2 * Kernel Probes (KProbes)
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 * Copyright (C) IBM Corporation, 2002, 2004
21 * 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel
22 * Probes initial implementation (includes suggestions from
24 * 2004-Aug Updated by Prasanna S Panchamukhi <prasanna@in.ibm.com> with
25 * hlists and exceptions notifier as suggested by Andi Kleen.
26 * 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
27 * interface to access function arguments.
28 * 2004-Sep Prasanna S Panchamukhi <prasanna@in.ibm.com> Changed Kprobes
29 * exceptions notifier to be first on the priority list.
30 * 2005-May Hien Nguyen <hien@us.ibm.com>, Jim Keniston
31 * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
32 * <prasanna@in.ibm.com> added function-return probes.
34 #include <linux/kprobes.h>
35 #include <linux/hash.h>
36 #include <linux/init.h>
37 #include <linux/slab.h>
38 #include <linux/stddef.h>
39 #include <linux/export.h>
40 #include <linux/moduleloader.h>
41 #include <linux/kallsyms.h>
42 #include <linux/freezer.h>
43 #include <linux/seq_file.h>
44 #include <linux/debugfs.h>
45 #include <linux/sysctl.h>
46 #include <linux/kdebug.h>
47 #include <linux/memory.h>
48 #include <linux/ftrace.h>
49 #include <linux/cpu.h>
50 #include <linux/jump_label.h>
52 #include <asm-generic/sections.h>
53 #include <asm/cacheflush.h>
54 #include <asm/errno.h>
55 #include <asm/uaccess.h>
57 #define KPROBE_HASH_BITS 6
58 #define KPROBE_TABLE_SIZE (1 << KPROBE_HASH_BITS)
62 * Some oddball architectures like 64bit powerpc have function descriptors
63 * so this must be overridable.
65 #ifndef kprobe_lookup_name
66 #define kprobe_lookup_name(name, addr) \
67 addr = ((kprobe_opcode_t *)(kallsyms_lookup_name(name)))
70 static int kprobes_initialized;
71 static struct hlist_head kprobe_table[KPROBE_TABLE_SIZE];
72 static struct hlist_head kretprobe_inst_table[KPROBE_TABLE_SIZE];
74 /* NOTE: change this value only with kprobe_mutex held */
75 static bool kprobes_all_disarmed;
77 /* This protects kprobe_table and optimizing_list */
78 static DEFINE_MUTEX(kprobe_mutex);
79 static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL;
81 raw_spinlock_t lock ____cacheline_aligned_in_smp;
82 } kretprobe_table_locks[KPROBE_TABLE_SIZE];
84 static raw_spinlock_t *kretprobe_table_lock_ptr(unsigned long hash)
86 return &(kretprobe_table_locks[hash].lock);
89 /* Blacklist -- list of struct kprobe_blacklist_entry */
90 static LIST_HEAD(kprobe_blacklist);
92 #ifdef __ARCH_WANT_KPROBES_INSN_SLOT
94 * kprobe->ainsn.insn points to the copy of the instruction to be
95 * single-stepped. x86_64, POWER4 and above have no-exec support and
96 * stepping on the instruction on a vmalloced/kmalloced/data page
97 * is a recipe for disaster
99 struct kprobe_insn_page {
100 struct list_head list;
101 kprobe_opcode_t *insns; /* Page of instruction slots */
102 struct kprobe_insn_cache *cache;
108 #define KPROBE_INSN_PAGE_SIZE(slots) \
109 (offsetof(struct kprobe_insn_page, slot_used) + \
110 (sizeof(char) * (slots)))
112 static int slots_per_page(struct kprobe_insn_cache *c)
114 return PAGE_SIZE/(c->insn_size * sizeof(kprobe_opcode_t));
117 enum kprobe_slot_state {
123 static void *alloc_insn_page(void)
125 return module_alloc(PAGE_SIZE);
128 void __weak free_insn_page(void *page)
130 module_memfree(page);
133 struct kprobe_insn_cache kprobe_insn_slots = {
134 .mutex = __MUTEX_INITIALIZER(kprobe_insn_slots.mutex),
135 .alloc = alloc_insn_page,
136 .free = free_insn_page,
137 .pages = LIST_HEAD_INIT(kprobe_insn_slots.pages),
138 .insn_size = MAX_INSN_SIZE,
141 static int collect_garbage_slots(struct kprobe_insn_cache *c);
144 * __get_insn_slot() - Find a slot on an executable page for an instruction.
145 * We allocate an executable page if there's no room on existing ones.
147 kprobe_opcode_t *__get_insn_slot(struct kprobe_insn_cache *c)
149 struct kprobe_insn_page *kip;
150 kprobe_opcode_t *slot = NULL;
152 mutex_lock(&c->mutex);
154 list_for_each_entry(kip, &c->pages, list) {
155 if (kip->nused < slots_per_page(c)) {
157 for (i = 0; i < slots_per_page(c); i++) {
158 if (kip->slot_used[i] == SLOT_CLEAN) {
159 kip->slot_used[i] = SLOT_USED;
161 slot = kip->insns + (i * c->insn_size);
165 /* kip->nused is broken. Fix it. */
166 kip->nused = slots_per_page(c);
171 /* If there are any garbage slots, collect it and try again. */
172 if (c->nr_garbage && collect_garbage_slots(c) == 0)
175 /* All out of space. Need to allocate a new page. */
176 kip = kmalloc(KPROBE_INSN_PAGE_SIZE(slots_per_page(c)), GFP_KERNEL);
181 * Use module_alloc so this page is within +/- 2GB of where the
182 * kernel image and loaded module images reside. This is required
183 * so x86_64 can correctly handle the %rip-relative fixups.
185 kip->insns = c->alloc();
190 INIT_LIST_HEAD(&kip->list);
191 memset(kip->slot_used, SLOT_CLEAN, slots_per_page(c));
192 kip->slot_used[0] = SLOT_USED;
196 list_add(&kip->list, &c->pages);
199 mutex_unlock(&c->mutex);
203 /* Return 1 if all garbages are collected, otherwise 0. */
204 static int collect_one_slot(struct kprobe_insn_page *kip, int idx)
206 kip->slot_used[idx] = SLOT_CLEAN;
208 if (kip->nused == 0) {
210 * Page is no longer in use. Free it unless
211 * it's the last one. We keep the last one
212 * so as not to have to set it up again the
213 * next time somebody inserts a probe.
215 if (!list_is_singular(&kip->list)) {
216 list_del(&kip->list);
217 kip->cache->free(kip->insns);
225 static int collect_garbage_slots(struct kprobe_insn_cache *c)
227 struct kprobe_insn_page *kip, *next;
229 /* Ensure no-one is interrupted on the garbages */
232 list_for_each_entry_safe(kip, next, &c->pages, list) {
234 if (kip->ngarbage == 0)
236 kip->ngarbage = 0; /* we will collect all garbages */
237 for (i = 0; i < slots_per_page(c); i++) {
238 if (kip->slot_used[i] == SLOT_DIRTY &&
239 collect_one_slot(kip, i))
247 void __free_insn_slot(struct kprobe_insn_cache *c,
248 kprobe_opcode_t *slot, int dirty)
250 struct kprobe_insn_page *kip;
252 mutex_lock(&c->mutex);
253 list_for_each_entry(kip, &c->pages, list) {
254 long idx = ((long)slot - (long)kip->insns) /
255 (c->insn_size * sizeof(kprobe_opcode_t));
256 if (idx >= 0 && idx < slots_per_page(c)) {
257 WARN_ON(kip->slot_used[idx] != SLOT_USED);
259 kip->slot_used[idx] = SLOT_DIRTY;
261 if (++c->nr_garbage > slots_per_page(c))
262 collect_garbage_slots(c);
264 collect_one_slot(kip, idx);
268 /* Could not free this slot. */
271 mutex_unlock(&c->mutex);
274 #ifdef CONFIG_OPTPROBES
275 /* For optimized_kprobe buffer */
276 struct kprobe_insn_cache kprobe_optinsn_slots = {
277 .mutex = __MUTEX_INITIALIZER(kprobe_optinsn_slots.mutex),
278 .alloc = alloc_insn_page,
279 .free = free_insn_page,
280 .pages = LIST_HEAD_INIT(kprobe_optinsn_slots.pages),
281 /* .insn_size is initialized later */
287 /* We have preemption disabled.. so it is safe to use __ versions */
288 static inline void set_kprobe_instance(struct kprobe *kp)
290 __this_cpu_write(kprobe_instance, kp);
293 static inline void reset_kprobe_instance(void)
295 __this_cpu_write(kprobe_instance, NULL);
299 * This routine is called either:
300 * - under the kprobe_mutex - during kprobe_[un]register()
302 * - with preemption disabled - from arch/xxx/kernel/kprobes.c
304 struct kprobe *get_kprobe(void *addr)
306 struct hlist_head *head;
309 head = &kprobe_table[hash_ptr(addr, KPROBE_HASH_BITS)];
310 hlist_for_each_entry_rcu(p, head, hlist) {
317 NOKPROBE_SYMBOL(get_kprobe);
319 static int aggr_pre_handler(struct kprobe *p, struct pt_regs *regs);
321 /* Return true if the kprobe is an aggregator */
322 static inline int kprobe_aggrprobe(struct kprobe *p)
324 return p->pre_handler == aggr_pre_handler;
327 /* Return true(!0) if the kprobe is unused */
328 static inline int kprobe_unused(struct kprobe *p)
330 return kprobe_aggrprobe(p) && kprobe_disabled(p) &&
331 list_empty(&p->list);
335 * Keep all fields in the kprobe consistent
337 static inline void copy_kprobe(struct kprobe *ap, struct kprobe *p)
339 memcpy(&p->opcode, &ap->opcode, sizeof(kprobe_opcode_t));
340 memcpy(&p->ainsn, &ap->ainsn, sizeof(struct arch_specific_insn));
343 #ifdef CONFIG_OPTPROBES
344 /* NOTE: change this value only with kprobe_mutex held */
345 static bool kprobes_allow_optimization;
348 * Call all pre_handler on the list, but ignores its return value.
