18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * kretprobe_example.c 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Here's a sample kernel module showing the use of return probes to 68c2ecf20Sopenharmony_ci * report the return value and total time taken for probed function 78c2ecf20Sopenharmony_ci * to run. 88c2ecf20Sopenharmony_ci * 98c2ecf20Sopenharmony_ci * usage: insmod kretprobe_example.ko func=<func_name> 108c2ecf20Sopenharmony_ci * 118c2ecf20Sopenharmony_ci * If no func_name is specified, kernel_clone is instrumented 128c2ecf20Sopenharmony_ci * 138c2ecf20Sopenharmony_ci * For more information on theory of operation of kretprobes, see 148c2ecf20Sopenharmony_ci * Documentation/trace/kprobes.rst 158c2ecf20Sopenharmony_ci * 168c2ecf20Sopenharmony_ci * Build and insert the kernel module as done in the kprobe example. 178c2ecf20Sopenharmony_ci * You will see the trace data in /var/log/messages and on the console 188c2ecf20Sopenharmony_ci * whenever the probed function returns. (Some messages may be suppressed 198c2ecf20Sopenharmony_ci * if syslogd is configured to eliminate duplicate messages.) 208c2ecf20Sopenharmony_ci */ 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci#include <linux/kernel.h> 238c2ecf20Sopenharmony_ci#include <linux/module.h> 248c2ecf20Sopenharmony_ci#include <linux/kprobes.h> 258c2ecf20Sopenharmony_ci#include <linux/ktime.h> 268c2ecf20Sopenharmony_ci#include <linux/limits.h> 278c2ecf20Sopenharmony_ci#include <linux/sched.h> 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_cistatic char func_name[NAME_MAX] = "kernel_clone"; 308c2ecf20Sopenharmony_cimodule_param_string(func, func_name, NAME_MAX, S_IRUGO); 318c2ecf20Sopenharmony_ciMODULE_PARM_DESC(func, "Function to kretprobe; this module will report the" 328c2ecf20Sopenharmony_ci " function's execution time"); 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ci/* per-instance private data */ 358c2ecf20Sopenharmony_cistruct my_data { 368c2ecf20Sopenharmony_ci ktime_t entry_stamp; 378c2ecf20Sopenharmony_ci}; 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ci/* Here we use the entry_hanlder to timestamp function entry */ 408c2ecf20Sopenharmony_cistatic int entry_handler(struct kretprobe_instance *ri, struct pt_regs *regs) 418c2ecf20Sopenharmony_ci{ 428c2ecf20Sopenharmony_ci struct my_data *data; 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_ci if (!current->mm) 458c2ecf20Sopenharmony_ci return 1; /* Skip kernel threads */ 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci data = (struct my_data *)ri->data; 488c2ecf20Sopenharmony_ci data->entry_stamp = ktime_get(); 498c2ecf20Sopenharmony_ci return 0; 508c2ecf20Sopenharmony_ci} 518c2ecf20Sopenharmony_ciNOKPROBE_SYMBOL(entry_handler); 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_ci/* 548c2ecf20Sopenharmony_ci * Return-probe handler: Log the return value and duration. Duration may turn 558c2ecf20Sopenharmony_ci * out to be zero consistently, depending upon the granularity of time 568c2ecf20Sopenharmony_ci * accounting on the platform. 578c2ecf20Sopenharmony_ci */ 588c2ecf20Sopenharmony_cistatic int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) 598c2ecf20Sopenharmony_ci{ 608c2ecf20Sopenharmony_ci unsigned long retval = regs_return_value(regs); 618c2ecf20Sopenharmony_ci struct my_data *data = (struct my_data *)ri->data; 628c2ecf20Sopenharmony_ci s64 delta; 638c2ecf20Sopenharmony_ci ktime_t now; 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci now = ktime_get(); 668c2ecf20Sopenharmony_ci delta = ktime_to_ns(ktime_sub(now, data->entry_stamp)); 678c2ecf20Sopenharmony_ci pr_info("%s returned %lu and took %lld ns to execute\n", 688c2ecf20Sopenharmony_ci func_name, retval, (long long)delta); 698c2ecf20Sopenharmony_ci return 0; 708c2ecf20Sopenharmony_ci} 718c2ecf20Sopenharmony_ciNOKPROBE_SYMBOL(ret_handler); 728c2ecf20Sopenharmony_ci 738c2ecf20Sopenharmony_cistatic struct kretprobe my_kretprobe = { 748c2ecf20Sopenharmony_ci .handler = ret_handler, 758c2ecf20Sopenharmony_ci .entry_handler = entry_handler, 768c2ecf20Sopenharmony_ci .data_size = sizeof(struct my_data), 778c2ecf20Sopenharmony_ci /* Probe up to 20 instances concurrently. */ 788c2ecf20Sopenharmony_ci .maxactive = 20, 798c2ecf20Sopenharmony_ci}; 808c2ecf20Sopenharmony_ci 818c2ecf20Sopenharmony_cistatic int __init kretprobe_init(void) 828c2ecf20Sopenharmony_ci{ 838c2ecf20Sopenharmony_ci int ret; 848c2ecf20Sopenharmony_ci 858c2ecf20Sopenharmony_ci my_kretprobe.kp.symbol_name = func_name; 868c2ecf20Sopenharmony_ci ret = register_kretprobe(&my_kretprobe); 878c2ecf20Sopenharmony_ci if (ret < 0) { 888c2ecf20Sopenharmony_ci pr_err("register_kretprobe failed, returned %d\n", ret); 898c2ecf20Sopenharmony_ci return ret; 908c2ecf20Sopenharmony_ci } 918c2ecf20Sopenharmony_ci pr_info("Planted return probe at %s: %p\n", 928c2ecf20Sopenharmony_ci my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr); 938c2ecf20Sopenharmony_ci return 0; 948c2ecf20Sopenharmony_ci} 958c2ecf20Sopenharmony_ci 968c2ecf20Sopenharmony_cistatic void __exit kretprobe_exit(void) 978c2ecf20Sopenharmony_ci{ 988c2ecf20Sopenharmony_ci unregister_kretprobe(&my_kretprobe); 998c2ecf20Sopenharmony_ci pr_info("kretprobe at %p unregistered\n", my_kretprobe.kp.addr); 1008c2ecf20Sopenharmony_ci 1018c2ecf20Sopenharmony_ci /* nmissed > 0 suggests that maxactive was set too low. */ 1028c2ecf20Sopenharmony_ci pr_info("Missed probing %d instances of %s\n", 1038c2ecf20Sopenharmony_ci my_kretprobe.nmissed, my_kretprobe.kp.symbol_name); 1048c2ecf20Sopenharmony_ci} 1058c2ecf20Sopenharmony_ci 1068c2ecf20Sopenharmony_cimodule_init(kretprobe_init) 1078c2ecf20Sopenharmony_cimodule_exit(kretprobe_exit) 1088c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 109