return0; } /* kprobe post_handler: called after the probed instruction is executed */ staticvoidhandler_post(struct kprobe *p, struct pt_regs *regs, unsignedlong flags) { pr_info("%s called\n", __func__); }
/* * fault_handler: this is called if an exception is generated for any * instruction within the pre- or post-handler, or when Kprobes * single-steps the probed instruction. */ staticinthandler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr) { printk(KERN_INFO "fault_handler: p->addr = 0x%p, trap #%dn", p->addr, trapnr); /* Return 0 because we don't handle the fault. */ return0; }
/* * This struct defines the way the registers are stored on the stack during an * exception. Note that sizeof(struct pt_regs) has to be a multiple of 16 (for * stack alignment). struct user_pt_regs must form a prefix of struct pt_regs. */ structpt_regs { union { structuser_pt_regsuser_regs; struct { u64 regs[31]; u64 sp; u64 pc; u64 pstate; }; }; u64 orig_x0; #ifdef __AARCH64EB__ u32 unused2; s32 syscallno; #else s32 syscallno; u32 unused2; #endif
u64 orig_addr_limit; /* Only valid when ARM64_HAS_IRQ_PRIO_MASKING is enabled. */ u64 pmr_save; u64 stackframe[2]; };
/* * kretprobe_example.c * * Here's a sample kernel module showing the use of return probes to * report the return value and total time taken for probed function * to run. * * usage: insmod kretprobe_example.ko func=<func_name> * * If no func_name is specified, inet_release is instrumented * * For more information on theory of operation of kretprobes, see * Documentation/kprobes.txt * * Build and insert the kernel module as done in the kprobe example. * You will see the trace data in /var/log/messages and on the console * whenever the probed function returns. (Some messages may be suppressed * if syslogd is configured to eliminate duplicate messages.) */
staticchar func_name[NAME_MAX] = "inet_release"; module_param_string(func, func_name, NAME_MAX, S_IRUGO); MODULE_PARM_DESC(func, "Function to kretprobe; this module will report the" " function's execution time");
/* per-instance private data */ structmy_data { ktime_t entry_stamp; };
/* Here we use the entry_hanlder to timestamp function entry */ staticintentry_handler(struct kretprobe_instance *ri, struct pt_regs *regs) { structmy_data *data;
if (!current->mm) return1; /* Skip kernel threads */
data = (struct my_data *)ri->data; data->entry_stamp = ktime_get(); return0; }
/* * Return-probe handler: Log the return value and duration. Duration may turn * out to be zero consistently, depending upon the granularity of time * accounting on the platform. */ staticintret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) { int retval = regs_return_value(regs); structmy_data *data = (struct my_data *)ri->data; s64 delta; ktime_t now;
now = ktime_get(); delta = ktime_to_ns(ktime_sub(now, data->entry_stamp));
printk(KERN_INFO "%s returned %d and took %lld ns to execute\n", func_name, retval, (longlong)delta); return0; }
/* nmissed > 0 suggests that maxactive was set too low. */ printk(KERN_INFO "Missed probing %d instances of %s\n", my_kretprobe.nmissed, my_kretprobe.kp.symbol_name); }
[60362.085372] inet_release returned 0 and took 16360 ns to execute [60362.091124] inet_release returned 0 and took 8880 ns to execute [60362.091147] inet_release returned 0 and took 7640 ns to execute [60362.091173] inet_release returned 0 and took 7900 ns to execute [60362.941665] inet_release returned 0 and took 9100 ns to execute [60363.099577] inet_release returned 0 and took 9240 ns to execute [60363.126682] inet_release returned 0 and took 6000 ns to execute [60363.153610] inet_release returned 0 and took 9060 ns to execute [60363.153820] inet_release returned 0 and took 3220 ns to execute [60363.154699] inet_release returned 0 and took 3260 ns to execute [60363.159178] inet_release returned 0 and took 3200 ns to execute [60363.180098] inet_release returned 0 and took 3080 ns to execute