349 * This must be called from arch-dep optimized caller.
351 void opt_pre_handler(struct kprobe *p, struct pt_regs *regs)
355 list_for_each_entry_rcu(kp, &p->list, list) {
356 if (kp->pre_handler && likely(!kprobe_disabled(kp))) {
357 set_kprobe_instance(kp);
358 kp->pre_handler(kp, regs);
360 reset_kprobe_instance();
363 NOKPROBE_SYMBOL(opt_pre_handler);
365 /* Free optimized instructions and optimized_kprobe */
366 static void free_aggr_kprobe(struct kprobe *p)
368 struct optimized_kprobe *op;
370 op = container_of(p, struct optimized_kprobe, kp);
371 arch_remove_optimized_kprobe(op);
372 arch_remove_kprobe(p);
376 /* Return true(!0) if the kprobe is ready for optimization. */
377 static inline int kprobe_optready(struct kprobe *p)
379 struct optimized_kprobe *op;
381 if (kprobe_aggrprobe(p)) {
382 op = container_of(p, struct optimized_kprobe, kp);
383 return arch_prepared_optinsn(&op->optinsn);
389 /* Return true(!0) if the kprobe is disarmed. Note: p must be on hash list */
390 static inline int kprobe_disarmed(struct kprobe *p)
392 struct optimized_kprobe *op;
394 /* If kprobe is not aggr/opt probe, just return kprobe is disabled */
395 if (!kprobe_aggrprobe(p))
396 return kprobe_disabled(p);
398 op = container_of(p, struct optimized_kprobe, kp);
400 return kprobe_disabled(p) && list_empty(&op->list);
403 /* Return true(!0) if the probe is queued on (un)optimizing lists */
404 static int kprobe_queued(struct kprobe *p)
406 struct optimized_kprobe *op;
408 if (kprobe_aggrprobe(p)) {
409 op = container_of(p, struct optimized_kprobe, kp);
410 if (!list_empty(&op->list))
417 * Return an optimized kprobe whose optimizing code replaces
418 * instructions including addr (exclude breakpoint).
420 static struct kprobe *get_optimized_kprobe(unsigned long addr)
423 struct kprobe *p = NULL;
424 struct optimized_kprobe *op;
426 /* Don't check i == 0, since that is a breakpoint case. */
427 for (i = 1; !p && i < MAX_OPTIMIZED_LENGTH; i++)
428 p = get_kprobe((void *)(addr - i));
430 if (p && kprobe_optready(p)) {
431 op = container_of(p, struct optimized_kprobe, kp);
432 if (arch_within_optimized_kprobe(op, addr))
439 /* Optimization staging list, protected by kprobe_mutex */
440 static LIST_HEAD(optimizing_list);
441 static LIST_HEAD(unoptimizing_list);
442 static LIST_HEAD(freeing_list);
444 static void kprobe_optimizer(struct work_struct *work);
445 static DECLARE_DELAYED_WORK(optimizing_work, kprobe_optimizer);
446 #define OPTIMIZE_DELAY 5
449 * Optimize (replace a breakpoint with a jump) kprobes listed on
452 static void do_optimize_kprobes(void)
454 /* Optimization never be done when disarmed */
455 if (kprobes_all_disarmed || !kprobes_allow_optimization ||
456 list_empty(&optimizing_list))
460 * The optimization/unoptimization refers online_cpus via
461 * stop_machine() and cpu-hotplug modifies online_cpus.
462 * And same time, text_mutex will be held in cpu-hotplug and here.
463 * This combination can cause a deadlock (cpu-hotplug try to lock
464 * text_mutex but stop_machine can not be done because online_cpus
466 * To avoid this deadlock, we need to call get_online_cpus()
467 * for preventing cpu-hotplug outside of text_mutex locking.
470 mutex_lock(&text_mutex);
471 arch_optimize_kprobes(&optimizing_list);
472 mutex_unlock(&text_mutex);
477 * Unoptimize (replace a jump with a breakpoint and remove the breakpoint
478 * if need) kprobes listed on unoptimizing_list.
480 static void do_unoptimize_kprobes(void)
482 struct optimized_kprobe *op, *tmp;
484 /* Unoptimization must be done anytime */
485 if (list_empty(&unoptimizing_list))
488 /* Ditto to do_optimize_kprobes */
490 mutex_lock(&text_mutex);
491 arch_unoptimize_kprobes(&unoptimizing_list, &freeing_list);
492 /* Loop free_list for disarming */
493 list_for_each_entry_safe(op, tmp, &freeing_list, list) {
494 /* Disarm probes if marked disabled */
495 if (kprobe_disabled(&op->kp))
496 arch_disarm_kprobe(&op->kp);
497 if (kprobe_unused(&op->kp)) {
499 * Remove unused probes from hash list. After waiting
500 * for synchronization, these probes are reclaimed.
501 * (reclaiming is done by do_free_cleaned_kprobes.)
503 hlist_del_rcu(&op->kp.hlist);
505 list_del_init(&op->list);
507 mutex_unlock(&text_mutex);
511 /* Reclaim all kprobes on the free_list */
512 static void do_free_cleaned_kprobes(void)
514 struct optimized_kprobe *op, *tmp;
516 list_for_each_entry_safe(op, tmp, &freeing_list, list) {
517 list_del_init(&op->list);
518 if (WARN_ON_ONCE(!kprobe_unused(&op->kp))) {
520 * This must not happen, but if there is a kprobe
521 * still in use, keep it on kprobes hash list.
525 free_aggr_kprobe(&op->kp);
529 /* Start optimizer after OPTIMIZE_DELAY passed */
530 static void kick_kprobe_optimizer(void)
532 schedule_delayed_work(&optimizing_work, OPTIMIZE_DELAY);
535 /* Kprobe jump optimizer */
536 static void kprobe_optimizer(struct work_struct *work)
538 mutex_lock(&kprobe_mutex);
539 /* Lock modules while optimizing kprobes */
540 mutex_lock(&module_mutex);
543 * Step 1: Unoptimize kprobes and collect cleaned (unused and disarmed)
544 * kprobes before waiting for quiesence period.
546 do_unoptimize_kprobes();
549 * Step 2: Wait for quiesence period to ensure all running interrupts
550 * are done. Because optprobe may modify multiple instructions
551 * there is a chance that Nth instruction is interrupted. In that
552 * case, running interrupt can return to 2nd-Nth byte of jump
553 * instruction. This wait is for avoiding it.
