESSAGES
433 oops_in_progress = swap_oops_in_progress;
437 #endif // !CONFIG_PREEMPT
438 prepare_singlestep (p, regs);
439 kcb->kprobe_status = KPROBE_HIT_SS;
440 // FIXME should we enable preemption here??...
441 //preempt_enable_no_resched ();
442 #ifdef SUPRESS_BUG_MESSAGES
443 oops_in_progress = swap_oops_in_progress;
449 preempt_enable_no_resched ();
450 #ifdef SUPRESS_BUG_MESSAGES
451 oops_in_progress = swap_oops_in_progress;
456 int setjmp_pre_handler (struct kprobe *p, struct pt_regs *regs)
458 struct jprobe *jp = container_of (p, struct jprobe, kp);
459 kprobe_pre_entry_handler_t pre_entry;
463 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
465 DBPRINTF ("setjmp_pre_handler %p:%d", p->addr, p->tgid);
466 pre_entry = (kprobe_pre_entry_handler_t) jp->pre_entry;
467 entry = (entry_point_t) jp->entry;
469 kcb->jprobe_saved_regs = *regs;
470 kcb->jprobe_saved_esp = stack_addr(regs);
471 addr = (unsigned long)(kcb->jprobe_saved_esp);
473 /* TBD: As Linus pointed out, gcc assumes that the callee
474 * owns the argument space and could overwrite it, e.g.
475 * tailcall optimization. So, to be absolutely safe
476 * we also save and restore enough stack bytes to cover
477 * the argument area. */
478 memcpy(kcb->jprobes_stack, (kprobe_opcode_t *)addr, MIN_STACK_SIZE (addr));
479 regs->EREG(flags) &= ~IF_MASK;
480 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 18)
481 trace_hardirqs_off();
484 p->ss_addr[smp_processor_id()] = (kprobe_opcode_t *)
485 pre_entry(jp->priv_arg, regs);
487 regs->EREG(ip) = (unsigned long)(jp->entry);
492 void swap_jprobe_return_end(void);
494 void swap_jprobe_return(void)
496 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
498 asm volatile(" xchgl %%ebx,%%esp \n"
500 " .globl swap_jprobe_return_end \n"
501 " swap_jprobe_return_end: \n"
502 " nop \n"::"b" (kcb->jprobe_saved_esp):"memory");
504 EXPORT_SYMBOL_GPL(swap_jprobe_return);
506 void arch_ujprobe_return(void)
511 * Called after single-stepping. p->addr is the address of the
512 * instruction whose first byte has been replaced by the "int 3"
513 * instruction. To avoid the SMP problems that can occur when we
514 * temporarily put back the original opcode to single-step, we
515 * single-stepped a copy of the instruction. The address of this
516 * copy is p->ainsn.insn.
518 * This function prepares to return from the post-single-step
519 * interrupt. We have to fix up the stack as follows:
521 * 0) Except in the case of absolute or indirect jump or call instructions,
522 * the new eip is relative to the copied instruction. We need to make
523 * it relative to the original instruction.
525 * 1) If the single-stepped instruction was pushfl, then the TF and IF
526 * flags are set in the just-pushed eflags, and may need to be cleared.
528 * 2) If the single-stepped instruction was a call, the return address
529 * that is atop the stack is the address following the copied instruction.
530 * We need to make it the address following the original instruction.
532 * This function also checks instruction size for preparing direct execution.
534 static void resume_execution (struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
537 unsigned long copy_eip = (unsigned long) p->ainsn.insn;
538 unsigned long orig_eip = (unsigned long) p->addr;
539 kprobe_opcode_t insns[2];
541 regs->EREG (flags) &= ~TF_MASK;
543 tos = stack_addr(regs);
544 insns[0] = p->ainsn.insn[0];
545 insns[1] = p->ainsn.insn[1];
549 case 0x9c: /* pushfl */
550 *tos &= ~(TF_MASK | IF_MASK);
551 *tos |= kcb->kprobe_old_eflags;
553 case 0xc2: /* iret/ret/lret */
558 case 0xea: /* jmp absolute -- eip is correct */
559 /* eip is already adjusted, no more changes required */
560 p->ainsn.boostable = 1;
562 case 0xe8: /* call relative - Fix return addr */
563 *tos = orig_eip + (*tos - copy_eip);
565 case 0x9a: /* call absolute -- same as call absolute, indirect */
566 *tos = orig_eip + (*tos - copy_eip);
569 if ((insns[1] & 0x30) == 0x10)
572 * call absolute, indirect
573 * Fix return addr; eip is correct.
