Commit | Line | Data |
---|---|---|
804defea AM |
1 | /* |
2 | * Here's a sample kernel module showing the use of jprobes to dump | |
54aea454 | 3 | * the arguments of _do_fork(). |
804defea AM |
4 | * |
5 | * For more information on theory of operation of jprobes, see | |
6 | * Documentation/kprobes.txt | |
7 | * | |
8 | * Build and insert the kernel module as done in the kprobe example. | |
9 | * You will see the trace data in /var/log/messages and on the | |
54aea454 | 10 | * console whenever _do_fork() is invoked to create a new process. |
804defea AM |
11 | * (Some messages may be suppressed if syslogd is configured to |
12 | * eliminate duplicate messages.) | |
13 | */ | |
14 | ||
15 | #include <linux/kernel.h> | |
16 | #include <linux/module.h> | |
17 | #include <linux/kprobes.h> | |
18 | ||
19 | /* | |
54aea454 | 20 | * Jumper probe for _do_fork. |
804defea AM |
21 | * Mirror principle enables access to arguments of the probed routine |
22 | * from the probe handler. | |
23 | */ | |
24 | ||
54aea454 PM |
25 | /* Proxy routine having the same arguments as actual _do_fork() routine */ |
26 | static long j_do_fork(unsigned long clone_flags, unsigned long stack_start, | |
e8ac6ea8 | 27 | unsigned long stack_size, int __user *parent_tidptr, |
603ac5df | 28 | int __user *child_tidptr, unsigned long tls) |
804defea | 29 | { |
e8ac6ea8 ME |
30 | pr_info("jprobe: clone_flags = 0x%lx, stack_start = 0x%lx " |
31 | "stack_size = 0x%lx\n", clone_flags, stack_start, stack_size); | |
804defea AM |
32 | |
33 | /* Always end with a call to jprobe_return(). */ | |
34 | jprobe_return(); | |
35 | return 0; | |
36 | } | |
37 | ||
38 | static struct jprobe my_jprobe = { | |
54aea454 | 39 | .entry = j_do_fork, |
804defea | 40 | .kp = { |
54aea454 | 41 | .symbol_name = "_do_fork", |
804defea AM |
42 | }, |
43 | }; | |
44 | ||
45 | static int __init jprobe_init(void) | |
46 | { | |
47 | int ret; | |
48 | ||
49 | ret = register_jprobe(&my_jprobe); | |
50 | if (ret < 0) { | |
468b8895 | 51 | pr_err("register_jprobe failed, returned %d\n", ret); |
804defea AM |
52 | return -1; |
53 | } | |
468b8895 | 54 | pr_info("Planted jprobe at %p, handler addr %p\n", |
804defea AM |
55 | my_jprobe.kp.addr, my_jprobe.entry); |
56 | return 0; | |
57 | } | |
58 | ||
59 | static void __exit jprobe_exit(void) | |
60 | { | |
61 | unregister_jprobe(&my_jprobe); | |
468b8895 | 62 | pr_info("jprobe at %p unregistered\n", my_jprobe.kp.addr); |
804defea AM |
63 | } |
64 | ||
65 | module_init(jprobe_init) | |
66 | module_exit(jprobe_exit) | |
67 | MODULE_LICENSE("GPL"); |