557 /* Step 3: Optimize kprobes after quiesence period */
558 do_optimize_kprobes();
560 /* Step 4: Free cleaned kprobes after quiesence period */
561 do_free_cleaned_kprobes();
563 mutex_unlock(&module_mutex);
564 mutex_unlock(&kprobe_mutex);
566 /* Step 5: Kick optimizer again if needed */
567 if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list))
568 kick_kprobe_optimizer();
571 /* Wait for completing optimization and unoptimization */
572 void wait_for_kprobe_optimizer(void)
574 mutex_lock(&kprobe_mutex);
576 while (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) {
577 mutex_unlock(&kprobe_mutex);
579 /* this will also make optimizing_work execute immmediately */
580 flush_delayed_work(&optimizing_work);
581 /* @optimizing_work might not have been queued yet, relax */
584 mutex_lock(&kprobe_mutex);
587 mutex_unlock(&kprobe_mutex);
590 /* Optimize kprobe if p is ready to be optimized */
591 static void optimize_kprobe(struct kprobe *p)
593 struct optimized_kprobe *op;
595 /* Check if the kprobe is disabled or not ready for optimization. */
596 if (!kprobe_optready(p) || !kprobes_allow_optimization ||
597 (kprobe_disabled(p) || kprobes_all_disarmed))
600 /* Both of break_handler and post_handler are not supported. */
601 if (p->break_handler || p->post_handler)
604 op = container_of(p, struct optimized_kprobe, kp);
606 /* Check there is no other kprobes at the optimized instructions */
607 if (arch_check_optimized_kprobe(op) < 0)
610 /* Check if it is already optimized. */
611 if (op->kp.flags & KPROBE_FLAG_OPTIMIZED)
613 op->kp.flags |= KPROBE_FLAG_OPTIMIZED;
615 if (!list_empty(&op->list))
616 /* This is under unoptimizing. Just dequeue the probe */
617 list_del_init(&op->list);
619 list_add(&op->list, &optimizing_list);
620 kick_kprobe_optimizer();
624 /* Short cut to direct unoptimizing */
625 static void force_unoptimize_kprobe(struct optimized_kprobe *op)
628 arch_unoptimize_kprobe(op);
630 if (kprobe_disabled(&op->kp))
631 arch_disarm_kprobe(&op->kp);
634 /* Unoptimize a kprobe if p is optimized */
635 static void unoptimize_kprobe(struct kprobe *p, bool force)
637 struct optimized_kprobe *op;
639 if (!kprobe_aggrprobe(p) || kprobe_disarmed(p))
640 return; /* This is not an optprobe nor optimized */
642 op = container_of(p, struct optimized_kprobe, kp);
643 if (!kprobe_optimized(p)) {
644 /* Unoptimized or unoptimizing case */
645 if (force && !list_empty(&op->list)) {
647 * Only if this is unoptimizing kprobe and forced,
648 * forcibly unoptimize it. (No need to unoptimize
649 * unoptimized kprobe again :)
651 list_del_init(&op->list);
652 force_unoptimize_kprobe(op);
657 op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
658 if (!list_empty(&op->list)) {
659 /* Dequeue from the optimization queue */
660 list_del_init(&op->list);
663 /* Optimized kprobe case */
665 /* Forcibly update the code: this is a special case */
666 force_unoptimize_kprobe(op);
668 list_add(&op->list, &unoptimizing_list);
669 kick_kprobe_optimizer();
673 /* Cancel unoptimizing for reusing */
674 static int reuse_unused_kprobe(struct kprobe *ap)
676 struct optimized_kprobe *op;
678 BUG_ON(!kprobe_unused(ap));
680 * Unused kprobe MUST be on the way of delayed unoptimizing (means
681 * there is still a relative jump) and disabled.
683 op = container_of(ap, struct optimized_kprobe, kp);
684 if (unlikely(list_empty(&op->list)))
685 printk(KERN_WARNING "Warning: found a stray unused "
686 "aggrprobe@%p\n", ap->addr);
687 /* Enable the probe again */
688 ap->flags &= ~KPROBE_FLAG_DISABLED;
689 /* Optimize it again (remove from op->list) */
690 if (!kprobe_optready(ap))
697 /* Remove optimized instructions */
698 static void kill_optimized_kprobe(struct kprobe *p)
700 struct optimized_kprobe *op;
702 op = container_of(p, struct optimized_kprobe, kp);
703 if (!list_empty(&op->list))
704 /* Dequeue from the (un)optimization queue */
705 list_del_init(&op->list);
706 op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED;
708 if (kprobe_unused(p)) {
709 /* Enqueue if it is unused */
710 list_add(&op->list, &freeing_list);
712 * Remove unused probes from the hash list. After waiting
713 * for synchronization, this probe is reclaimed.
714 * (reclaiming is done by do_free_cleaned_kprobes().)
716 hlist_del_rcu(&op->kp.hlist);
719 /* Don't touch the code, because it is already freed. */
720 arch_remove_optimized_kprobe(op);
723 /* Try to prepare optimized instructions */
724 static void prepare_optimized_kprobe(struct kprobe *p)
726 struct optimized_kprobe *op;
728 op = container_of(p, struct optimized_kprobe, kp);
729 arch_prepare_optimized_kprobe(op, p);
732 /* Allocate new optimized_kprobe and try to prepare optimized instructions */
733 static struct kprobe *alloc_aggr_kprobe(struct kprobe *p)
735 struct optimized_kprobe *op;
737 op = kzalloc(sizeof(struct optimized_kprobe), GFP_KERNEL);
741 INIT_LIST_HEAD(&op->list);
742 op->kp.addr = p->addr;
743 arch_prepare_optimized_kprobe(op, p);
748 static void init_aggr_kprobe(struct kprobe *ap, struct kprobe *p);
751 * Prepare an optimized_kprobe and optimize it
752 * NOTE: p must be a normal registered kprobe
754 static void try_to_optimize_kprobe(struct kprobe *p)
757 struct optimized_kprobe *op;
759 /* Impossible to optimize ftrace-based kprobe */
760 if (kprobe_ftrace(p))
763 /* For preparing optimization, jump_label_text_reserved() is called */
765 mutex_lock(&text_mutex);
767 ap = alloc_aggr_kprobe(p);
771 op = container_of(ap, struct optimized_kprobe, kp);
772 if (!arch_prepared_optinsn(&op->optinsn)) {
773 /* If failed to setup optimizing, fallback to kprobe */
774 arch_remove_optimized_kprobe(op);
779 init_aggr_kprobe(ap, p);
780 optimize_kprobe(ap); /* This just kicks optimizer thread */
783 mutex_unlock(&text_mutex);
788 static void optimize_all_kprobes(void)
790 struct hlist_head *head;
794 mutex_lock(&kprobe_mutex);
795 /* If optimization is already allowed, just return */
796 if (kprobes_allow_optimization)
799 kprobes_allow_optimization = true;
800 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
801 head = &kprobe_table[i];
802 hlist_for_each_entry_rcu(p, head, hlist)
803 if (!kprobe_disabled(p))
806 printk(KERN_INFO "Kprobes globally optimized\n");
808 mutex_unlock(&kprobe_mutex);
811 static void unoptimize_all_kprobes(void)
813 struct hlist_head *head;
817 mutex_lock(&kprobe_mutex);
818 /* If optimization is already prohibited, just return */
819 if (!kprobes_allow_optimization) {
820 mutex_unlock(&kprobe_mutex);
824 kprobes_allow_optimization = false;
825 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
826 head = &kprobe_table[i];
827 hlist_for_each_entry_rcu(p, head, hlist) {
828 if (!kprobe_disabled(p))
829 unoptimize_kprobe(p, false);
832 mutex_unlock(&kprobe_mutex);
834 /* Wait for unoptimizing completion */
835 wait_for_kprobe_optimizer();
836 printk(KERN_INFO "Kprobes globally unoptimized\n");
839 static DEFINE_MUTEX(kprobe_sysctl_mutex);
840 int sysctl_kprobes_optimization;
841 int proc_kprobes_optimization_handler(struct ctl_table *table, int write,
842 void __user *buffer, size_t *length,
847 mutex_lock(&kprobe_sysctl_mutex);
848 sysctl_kprobes_optimization = kprobes_allow_optimization ? 1 : 0;
849 ret = proc_dointvec_minmax(table, write, buffer, length, ppos);
851 if (sysctl_kprobes_optimization)
852 optimize_all_kprobes();
854 unoptimize_all_kprobes();
855 mutex_unlock(&kprobe_sysctl_mutex);
859 #endif /* CONFIG_SYSCTL */
861 /* Put a breakpoint for a probe. Must be called with text_mutex locked */
862 static void __arm_kprobe(struct kprobe *p)
866 /* Check collision with other optimized kprobes */
867 _p = get_optimized_kprobe((unsigned long)p->addr);
869 /* Fallback to unoptimized kprobe */
870 unoptimize_kprobe(_p, true);
873 optimize_kprobe(p); /* Try to optimize (add kprobe to a list) */
876 /* Remove the breakpoint of a probe. Must be called with text_mutex locked */
877 static void __disarm_kprobe(struct kprobe *p, bool reopt)
881 /* Try to unoptimize */
882 unoptimize_kprobe(p, kprobes_all_disarmed);
884 if (!kprobe_queued(p)) {
885 arch_disarm_kprobe(p);
886 /* If another kprobe was blocked, optimize it. */
887 _p = get_optimized_kprobe((unsigned long)p->addr);
888 if (unlikely(_p) && reopt)
891 /* TODO: reoptimize others after unoptimized this probe */
894 #else /* !CONFIG_OPTPROBES */
896 #define optimize_kprobe(p) do {} while (0)
897 #define unoptimize_kprobe(p, f) do {} while (0)
898 #define kill_optimized_kprobe(p) do {} while (0)
899 #define prepare_optimized_kprobe(p) do {} while (0)
900 #define try_to_optimize_kprobe(p) do {} while (0)
901 #define __arm_kprobe(p) arch_arm_kprobe(p)
902 #define __disarm_kprobe(p, o) arch_disarm_kprobe(p)
903 #define kprobe_disarmed(p) kprobe_disabled(p)
904 #define wait_for_kprobe_optimizer() do {} while (0)
906 static int reuse_unused_kprobe(struct kprobe *ap)
909 * If the optimized kprobe is NOT supported, the aggr kprobe is
910 * released at the same time that the last aggregated kprobe is
912 * Thus there should be no chance to reuse unused kprobe.