574 * But this is not boostable
576 *tos = orig_eip + (*tos - copy_eip);
579 else if (((insns[1] & 0x31) == 0x20) || /* jmp near, absolute indirect */
580 ((insns[1] & 0x31) == 0x21))
581 { /* jmp far, absolute indirect */
582 /* eip is correct. And this is boostable */
583 p->ainsn.boostable = 1;
590 if (p->ainsn.boostable == 0)
592 if ((regs->EREG (ip) > copy_eip) && (regs->EREG (ip) - copy_eip) + 5 < MAX_INSN_SIZE)
595 * These instructions can be executed directly if it
596 * jumps back to correct address.
598 set_jmp_op((void *)regs->EREG(ip), (void *)orig_eip + (regs->EREG(ip) - copy_eip));
599 p->ainsn.boostable = 1;
603 p->ainsn.boostable = -1;
607 regs->EREG (ip) = orig_eip + (regs->EREG (ip) - copy_eip);
614 * Interrupts are disabled on entry as trap1 is an interrupt gate and they
615 * remain disabled thoroughout this function.
617 static int post_kprobe_handler (struct pt_regs *regs)
619 struct kprobe *cur = kprobe_running ();
620 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
624 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler)
626 kcb->kprobe_status = KPROBE_HIT_SSDONE;
627 cur->post_handler (cur, regs, 0);
630 resume_execution (cur, regs, kcb);
631 regs->EREG (flags) |= kcb->kprobe_saved_eflags;
633 trace_hardirqs_fixup_flags (regs->EREG (flags));
635 /*Restore back the original saved kprobes variables and continue. */
636 if (kcb->kprobe_status == KPROBE_REENTER)
638 restore_previous_kprobe (kcb);
641 reset_current_kprobe ();
643 preempt_enable_no_resched ();
646 * if somebody else is singlestepping across a probe point, eflags
647 * will have TF set, in which case, continue the remaining processing
648 * of do_debug, as if this is not a probe hit.
650 if (regs->EREG (flags) & TF_MASK)
656 int kprobe_fault_handler (struct pt_regs *regs, int trapnr)
658 struct kprobe *cur = kprobe_running ();
659 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
661 switch (kcb->kprobe_status)
666 * We are here because the instruction being single
667 * stepped caused a page fault. We reset the current
668 * kprobe and the eip points back to the probe address
669 * and allow the page fault handler to continue as a
672 regs->EREG (ip) = (unsigned long) cur->addr;
673 regs->EREG (flags) |= kcb->kprobe_old_eflags;
674 if (kcb->kprobe_status == KPROBE_REENTER)
675 restore_previous_kprobe (kcb);
677 reset_current_kprobe ();
678 preempt_enable_no_resched ();
680 case KPROBE_HIT_ACTIVE:
681 case KPROBE_HIT_SSDONE:
683 * We increment the nmissed count for accounting,
684 * we can also use npre/npostfault count for accouting
685 * these specific fault cases.
687 kprobes_inc_nmissed_count (cur);
690 * We come here because instructions in the pre/post
691 * handler caused the page_fault, this could happen
692 * if handler tries to access user space by
693 * copy_from_user(), get_user() etc. Let the
694 * user-specified handler try to fix it first.
696 if (cur->fault_handler && cur->fault_handler (cur, regs, trapnr))
700 * In case the user-specified fault handler returned
701 * zero, try to fix up.
703 if (swap_fixup_exception(regs))
707 * fixup_exception() could not handle it,
708 * Let do_page_fault() fix it.
