162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * kretprobe_example.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Here's a sample kernel module showing the use of return probes to 662306a36Sopenharmony_ci * report the return value and total time taken for probed function 762306a36Sopenharmony_ci * to run. 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * usage: insmod kretprobe_example.ko func=<func_name> 1062306a36Sopenharmony_ci * 1162306a36Sopenharmony_ci * If no func_name is specified, kernel_clone is instrumented 1262306a36Sopenharmony_ci * 1362306a36Sopenharmony_ci * For more information on theory of operation of kretprobes, see 1462306a36Sopenharmony_ci * Documentation/trace/kprobes.rst 1562306a36Sopenharmony_ci * 1662306a36Sopenharmony_ci * Build and insert the kernel module as done in the kprobe example. 1762306a36Sopenharmony_ci * You will see the trace data in /var/log/messages and on the console 1862306a36Sopenharmony_ci * whenever the probed function returns. (Some messages may be suppressed 1962306a36Sopenharmony_ci * if syslogd is configured to eliminate duplicate messages.) 2062306a36Sopenharmony_ci */ 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#include <linux/kernel.h> 2362306a36Sopenharmony_ci#include <linux/module.h> 2462306a36Sopenharmony_ci#include <linux/kprobes.h> 2562306a36Sopenharmony_ci#include <linux/ktime.h> 2662306a36Sopenharmony_ci#include <linux/sched.h> 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_cistatic char func_name[KSYM_NAME_LEN] = "kernel_clone"; 2962306a36Sopenharmony_cimodule_param_string(func, func_name, KSYM_NAME_LEN, 0644); 3062306a36Sopenharmony_ciMODULE_PARM_DESC(func, "Function to kretprobe; this module will report the" 3162306a36Sopenharmony_ci " function's execution time"); 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci/* per-instance private data */ 3462306a36Sopenharmony_cistruct my_data { 3562306a36Sopenharmony_ci ktime_t entry_stamp; 3662306a36Sopenharmony_ci}; 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ci/* Here we use the entry_hanlder to timestamp function entry */ 3962306a36Sopenharmony_cistatic int entry_handler(struct kretprobe_instance *ri, struct pt_regs *regs) 4062306a36Sopenharmony_ci{ 4162306a36Sopenharmony_ci struct my_data *data; 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_ci if (!current->mm) 4462306a36Sopenharmony_ci return 1; /* Skip kernel threads */ 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci data = (struct my_data *)ri->data; 4762306a36Sopenharmony_ci data->entry_stamp = ktime_get(); 4862306a36Sopenharmony_ci return 0; 4962306a36Sopenharmony_ci} 5062306a36Sopenharmony_ciNOKPROBE_SYMBOL(entry_handler); 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci/* 5362306a36Sopenharmony_ci * Return-probe handler: Log the return value and duration. Duration may turn 5462306a36Sopenharmony_ci * out to be zero consistently, depending upon the granularity of time 5562306a36Sopenharmony_ci * accounting on the platform. 5662306a36Sopenharmony_ci */ 5762306a36Sopenharmony_cistatic int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) 5862306a36Sopenharmony_ci{ 5962306a36Sopenharmony_ci unsigned long retval = regs_return_value(regs); 6062306a36Sopenharmony_ci struct my_data *data = (struct my_data *)ri->data; 6162306a36Sopenharmony_ci s64 delta; 6262306a36Sopenharmony_ci ktime_t now; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci now = ktime_get(); 6562306a36Sopenharmony_ci delta = ktime_to_ns(ktime_sub(now, data->entry_stamp)); 6662306a36Sopenharmony_ci pr_info("%s returned %lu and took %lld ns to execute\n", 6762306a36Sopenharmony_ci func_name, retval, (long long)delta); 6862306a36Sopenharmony_ci return 0; 6962306a36Sopenharmony_ci} 7062306a36Sopenharmony_ciNOKPROBE_SYMBOL(ret_handler); 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_cistatic struct kretprobe my_kretprobe = { 7362306a36Sopenharmony_ci .handler = ret_handler, 7462306a36Sopenharmony_ci .entry_handler = entry_handler, 7562306a36Sopenharmony_ci .data_size = sizeof(struct my_data), 7662306a36Sopenharmony_ci /* Probe up to 20 instances concurrently. */ 7762306a36Sopenharmony_ci .maxactive = 20, 7862306a36Sopenharmony_ci}; 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_cistatic int __init kretprobe_init(void) 8162306a36Sopenharmony_ci{ 8262306a36Sopenharmony_ci int ret; 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_ci my_kretprobe.kp.symbol_name = func_name; 8562306a36Sopenharmony_ci ret = register_kretprobe(&my_kretprobe); 8662306a36Sopenharmony_ci if (ret < 0) { 8762306a36Sopenharmony_ci pr_err("register_kretprobe failed, returned %d\n", ret); 8862306a36Sopenharmony_ci return ret; 8962306a36Sopenharmony_ci } 9062306a36Sopenharmony_ci pr_info("Planted return probe at %s: %p\n", 9162306a36Sopenharmony_ci my_kretprobe.kp.symbol_name, my_kretprobe.kp.addr); 9262306a36Sopenharmony_ci return 0; 9362306a36Sopenharmony_ci} 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_cistatic void __exit kretprobe_exit(void) 9662306a36Sopenharmony_ci{ 9762306a36Sopenharmony_ci unregister_kretprobe(&my_kretprobe); 9862306a36Sopenharmony_ci pr_info("kretprobe at %p unregistered\n", my_kretprobe.kp.addr); 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_ci /* nmissed > 0 suggests that maxactive was set too low. */ 10162306a36Sopenharmony_ci pr_info("Missed probing %d instances of %s\n", 10262306a36Sopenharmony_ci my_kretprobe.nmissed, my_kretprobe.kp.symbol_name); 10362306a36Sopenharmony_ci} 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_cimodule_init(kretprobe_init) 10662306a36Sopenharmony_cimodule_exit(kretprobe_exit) 10762306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 108