914 printk(KERN_ERR "Error: There should be no unused kprobe here.\n");
918 static void free_aggr_kprobe(struct kprobe *p)
920 arch_remove_kprobe(p);
924 static struct kprobe *alloc_aggr_kprobe(struct kprobe *p)
926 return kzalloc(sizeof(struct kprobe), GFP_KERNEL);
928 #endif /* CONFIG_OPTPROBES */
930 #ifdef CONFIG_KPROBES_ON_FTRACE
931 static struct ftrace_ops kprobe_ftrace_ops __read_mostly = {
932 .func = kprobe_ftrace_handler,
933 .flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY,
935 static int kprobe_ftrace_enabled;
937 /* Must ensure p->addr is really on ftrace */
938 static int prepare_kprobe(struct kprobe *p)
940 if (!kprobe_ftrace(p))
941 return arch_prepare_kprobe(p);
943 return arch_prepare_kprobe_ftrace(p);
946 /* Caller must lock kprobe_mutex */
947 static void arm_kprobe_ftrace(struct kprobe *p)
951 ret = ftrace_set_filter_ip(&kprobe_ftrace_ops,
952 (unsigned long)p->addr, 0, 0);
953 WARN(ret < 0, "Failed to arm kprobe-ftrace at %p (%d)\n", p->addr, ret);
954 kprobe_ftrace_enabled++;
955 if (kprobe_ftrace_enabled == 1) {
956 ret = register_ftrace_function(&kprobe_ftrace_ops);
957 WARN(ret < 0, "Failed to init kprobe-ftrace (%d)\n", ret);
961 /* Caller must lock kprobe_mutex */
962 static void disarm_kprobe_ftrace(struct kprobe *p)
966 kprobe_ftrace_enabled--;
967 if (kprobe_ftrace_enabled == 0) {
968 ret = unregister_ftrace_function(&kprobe_ftrace_ops);
969 WARN(ret < 0, "Failed to init kprobe-ftrace (%d)\n", ret);
971 ret = ftrace_set_filter_ip(&kprobe_ftrace_ops,
972 (unsigned long)p->addr, 1, 0);
973 WARN(ret < 0, "Failed to disarm kprobe-ftrace at %p (%d)\n", p->addr, ret);
975 #else /* !CONFIG_KPROBES_ON_FTRACE */
976 #define prepare_kprobe(p) arch_prepare_kprobe(p)
977 #define arm_kprobe_ftrace(p) do {} while (0)
978 #define disarm_kprobe_ftrace(p) do {} while (0)
981 /* Arm a kprobe with text_mutex */
982 static void arm_kprobe(struct kprobe *kp)
984 if (unlikely(kprobe_ftrace(kp))) {
985 arm_kprobe_ftrace(kp);
989 * Here, since __arm_kprobe() doesn't use stop_machine(),
990 * this doesn't cause deadlock on text_mutex. So, we don't
991 * need get_online_cpus().
993 mutex_lock(&text_mutex);
995 mutex_unlock(&text_mutex);
998 /* Disarm a kprobe with text_mutex */
999 static void disarm_kprobe(struct kprobe *kp, bool reopt)
1001 if (unlikely(kprobe_ftrace(kp))) {
1002 disarm_kprobe_ftrace(kp);
1006 mutex_lock(&text_mutex);
1007 __disarm_kprobe(kp, reopt);
1008 mutex_unlock(&text_mutex);
1012 * Aggregate handlers for multiple kprobes support - these handlers
1013 * take care of invoking the individual kprobe handlers on p->list
1015 static int aggr_pre_handler(struct kprobe *p, struct pt_regs *regs)
1019 list_for_each_entry_rcu(kp, &p->list, list) {
1020 if (kp->pre_handler && likely(!kprobe_disabled(kp))) {
1021 set_kprobe_instance(kp);
1022 if (kp->pre_handler(kp, regs))
1025 reset_kprobe_instance();
1029 NOKPROBE_SYMBOL(aggr_pre_handler);
1031 static void aggr_post_handler(struct kprobe *p, struct pt_regs *regs,
1032 unsigned long flags)
1036 list_for_each_entry_rcu(kp, &p->list, list) {
1037 if (kp->post_handler && likely(!kprobe_disabled(kp))) {
1038 set_kprobe_instance(kp);
1039 kp->post_handler(kp, regs, flags);
1040 reset_kprobe_instance();
1044 NOKPROBE_SYMBOL(aggr_post_handler);
1046 static int aggr_fault_handler(struct kprobe *p, struct pt_regs *regs,
1049 struct kprobe *cur = __this_cpu_read(kprobe_instance);
1052 * if we faulted "during" the execution of a user specified
1053 * probe handler, invoke just that probe's fault handler
1055 if (cur && cur->fault_handler) {
1056 if (cur->fault_handler(cur, regs, trapnr))
1061 NOKPROBE_SYMBOL(aggr_fault_handler);
1063 static int aggr_break_handler(struct kprobe *p, struct pt_regs *regs)
1065 struct kprobe *cur = __this_cpu_read(kprobe_instance);
1068 if (cur && cur->break_handler) {
1069 if (cur->break_handler(cur, regs))
1072 reset_kprobe_instance();
1075 NOKPROBE_SYMBOL(aggr_break_handler);
1077 /* Walks the list and increments nmissed count for multiprobe case */
1078 void kprobes_inc_nmissed_count(struct kprobe *p)
1081 if (!kprobe_aggrprobe(p)) {
1084 list_for_each_entry_rcu(kp, &p->list, list)
1089 NOKPROBE_SYMBOL(kprobes_inc_nmissed_count);
1091 void recycle_rp_inst(struct kretprobe_instance *ri,
1092 struct hlist_head *head)
1094 struct kretprobe *rp = ri->rp;
1096 /* remove rp inst off the rprobe_inst_table */
1097 hlist_del(&ri->hlist);
1098 INIT_HLIST_NODE(&ri->hlist);
1100 raw_spin_lock(&rp->lock);
1101 hlist_add_head(&ri->hlist, &rp->free_instances);
1102 raw_spin_unlock(&rp->lock);
1105 hlist_add_head(&ri->hlist, head);
1107 NOKPROBE_SYMBOL(recycle_rp_inst);
1109 void kretprobe_hash_lock(struct task_struct *tsk,
1110 struct hlist_head **head, unsigned long *flags)
1111 __acquires(hlist_lock)
1113 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS);
1114 raw_spinlock_t *hlist_lock;
1116 *head = &kretprobe_inst_table[hash];
1117 hlist_lock = kretprobe_table_lock_ptr(hash);
1118 raw_spin_lock_irqsave(hlist_lock, *flags);
1120 NOKPROBE_SYMBOL(kretprobe_hash_lock);
1122 static void kretprobe_table_lock(unsigned long hash,
1123 unsigned long *flags)
1124 __acquires(hlist_lock)
1126 raw_spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash);
1127 raw_spin_lock_irqsave(hlist_lock, *flags);
1129 NOKPROBE_SYMBOL(kretprobe_table_lock);
1131 void kretprobe_hash_unlock(struct task_struct *tsk,
1132 unsigned long *flags)
1133 __releases(hlist_lock)
1135 unsigned long hash = hash_ptr(tsk, KPROBE_HASH_BITS);
1136 raw_spinlock_t *hlist_lock;
1138 hlist_lock = kretprobe_table_lock_ptr(hash);
1139 raw_spin_unlock_irqrestore(hlist_lock, *flags);
1141 NOKPROBE_SYMBOL(kretprobe_hash_unlock);
1143 static void kretprobe_table_unlock(unsigned long hash,
1144 unsigned long *flags)
1145 __releases(hlist_lock)
1147 raw_spinlock_t *hlist_lock = kretprobe_table_lock_ptr(hash);
1148 raw_spin_unlock_irqrestore(hlist_lock, *flags);
1150 NOKPROBE_SYMBOL(kretprobe_table_unlock);
1153 * This function is called from finish_task_switch when task tk becomes dead,
1154 * so that we can recycle any function-return probe instances associated
1155 * with this task. These left over instances represent probed functions
1156 * that have been called but will never return.