717 int kprobe_exceptions_notify (struct notifier_block *self, unsigned long val, void *data)
719 struct die_args *args = (struct die_args *) data;
720 int ret = NOTIFY_DONE;
722 DBPRINTF ("val = %ld, data = 0x%X", val, (unsigned int) data);
724 if (args->regs == NULL || user_mode_vm(args->regs))
727 DBPRINTF ("switch (val) %lu %d %d", val, DIE_INT3, DIE_TRAP);
730 #ifdef CONFIG_KPROBES
735 DBPRINTF ("before kprobe_handler ret=%d %p", ret, args->regs);
736 if (kprobe_handler (args->regs))
738 DBPRINTF ("after kprobe_handler ret=%d %p", ret, args->regs);
741 if (post_kprobe_handler (args->regs))
745 // kprobe_running() needs smp_processor_id()
747 if (kprobe_running () && kprobe_fault_handler (args->regs, args->trapnr))
754 DBPRINTF ("ret=%d", ret);
755 /* if(ret == NOTIFY_STOP) */
756 /* handled_exceptions++; */
761 static struct notifier_block kprobe_exceptions_nb = {
762 .notifier_call = kprobe_exceptions_notify,
766 int longjmp_break_handler (struct kprobe *p, struct pt_regs *regs)
768 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk ();
769 u8 *addr = (u8 *) (regs->EREG (ip) - 1);
770 unsigned long stack_addr = (unsigned long) (kcb->jprobe_saved_esp);
771 struct jprobe *jp = container_of (p, struct jprobe, kp);
773 DBPRINTF ("p = %p\n", p);
775 if ((addr > (u8 *)swap_jprobe_return) &&
776 (addr < (u8 *)swap_jprobe_return_end)) {
777 if (stack_addr(regs) != kcb->jprobe_saved_esp) {
778 struct pt_regs *saved_regs = &kcb->jprobe_saved_regs;
779 printk("current esp %p does not match saved esp %p\n",
780 stack_addr(regs), kcb->jprobe_saved_esp);
781 printk ("Saved registers for jprobe %p\n", jp);
782 swap_show_registers(saved_regs);
783 printk ("Current registers\n");
784 swap_show_registers(regs);
788 *regs = kcb->jprobe_saved_regs;
789 memcpy ((kprobe_opcode_t *) stack_addr, kcb->jprobes_stack, MIN_STACK_SIZE (stack_addr));
790 preempt_enable_no_resched ();
797 void arch_arm_kprobe (struct kprobe *p)
799 swap_text_poke(p->addr,
800 ((unsigned char[]){BREAKPOINT_INSTRUCTION}), 1);
803 void arch_disarm_kprobe (struct kprobe *p)
805 swap_text_poke(p->addr, &p->opcode, 1);
808 static __used void *trampoline_probe_handler_x86(struct pt_regs *regs)
810 return (void *)trampoline_probe_handler(NULL, regs);
813 void arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs)
815 unsigned long *ptr_ret_addr = stack_addr(regs);
817 /* for __switch_to probe */
818 if ((unsigned long)ri->rp->kp.addr == sched_addr) {
820 ri->task = (struct task_struct *)regs->dx;
822 ri->sp = ptr_ret_addr;
825 /* Save the return address */
826 ri->ret_addr = (unsigned long *)*ptr_ret_addr;
828 /* Replace the return addr with trampoline addr */
829 *ptr_ret_addr = (unsigned long)&kretprobe_trampoline;
832 int arch_init_module_deps()
836 sym = "fixup_exception";
837 swap_fixup_exception = (void *)swap_ksyms(sym);
838 if (swap_fixup_exception == NULL)
842 swap_text_poke = (void *)swap_ksyms(sym);
843 if (swap_text_poke == NULL)
846 sym = "show_registers";
847 swap_show_registers = (void *)swap_ksyms(sym);
848 if (swap_show_registers == NULL)
854 printk("ERROR: symbol %s(...) not found\n", sym);
858 int arch_init_kprobes(void)
860 return register_die_notifier (&kprobe_exceptions_nb);
863 void arch_exit_kprobes(void)
865 unregister_die_notifier (&kprobe_exceptions_nb);