1158 void kprobe_flush_task(struct task_struct *tk)
1160 struct kretprobe_instance *ri;
1161 struct hlist_head *head, empty_rp;
1162 struct hlist_node *tmp;
1163 unsigned long hash, flags = 0;
1165 if (unlikely(!kprobes_initialized))
1166 /* Early boot. kretprobe_table_locks not yet initialized. */
1169 INIT_HLIST_HEAD(&empty_rp);
1170 hash = hash_ptr(tk, KPROBE_HASH_BITS);
1171 head = &kretprobe_inst_table[hash];
1172 kretprobe_table_lock(hash, &flags);
1173 hlist_for_each_entry_safe(ri, tmp, head, hlist) {
1175 recycle_rp_inst(ri, &empty_rp);
1177 kretprobe_table_unlock(hash, &flags);
1178 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
1179 hlist_del(&ri->hlist);
1183 NOKPROBE_SYMBOL(kprobe_flush_task);
1185 static inline void free_rp_inst(struct kretprobe *rp)
1187 struct kretprobe_instance *ri;
1188 struct hlist_node *next;
1190 hlist_for_each_entry_safe(ri, next, &rp->free_instances, hlist) {
1191 hlist_del(&ri->hlist);
1196 static void cleanup_rp_inst(struct kretprobe *rp)
1198 unsigned long flags, hash;
1199 struct kretprobe_instance *ri;
1200 struct hlist_node *next;
1201 struct hlist_head *head;
1204 for (hash = 0; hash < KPROBE_TABLE_SIZE; hash++) {
1205 kretprobe_table_lock(hash, &flags);
1206 head = &kretprobe_inst_table[hash];
1207 hlist_for_each_entry_safe(ri, next, head, hlist) {
1211 kretprobe_table_unlock(hash, &flags);
1215 NOKPROBE_SYMBOL(cleanup_rp_inst);
1218 * Add the new probe to ap->list. Fail if this is the
1219 * second jprobe at the address - two jprobes can't coexist
1221 static int add_new_kprobe(struct kprobe *ap, struct kprobe *p)
1223 BUG_ON(kprobe_gone(ap) || kprobe_gone(p));
1225 if (p->break_handler || p->post_handler)
1226 unoptimize_kprobe(ap, true); /* Fall back to normal kprobe */
1228 if (p->break_handler) {
1229 if (ap->break_handler)
1231 list_add_tail_rcu(&p->list, &ap->list);
1232 ap->break_handler = aggr_break_handler;
1234 list_add_rcu(&p->list, &ap->list);
1235 if (p->post_handler && !ap->post_handler)
1236 ap->post_handler = aggr_post_handler;
1242 * Fill in the required fields of the "manager kprobe". Replace the
1243 * earlier kprobe in the hlist with the manager kprobe
1245 static void init_aggr_kprobe(struct kprobe *ap, struct kprobe *p)
1247 /* Copy p's insn slot to ap */
1249 flush_insn_slot(ap);
1251 ap->flags = p->flags & ~KPROBE_FLAG_OPTIMIZED;
1252 ap->pre_handler = aggr_pre_handler;
1253 ap->fault_handler = aggr_fault_handler;
1254 /* We don't care the kprobe which has gone. */
1255 if (p->post_handler && !kprobe_gone(p))
1256 ap->post_handler = aggr_post_handler;
1257 if (p->break_handler && !kprobe_gone(p))
1258 ap->break_handler = aggr_break_handler;
1260 INIT_LIST_HEAD(&ap->list);
1261 INIT_HLIST_NODE(&ap->hlist);
1263 list_add_rcu(&p->list, &ap->list);
1264 hlist_replace_rcu(&p->hlist, &ap->hlist);
1268 * This is the second or subsequent kprobe at the address - handle
1271 static int register_aggr_kprobe(struct kprobe *orig_p, struct kprobe *p)
1274 struct kprobe *ap = orig_p;
1276 /* For preparing optimization, jump_label_text_reserved() is called */
1279 * Get online CPUs to avoid text_mutex deadlock.with stop machine,
1280 * which is invoked by unoptimize_kprobe() in add_new_kprobe()
1283 mutex_lock(&text_mutex);
1285 if (!kprobe_aggrprobe(orig_p)) {
1286 /* If orig_p is not an aggr_kprobe, create new aggr_kprobe. */
1287 ap = alloc_aggr_kprobe(orig_p);
1292 init_aggr_kprobe(ap, orig_p);
1293 } else if (kprobe_unused(ap)) {
1294 /* This probe is going to die. Rescue it */
1295 ret = reuse_unused_kprobe(ap);
1300 if (kprobe_gone(ap)) {
1302 * Attempting to insert new probe at the same location that
1303 * had a probe in the module vaddr area which already
1304 * freed. So, the instruction slot has already been
1305 * released. We need a new slot for the new probe.
1307 ret = arch_prepare_kprobe(ap);
1310 * Even if fail to allocate new slot, don't need to
1311 * free aggr_probe. It will be used next time, or
1312 * freed by unregister_kprobe.
1316 /* Prepare optimized instructions if possible. */
1317 prepare_optimized_kprobe(ap);
1320 * Clear gone flag to prevent allocating new slot again, and
1321 * set disabled flag because it is not armed yet.
1323 ap->flags = (ap->flags & ~KPROBE_FLAG_GONE)
1324 | KPROBE_FLAG_DISABLED;
1327 /* Copy ap's insn slot to p */
1329 ret = add_new_kprobe(ap, p);
1332 mutex_unlock(&text_mutex);
1334 jump_label_unlock();
1336 if (ret == 0 && kprobe_disabled(ap) && !kprobe_disabled(p)) {
1337 ap->flags &= ~KPROBE_FLAG_DISABLED;
1338 if (!kprobes_all_disarmed)
1339 /* Arm the breakpoint again. */
1345 bool __weak arch_within_kprobe_blacklist(unsigned long addr)
1347 /* The __kprobes marked functions and entry code must not be probed */
1348 return addr >= (unsigned long)__kprobes_text_start &&
1349 addr < (unsigned long)__kprobes_text_end;
1352 bool within_kprobe_blacklist(unsigned long addr)
1354 struct kprobe_blacklist_entry *ent;
1356 if (arch_within_kprobe_blacklist(addr))
1359 * If there exists a kprobe_blacklist, verify and
1360 * fail any probe registration in the prohibited area
1362 list_for_each_entry(ent, &kprobe_blacklist, list) {
1363 if (addr >= ent->start_addr && addr < ent->end_addr)
1371 * If we have a symbol_name argument, look it up and add the offset field
1372 * to it. This way, we can specify a relative address to a symbol.
1373 * This returns encoded errors if it fails to look up symbol or invalid
1374 * combination of parameters.
1376 static kprobe_opcode_t *kprobe_addr(struct kprobe *p)
1378 kprobe_opcode_t *addr = p->addr;
1380 if ((p->symbol_name && p->addr) ||
1381 (!p->symbol_name && !p->addr))
1384 if (p->symbol_name) {
1385 kprobe_lookup_name(p->symbol_name, addr);
1387 return ERR_PTR(-ENOENT);
1390 addr = (kprobe_opcode_t *)(((char *)addr) + p->offset);
1395 return ERR_PTR(-EINVAL);
1398 /* Check passed kprobe is valid and return kprobe in kprobe_table. */
1399 static struct kprobe *__get_valid_kprobe(struct kprobe *p)
1401 struct kprobe *ap, *list_p;
1403 ap = get_kprobe(p->addr);
1408 list_for_each_entry_rcu(list_p, &ap->list, list)
1410 /* kprobe p is a valid probe */
1418 /* Return error if the kprobe is being re-registered */
1419 static inline int check_kprobe_rereg(struct kprobe *p)
1423 mutex_lock(&kprobe_mutex);
1424 if (__get_valid_kprobe(p))
1426 mutex_unlock(&kprobe_mutex);
1431 int __weak arch_check_ftrace_location(struct kprobe *p)
1433 unsigned long ftrace_addr;
1435 ftrace_addr = ftrace_location((unsigned long)p->addr);
1437 #ifdef CONFIG_KPROBES_ON_FTRACE
1438 /* Given address is not on the instruction boundary */
1439 if ((unsigned long)p->addr != ftrace_addr)
1441 p->flags |= KPROBE_FLAG_FTRACE;
1442 #else /* !CONFIG_KPROBES_ON_FTRACE */
1449 static int check_kprobe_address_safe(struct kprobe *p,
1450 struct module **probed_mod)
1454 ret = arch_check_ftrace_location(p);
1460 /* Ensure it is not in reserved area nor out of text */
1461 if (!kernel_text_address((unsigned long) p->addr) ||
1462 within_kprobe_blacklist((unsigned long) p->addr) ||
1463 jump_label_text_reserved(p->addr, p->addr) ||
1464 find_bug((unsigned long)p->addr)) {
1469 /* Check if are we probing a module */
1470 *probed_mod = __module_text_address((unsigned long) p->addr);
1473 * We must hold a refcount of the probed module while updating
1474 * its code to prohibit unexpected unloading.
1476 if (unlikely(!try_module_get(*probed_mod))) {
1482 * If the module freed .init.text, we couldn't insert
1485 if (within_module_init((unsigned long)p->addr, *probed_mod) &&
1486 (*probed_mod)->state != MODULE_STATE_COMING) {
1487 module_put(*probed_mod);
1494 jump_label_unlock();
1499 int register_kprobe(struct kprobe *p)
1502 struct kprobe *old_p;
1503 struct module *probed_mod;
1504 kprobe_opcode_t *addr;
1506 /* Adjust probe address from symbol */
1507 addr = kprobe_addr(p);
1509 return PTR_ERR(addr);
1512 ret = check_kprobe_rereg(p);
1516 /* User can pass only KPROBE_FLAG_DISABLED to register_kprobe */
1517 p->flags &= KPROBE_FLAG_DISABLED;
1519 INIT_LIST_HEAD(&p->list);
1521 ret = check_kprobe_address_safe(p, &probed_mod);
1525 mutex_lock(&kprobe_mutex);
1527 old_p = get_kprobe(p->addr);
1529 /* Since this may unoptimize old_p, locking text_mutex. */
1530 ret = register_aggr_kprobe(old_p, p);
1534 mutex_lock(&text_mutex); /* Avoiding text modification */
1535 ret = prepare_kprobe(p);
1536 mutex_unlock(&text_mutex);
1540 INIT_HLIST_NODE(&p->hlist);
1541 hlist_add_head_rcu(&p->hlist,
1542 &kprobe_table[hash_ptr(p->addr, KPROBE_HASH_BITS)]);
1544 if (!kprobes_all_disarmed && !kprobe_disabled(p))
1547 /* Try to optimize kprobe */
1548 try_to_optimize_kprobe(p);
1551 mutex_unlock(&kprobe_mutex);
1554 module_put(probed_mod);
1558 EXPORT_SYMBOL_GPL(register_kprobe);
1560 /* Check if all probes on the aggrprobe are disabled */
1561 static int aggr_kprobe_disabled(struct kprobe *ap)
1565 list_for_each_entry_rcu(kp, &ap->list, list)
1566 if (!kprobe_disabled(kp))
1568 * There is an active probe on the list.
1569 * We can't disable this ap.
1576 /* Disable one kprobe: Make sure called under kprobe_mutex is locked */
1577 static struct kprobe *__disable_kprobe(struct kprobe *p)
1579 struct kprobe *orig_p;
1581 /* Get an original kprobe for return */
1582 orig_p = __get_valid_kprobe(p);
1583 if (unlikely(orig_p == NULL))
1586 if (!kprobe_disabled(p)) {
1587 /* Disable probe if it is a child probe */
1589 p->flags |= KPROBE_FLAG_DISABLED;
1591 /* Try to disarm and disable this/parent probe */
1592 if (p == orig_p || aggr_kprobe_disabled(orig_p)) {
1594 * If kprobes_all_disarmed is set, orig_p
1595 * should have already been disarmed, so
1596 * skip unneed disarming process.
1598 if (!kprobes_all_disarmed)
1599 disarm_kprobe(orig_p, true);
1600 orig_p->flags |= KPROBE_FLAG_DISABLED;
1608 * Unregister a kprobe without a scheduler synchronization.
1610 static int __unregister_kprobe_top(struct kprobe *p)
1612 struct kprobe *ap, *list_p;
1614 /* Disable kprobe. This will disarm it if needed. */
1615 ap = __disable_kprobe(p);
1621 * This probe is an independent(and non-optimized) kprobe
1622 * (not an aggrprobe). Remove from the hash list.
1626 /* Following process expects this probe is an aggrprobe */
1627 WARN_ON(!kprobe_aggrprobe(ap));
1629 if (list_is_singular(&ap->list) && kprobe_disarmed(ap))
1631 * !disarmed could be happen if the probe is under delayed
1636 /* If disabling probe has special handlers, update aggrprobe */
1637 if (p->break_handler && !kprobe_gone(p))
1638 ap->break_handler = NULL;
1639 if (p->post_handler && !kprobe_gone(p)) {
1640 list_for_each_entry_rcu(list_p, &ap->list, list) {
1641 if ((list_p != p) && (list_p->post_handler))
1644 ap->post_handler = NULL;
1648 * Remove from the aggrprobe: this path will do nothing in
1649 * __unregister_kprobe_bottom().
1651 list_del_rcu(&p->list);
1652 if (!kprobe_disabled(ap) && !kprobes_all_disarmed)
1654 * Try to optimize this probe again, because post
1655 * handler may have been changed.
1657 optimize_kprobe(ap);
1662 BUG_ON(!kprobe_disarmed(ap));
1663 hlist_del_rcu(&ap->hlist);
1667 static void __unregister_kprobe_bottom(struct kprobe *p)
1671 if (list_empty(&p->list))
1672 /* This is an independent kprobe */
1673 arch_remove_kprobe(p);
1674 else if (list_is_singular(&p->list)) {
1675 /* This is the last child of an aggrprobe */
1676 ap = list_entry(p->list.next, struct kprobe, list);
1678 free_aggr_kprobe(ap);
1680 /* Otherwise, do nothing. */
1683 int register_kprobes(struct kprobe **kps, int num)
1689 for (i = 0; i < num; i++) {
1690 ret = register_kprobe(kps[i]);
1693 unregister_kprobes(kps, i);
1699 EXPORT_SYMBOL_GPL(register_kprobes);
1701 void unregister_kprobe(struct kprobe *p)
1703 unregister_kprobes(&p, 1);
1705 EXPORT_SYMBOL_GPL(unregister_kprobe);
1707 void unregister_kprobes(struct kprobe **kps, int num)
1713 mutex_lock(&kprobe_mutex);
1714 for (i = 0; i < num; i++)
1715 if (__unregister_kprobe_top(kps[i]) < 0)
1716 kps[i]->addr = NULL;
1717 mutex_unlock(&kprobe_mutex);
1719 synchronize_sched();
1720 for (i = 0; i < num; i++)
1722 __unregister_kprobe_bottom(kps[i]);
1724 EXPORT_SYMBOL_GPL(unregister_kprobes);
1726 static struct notifier_block kprobe_exceptions_nb = {
1727 .notifier_call = kprobe_exceptions_notify,
1728 .priority = 0x7fffffff /* we need to be notified first */
1731 unsigned long __weak arch_deref_entry_point(void *entry)
1733 return (unsigned long)entry;
1736 int register_jprobes(struct jprobe **jps, int num)
1743 for (i = 0; i < num; i++) {
1744 unsigned long addr, offset;
1746 addr = arch_deref_entry_point(jp->entry);
1748 /* Verify probepoint is a function entry point */
1749 if (kallsyms_lookup_size_offset(addr, NULL, &offset) &&
1751 jp->kp.pre_handler = setjmp_pre_handler;
1752 jp->kp.break_handler = longjmp_break_handler;
1753 ret = register_kprobe(&jp->kp);
1759 unregister_jprobes(jps, i);
1765 EXPORT_SYMBOL_GPL(register_jprobes);
1767 int register_jprobe(struct jprobe *jp)
1769 return register_jprobes(&jp, 1);
1771 EXPORT_SYMBOL_GPL(register_jprobe);
1773 void unregister_jprobe(struct jprobe *jp)
1775 unregister_jprobes(&jp, 1);
1777 EXPORT_SYMBOL_GPL(unregister_jprobe);
1779 void unregister_jprobes(struct jprobe **jps, int num)
1785 mutex_lock(&kprobe_mutex);
1786 for (i = 0; i < num; i++)
1787 if (__unregister_kprobe_top(&jps[i]->kp) < 0)
1788 jps[i]->kp.addr = NULL;
1789 mutex_unlock(&kprobe_mutex);
1791 synchronize_sched();
1792 for (i = 0; i < num; i++) {
1793 if (jps[i]->kp.addr)
1794 __unregister_kprobe_bottom(&jps[i]->kp);
1797 EXPORT_SYMBOL_GPL(unregister_jprobes);
1799 #ifdef CONFIG_KRETPROBES
1801 * This kprobe pre_handler is registered with every kretprobe. When probe
1802 * hits it will set up the return probe.
1804 static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
1806 struct kretprobe *rp = container_of(p, struct kretprobe, kp);
1807 unsigned long hash, flags = 0;
1808 struct kretprobe_instance *ri;
1811 * To avoid deadlocks, prohibit return probing in NMI contexts,
1812 * just skip the probe and increase the (inexact) 'nmissed'
1813 * statistical counter, so that the user is informed that
1814 * something happened:
1816 if (unlikely(in_nmi())) {
1821 /* TODO: consider to only swap the RA after the last pre_handler fired */
1822 hash = hash_ptr(current, KPROBE_HASH_BITS);
1823 raw_spin_lock_irqsave(&rp->lock, flags);
1824 if (!hlist_empty(&rp->free_instances)) {
1825 ri = hlist_entry(rp->free_instances.first,
1826 struct kretprobe_instance, hlist);
1827 hlist_del(&ri->hlist);
1828 raw_spin_unlock_irqrestore(&rp->lock, flags);
1833 if (rp->entry_handler && rp->entry_handler(ri, regs)) {
1834 raw_spin_lock_irqsave(&rp->lock, flags);
1835 hlist_add_head(&ri->hlist, &rp->free_instances);
1836 raw_spin_unlock_irqrestore(&rp->lock, flags);
1840 arch_prepare_kretprobe(ri, regs);
1842 /* XXX(hch): why is there no hlist_move_head? */
1843 INIT_HLIST_NODE(&ri->hlist);
1844 kretprobe_table_lock(hash, &flags);
1845 hlist_add_head(&ri->hlist, &kretprobe_inst_table[hash]);
1846 kretprobe_table_unlock(hash, &flags);
1849 raw_spin_unlock_irqrestore(&rp->lock, flags);
1853 NOKPROBE_SYMBOL(pre_handler_kretprobe);
1855 int register_kretprobe(struct kretprobe *rp)
1858 struct kretprobe_instance *inst;
1862 if (kretprobe_blacklist_size) {
1863 addr = kprobe_addr(&rp->kp);
1865 return PTR_ERR(addr);
1867 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) {
1868 if (kretprobe_blacklist[i].addr == addr)
1873 rp->kp.pre_handler = pre_handler_kretprobe;
1874 rp->kp.post_handler = NULL;
1875 rp->kp.fault_handler = NULL;
1876 rp->kp.break_handler = NULL;
1878 /* Pre-allocate memory for max kretprobe instances */
1879 if (rp->maxactive <= 0) {
1880 #ifdef CONFIG_PREEMPT
1881 rp->maxactive = max_t(unsigned int, 10, 2*num_possible_cpus());
1883 rp->maxactive = num_possible_cpus();
1886 raw_spin_lock_init(&rp->lock);
1887 INIT_HLIST_HEAD(&rp->free_instances);
1888 for (i = 0; i < rp->maxactive; i++) {
1889 inst = kmalloc(sizeof(struct kretprobe_instance) +
1890 rp->data_size, GFP_KERNEL);
1895 INIT_HLIST_NODE(&inst->hlist);
1896 hlist_add_head(&inst->hlist, &rp->free_instances);
1900 /* Establish function entry probe point */
1901 ret = register_kprobe(&rp->kp);
1906 EXPORT_SYMBOL_GPL(register_kretprobe);
1908 int register_kretprobes(struct kretprobe **rps, int num)
1914 for (i = 0; i < num; i++) {
1915 ret = register_kretprobe(rps[i]);
1918 unregister_kretprobes(rps, i);
1924 EXPORT_SYMBOL_GPL(register_kretprobes);
1926 void unregister_kretprobe(struct kretprobe *rp)
1928 unregister_kretprobes(&rp, 1);
1930 EXPORT_SYMBOL_GPL(unregister_kretprobe);
1932 void unregister_kretprobes(struct kretprobe **rps, int num)
1938 mutex_lock(&kprobe_mutex);
1939 for (i = 0; i < num; i++)
1940 if (__unregister_kprobe_top(&rps[i]->kp) < 0)
1941 rps[i]->kp.addr = NULL;
1942 mutex_unlock(&kprobe_mutex);
1944 synchronize_sched();
1945 for (i = 0; i < num; i++) {
1946 if (rps[i]->kp.addr) {
1947 __unregister_kprobe_bottom(&rps[i]->kp);
1948 cleanup_rp_inst(rps[i]);
1952 EXPORT_SYMBOL_GPL(unregister_kretprobes);
1954 #else /* CONFIG_KRETPROBES */
1955 int register_kretprobe(struct kretprobe *rp)
1959 EXPORT_SYMBOL_GPL(register_kretprobe);
1961 int register_kretprobes(struct kretprobe **rps, int num)
1965 EXPORT_SYMBOL_GPL(register_kretprobes);
1967 void unregister_kretprobe(struct kretprobe *rp)
1970 EXPORT_SYMBOL_GPL(unregister_kretprobe);
1972 void unregister_kretprobes(struct kretprobe **rps, int num)
1975 EXPORT_SYMBOL_GPL(unregister_kretprobes);
1977 static int pre_handler_kretprobe(struct kprobe *p, struct pt_regs *regs)
1981 NOKPROBE_SYMBOL(pre_handler_kretprobe);
1983 #endif /* CONFIG_KRETPROBES */
1985 /* Set the kprobe gone and remove its instruction buffer. */
1986 static void kill_kprobe(struct kprobe *p)
1990 p->flags |= KPROBE_FLAG_GONE;
1991 if (kprobe_aggrprobe(p)) {
1993 * If this is an aggr_kprobe, we have to list all the
1994 * chained probes and mark them GONE.
1996 list_for_each_entry_rcu(kp, &p->list, list)
1997 kp->flags |= KPROBE_FLAG_GONE;
1998 p->post_handler = NULL;
1999 p->break_handler = NULL;
2000 kill_optimized_kprobe(p);
2003 * Here, we can remove insn_slot safely, because no thread calls
2004 * the original probed function (which will be freed soon) any more.
2006 arch_remove_kprobe(p);
2009 /* Disable one kprobe */
2010 int disable_kprobe(struct kprobe *kp)
2014 mutex_lock(&kprobe_mutex);
2016 /* Disable this kprobe */
2017 if (__disable_kprobe(kp) == NULL)
2020 mutex_unlock(&kprobe_mutex);
2023 EXPORT_SYMBOL_GPL(disable_kprobe);
2025 /* Enable one kprobe */
2026 int enable_kprobe(struct kprobe *kp)
2031 mutex_lock(&kprobe_mutex);
2033 /* Check whether specified probe is valid. */
2034 p = __get_valid_kprobe(kp);
2035 if (unlikely(p == NULL)) {
2040 if (kprobe_gone(kp)) {
2041 /* This kprobe has gone, we couldn't enable it. */
2047 kp->flags &= ~KPROBE_FLAG_DISABLED;
2049 if (!kprobes_all_disarmed && kprobe_disabled(p)) {
2050 p->flags &= ~KPROBE_FLAG_DISABLED;
2054 mutex_unlock(&kprobe_mutex);
2057 EXPORT_SYMBOL_GPL(enable_kprobe);
2059 void dump_kprobe(struct kprobe *kp)
2061 printk(KERN_WARNING "Dumping kprobe:\n");
2062 printk(KERN_WARNING "Name: %s\nAddress: %p\nOffset: %x\n",
2063 kp->symbol_name, kp->addr, kp->offset);
2065 NOKPROBE_SYMBOL(dump_kprobe);
2068 * Lookup and populate the kprobe_blacklist.
2070 * Unlike the kretprobe blacklist, we'll need to determine
2071 * the range of addresses that belong to the said functions,
2072 * since a kprobe need not necessarily be at the beginning
2075 static int __init populate_kprobe_blacklist(unsigned long *start,
2078 unsigned long *iter;
2079 struct kprobe_blacklist_entry *ent;
2080 unsigned long entry, offset = 0, size = 0;
2082 for (iter = start; iter < end; iter++) {
2083 entry = arch_deref_entry_point((void *)*iter);
2085 if (!kernel_text_address(entry) ||
2086 !kallsyms_lookup_size_offset(entry, &size, &offset)) {
2087 pr_err("Failed to find blacklist at %p\n",
2092 ent = kmalloc(sizeof(*ent), GFP_KERNEL);
2095 ent->start_addr = entry;
2096 ent->end_addr = entry + size;
2097 INIT_LIST_HEAD(&ent->list);
2098 list_add_tail(&ent->list, &kprobe_blacklist);
2103 /* Module notifier call back, checking kprobes on the module */
2104 static int kprobes_module_callback(struct notifier_block *nb,
2105 unsigned long val, void *data)
2107 struct module *mod = data;
2108 struct hlist_head *head;
2111 int checkcore = (val == MODULE_STATE_GOING);
2113 if (val != MODULE_STATE_GOING && val != MODULE_STATE_LIVE)
2117 * When MODULE_STATE_GOING was notified, both of module .text and
2118 * .init.text sections would be freed. When MODULE_STATE_LIVE was
2119 * notified, only .init.text section would be freed. We need to
2120 * disable kprobes which have been inserted in the sections.
2122 mutex_lock(&kprobe_mutex);
2123 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
2124 head = &kprobe_table[i];
2125 hlist_for_each_entry_rcu(p, head, hlist)
2126 if (within_module_init((unsigned long)p->addr, mod) ||
2128 within_module_core((unsigned long)p->addr, mod))) {
2130 * The vaddr this probe is installed will soon
2131 * be vfreed buy not synced to disk. Hence,
2132 * disarming the breakpoint isn't needed.
2137 mutex_unlock(&kprobe_mutex);
2141 static struct notifier_block kprobe_module_nb = {
2142 .notifier_call = kprobes_module_callback,
2146 /* Markers of _kprobe_blacklist section */
2147 extern unsigned long __start_kprobe_blacklist[];
2148 extern unsigned long __stop_kprobe_blacklist[];
2150 static int __init init_kprobes(void)
2154 /* FIXME allocate the probe table, currently defined statically */
2155 /* initialize all list heads */
2156 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
2157 INIT_HLIST_HEAD(&kprobe_table[i]);
2158 INIT_HLIST_HEAD(&kretprobe_inst_table[i]);
2159 raw_spin_lock_init(&(kretprobe_table_locks[i].lock));
2162 err = populate_kprobe_blacklist(__start_kprobe_blacklist,
2163 __stop_kprobe_blacklist);
2165 pr_err("kprobes: failed to populate blacklist: %d\n", err);
2166 pr_err("Please take care of using kprobes.\n");
2169 if (kretprobe_blacklist_size) {
2170 /* lookup the function address from its name */
2171 for (i = 0; kretprobe_blacklist[i].name != NULL; i++) {
2172 kprobe_lookup_name(kretprobe_blacklist[i].name,
2173 kretprobe_blacklist[i].addr);
2174 if (!kretprobe_blacklist[i].addr)
2175 printk("kretprobe: lookup failed: %s\n",
2176 kretprobe_blacklist[i].name);
2180 #if defined(CONFIG_OPTPROBES)
2181 #if defined(__ARCH_WANT_KPROBES_INSN_SLOT)
2182 /* Init kprobe_optinsn_slots */
2183 kprobe_optinsn_slots.insn_size = MAX_OPTINSN_SIZE;
2185 /* By default, kprobes can be optimized */
2186 kprobes_allow_optimization = true;
2189 /* By default, kprobes are armed */
2190 kprobes_all_disarmed = false;
2192 err = arch_init_kprobes();
2194 err = register_die_notifier(&kprobe_exceptions_nb);
2196 err = register_module_notifier(&kprobe_module_nb);
2198 kprobes_initialized = (err == 0);
2205 #ifdef CONFIG_DEBUG_FS
2206 static void report_probe(struct seq_file *pi, struct kprobe *p,
2207 const char *sym, int offset, char *modname, struct kprobe *pp)
2211 if (p->pre_handler == pre_handler_kretprobe)
2213 else if (p->pre_handler == setjmp_pre_handler)
2219 seq_printf(pi, "%p %s %s+0x%x %s ",
2220 p->addr, kprobe_type, sym, offset,
2221 (modname ? modname : " "));
2223 seq_printf(pi, "%p %s %p ",
2224 p->addr, kprobe_type, p->addr);
2228 seq_printf(pi, "%s%s%s%s\n",
2229 (kprobe_gone(p) ? "[GONE]" : ""),
2230 ((kprobe_disabled(p) && !kprobe_gone(p)) ? "[DISABLED]" : ""),
2231 (kprobe_optimized(pp) ? "[OPTIMIZED]" : ""),
2232 (kprobe_ftrace(pp) ? "[FTRACE]" : ""));
2235 static void *kprobe_seq_start(struct seq_file *f, loff_t *pos)
2237 return (*pos < KPROBE_TABLE_SIZE) ? pos : NULL;
2240 static void *kprobe_seq_next(struct seq_file *f, void *v, loff_t *pos)
2243 if (*pos >= KPROBE_TABLE_SIZE)
2248 static void kprobe_seq_stop(struct seq_file *f, void *v)
2253 static int show_kprobe_addr(struct seq_file *pi, void *v)
2255 struct hlist_head *head;
2256 struct kprobe *p, *kp;
2257 const char *sym = NULL;
2258 unsigned int i = *(loff_t *) v;
2259 unsigned long offset = 0;
2260 char *modname, namebuf[KSYM_NAME_LEN];
2262 head = &kprobe_table[i];
2264 hlist_for_each_entry_rcu(p, head, hlist) {
2265 sym = kallsyms_lookup((unsigned long)p->addr, NULL,
2266 &offset, &modname, namebuf);
2267 if (kprobe_aggrprobe(p)) {
2268 list_for_each_entry_rcu(kp, &p->list, list)
2269 report_probe(pi, kp, sym, offset, modname, p);
2271 report_probe(pi, p, sym, offset, modname, NULL);
2277 static const struct seq_operations kprobes_seq_ops = {
2278 .start = kprobe_seq_start,
2279 .next = kprobe_seq_next,
2280 .stop = kprobe_seq_stop,
2281 .show = show_kprobe_addr
2284 static int kprobes_open(struct inode *inode, struct file *filp)
2286 return seq_open(filp, &kprobes_seq_ops);
2289 static const struct file_operations debugfs_kprobes_operations = {
2290 .open = kprobes_open,
2292 .llseek = seq_lseek,
2293 .release = seq_release,
2296 /* kprobes/blacklist -- shows which functions can not be probed */
2297 static void *kprobe_blacklist_seq_start(struct seq_file *m, loff_t *pos)
2299 return seq_list_start(&kprobe_blacklist, *pos);
2302 static void *kprobe_blacklist_seq_next(struct seq_file *m, void *v, loff_t *pos)
2304 return seq_list_next(v, &kprobe_blacklist, pos);
2307 static int kprobe_blacklist_seq_show(struct seq_file *m, void *v)
2309 struct kprobe_blacklist_entry *ent =
2310 list_entry(v, struct kprobe_blacklist_entry, list);
2312 seq_printf(m, "0x%p-0x%p\t%ps\n", (void *)ent->start_addr,
2313 (void *)ent->end_addr, (void *)ent->start_addr);
2317 static const struct seq_operations kprobe_blacklist_seq_ops = {
2318 .start = kprobe_blacklist_seq_start,
2319 .next = kprobe_blacklist_seq_next,
2320 .stop = kprobe_seq_stop, /* Reuse void function */
2321 .show = kprobe_blacklist_seq_show,
2324 static int kprobe_blacklist_open(struct inode *inode, struct file *filp)
2326 return seq_open(filp, &kprobe_blacklist_seq_ops);
2329 static const struct file_operations debugfs_kprobe_blacklist_ops = {
2330 .open = kprobe_blacklist_open,
2332 .llseek = seq_lseek,
2333 .release = seq_release,
2336 static void arm_all_kprobes(void)
2338 struct hlist_head *head;
2342 mutex_lock(&kprobe_mutex);
2344 /* If kprobes are armed, just return */
2345 if (!kprobes_all_disarmed)
2346 goto already_enabled;
2349 * optimize_kprobe() called by arm_kprobe() checks
2350 * kprobes_all_disarmed, so set kprobes_all_disarmed before
2353 kprobes_all_disarmed = false;
2354 /* Arming kprobes doesn't optimize kprobe itself */
2355 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
2356 head = &kprobe_table[i];
2357 hlist_for_each_entry_rcu(p, head, hlist)
2358 if (!kprobe_disabled(p))
2362 printk(KERN_INFO "Kprobes globally enabled\n");
2365 mutex_unlock(&kprobe_mutex);
2369 static void disarm_all_kprobes(void)
2371 struct hlist_head *head;
2375 mutex_lock(&kprobe_mutex);
2377 /* If kprobes are already disarmed, just return */
2378 if (kprobes_all_disarmed) {
2379 mutex_unlock(&kprobe_mutex);
2383 kprobes_all_disarmed = true;
2384 printk(KERN_INFO "Kprobes globally disabled\n");
2386 for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
2387 head = &kprobe_table[i];
2388 hlist_for_each_entry_rcu(p, head, hlist) {
2389 if (!arch_trampoline_kprobe(p) && !kprobe_disabled(p))
2390 disarm_kprobe(p, false);
2393 mutex_unlock(&kprobe_mutex);
2395 /* Wait for disarming all kprobes by optimizer */
2396 wait_for_kprobe_optimizer();
2400 * XXX: The debugfs bool file interface doesn't allow for callbacks
2401 * when the bool state is switched. We can reuse that facility when
2404 static ssize_t read_enabled_file_bool(struct file *file,
2405 char __user *user_buf, size_t count, loff_t *ppos)
2409 if (!kprobes_all_disarmed)
2415 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
2418 static ssize_t write_enabled_file_bool(struct file *file,
2419 const char __user *user_buf, size_t count, loff_t *ppos)
2424 buf_size = min(count, (sizeof(buf)-1));
2425 if (copy_from_user(buf, user_buf, buf_size))
2428 buf[buf_size] = '\0';
2438 disarm_all_kprobes();
2447 static const struct file_operations fops_kp = {
2448 .read = read_enabled_file_bool,
2449 .write = write_enabled_file_bool,
2450 .llseek = default_llseek,
2453 static int __init debugfs_kprobe_init(void)
2455 struct dentry *dir, *file;
2456 unsigned int value = 1;
2458 dir = debugfs_create_dir("kprobes", NULL);
2462 file = debugfs_create_file("list", 0400, dir, NULL,
2463 &debugfs_kprobes_operations);
2467 file = debugfs_create_file("enabled", 0600, dir,
2472 file = debugfs_create_file("blacklist", 0400, dir, NULL,
2473 &debugfs_kprobe_blacklist_ops);
2480 debugfs_remove(dir);
2484 late_initcall(debugfs_kprobe_init);
2485 #endif /* CONFIG_DEBUG_FS */
2487 module_init(init_kprobes);
2489 /* defined in arch/.../kernel/kprobes.c */
2490 EXPORT_SYMBOL_GPL(jprobe_return);
OSDN Git Service
