1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Kprobes-based tracing events
4 *
5 * Created by Masami Hiramatsu <mhiramat@redhat.com>
6 *
7 */
8 #define pr_fmt(fmt) "trace_kprobe: " fmt
9
10 #include <linux/bpf-cgroup.h>
11 #include <linux/cleanup.h>
12 #include <linux/error-injection.h>
13 #include <linux/module.h>
14 #include <linux/rculist.h>
15 #include <linux/security.h>
16 #include <linux/uaccess.h>
17
18 #include <asm/setup.h> /* for COMMAND_LINE_SIZE */
19
20 #include "trace_dynevent.h"
21 #include "trace_kprobe_selftest.h"
22 #include "trace_probe.h"
23 #include "trace_probe_kernel.h"
24 #include "trace_probe_tmpl.h"
25
26 #define KPROBE_EVENT_SYSTEM "kprobes"
27 #define KRETPROBE_MAXACTIVE_MAX 4096
28
29 /* Kprobe early definition from command line */
30 static char kprobe_boot_events_buf[COMMAND_LINE_SIZE] __initdata;
31
set_kprobe_boot_events(char * str)32 static int __init set_kprobe_boot_events(char *str)
33 {
34 trace_append_boot_param(kprobe_boot_events_buf, str, ';',
35 COMMAND_LINE_SIZE);
36 disable_tracing_selftest("running kprobe events");
37
38 return 1;
39 }
40 __setup("kprobe_event=", set_kprobe_boot_events);
41
42 static int trace_kprobe_create(const char *raw_command);
43 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev);
44 static int trace_kprobe_release(struct dyn_event *ev);
45 static bool trace_kprobe_is_busy(struct dyn_event *ev);
46 static bool trace_kprobe_match(const char *system, const char *event,
47 int argc, const char **argv, struct dyn_event *ev);
48
49 static struct dyn_event_operations trace_kprobe_ops = {
50 .create = trace_kprobe_create,
51 .show = trace_kprobe_show,
52 .is_busy = trace_kprobe_is_busy,
53 .free = trace_kprobe_release,
54 .match = trace_kprobe_match,
55 };
56
57 /*
58 * Kprobe event core functions
59 */
60 struct trace_kprobe {
61 struct dyn_event devent;
62 struct kretprobe rp; /* Use rp.kp for kprobe use */
63 unsigned long __percpu *nhit;
64 const char *symbol; /* symbol name */
65 struct trace_probe tp;
66 };
67
is_trace_kprobe(struct dyn_event * ev)68 static bool is_trace_kprobe(struct dyn_event *ev)
69 {
70 return ev->ops == &trace_kprobe_ops;
71 }
72
to_trace_kprobe(struct dyn_event * ev)73 static struct trace_kprobe *to_trace_kprobe(struct dyn_event *ev)
74 {
75 return container_of(ev, struct trace_kprobe, devent);
76 }
77
78 /**
79 * for_each_trace_kprobe - iterate over the trace_kprobe list
80 * @pos: the struct trace_kprobe * for each entry
81 * @dpos: the struct dyn_event * to use as a loop cursor
82 */
83 #define for_each_trace_kprobe(pos, dpos) \
84 for_each_dyn_event(dpos) \
85 if (is_trace_kprobe(dpos) && (pos = to_trace_kprobe(dpos)))
86 #define trace_kprobe_list_empty() list_empty(&dyn_event_list)
87
trace_kprobe_is_return(struct trace_kprobe * tk)88 static nokprobe_inline bool trace_kprobe_is_return(struct trace_kprobe *tk)
89 {
90 return tk->rp.handler != NULL;
91 }
92
trace_kprobe_symbol(struct trace_kprobe * tk)93 static nokprobe_inline const char *trace_kprobe_symbol(struct trace_kprobe *tk)
94 {
95 return tk->symbol ? tk->symbol : "unknown";
96 }
97
trace_kprobe_offset(struct trace_kprobe * tk)98 static nokprobe_inline unsigned long trace_kprobe_offset(struct trace_kprobe *tk)
99 {
100 return tk->rp.kp.offset;
101 }
102
trace_kprobe_has_gone(struct trace_kprobe * tk)103 static nokprobe_inline bool trace_kprobe_has_gone(struct trace_kprobe *tk)
104 {
105 return kprobe_gone(&tk->rp.kp);
106 }
107
trace_kprobe_within_module(struct trace_kprobe * tk,struct module * mod)108 static nokprobe_inline bool trace_kprobe_within_module(struct trace_kprobe *tk,
109 struct module *mod)
110 {
111 int len = strlen(module_name(mod));
112 const char *name = trace_kprobe_symbol(tk);
113
114 return strncmp(module_name(mod), name, len) == 0 && name[len] == ':';
115 }
116
117 #ifdef CONFIG_MODULES
trace_kprobe_module_exist(struct trace_kprobe * tk)118 static nokprobe_inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
119 {
120 char *p;
121 bool ret;
122
123 if (!tk->symbol)
124 return false;
125 p = strchr(tk->symbol, ':');
126 if (!p)
127 return true;
128 *p = '\0';
129 scoped_guard(rcu)
130 ret = !!find_module(tk->symbol);
131 *p = ':';
132
133 return ret;
134 }
135 #else
trace_kprobe_module_exist(struct trace_kprobe * tk)136 static inline bool trace_kprobe_module_exist(struct trace_kprobe *tk)
137 {
138 return false;
139 }
140 #endif
141
trace_kprobe_is_busy(struct dyn_event * ev)142 static bool trace_kprobe_is_busy(struct dyn_event *ev)
143 {
144 struct trace_kprobe *tk = to_trace_kprobe(ev);
145
146 return trace_probe_is_enabled(&tk->tp);
147 }
148
trace_kprobe_match_command_head(struct trace_kprobe * tk,int argc,const char ** argv)149 static bool trace_kprobe_match_command_head(struct trace_kprobe *tk,
150 int argc, const char **argv)
151 {
152 char buf[MAX_ARGSTR_LEN + 1];
153
154 if (!argc)
155 return true;
156
157 if (!tk->symbol)
158 snprintf(buf, sizeof(buf), "0x%p", tk->rp.kp.addr);
159 else if (tk->rp.kp.offset)
160 snprintf(buf, sizeof(buf), "%s+%u",
161 trace_kprobe_symbol(tk), tk->rp.kp.offset);
162 else
163 snprintf(buf, sizeof(buf), "%s", trace_kprobe_symbol(tk));
164 if (strcmp(buf, argv[0]))
165 return false;
166 argc--; argv++;
167
168 return trace_probe_match_command_args(&tk->tp, argc, argv);
169 }
170
trace_kprobe_match(const char * system,const char * event,int argc,const char ** argv,struct dyn_event * ev)171 static bool trace_kprobe_match(const char *system, const char *event,
172 int argc, const char **argv, struct dyn_event *ev)
173 {
174 struct trace_kprobe *tk = to_trace_kprobe(ev);
175
176 return (event[0] == '\0' ||
177 strcmp(trace_probe_name(&tk->tp), event) == 0) &&
178 (!system || strcmp(trace_probe_group_name(&tk->tp), system) == 0) &&
179 trace_kprobe_match_command_head(tk, argc, argv);
180 }
181
trace_kprobe_nhit(struct trace_kprobe * tk)182 static nokprobe_inline unsigned long trace_kprobe_nhit(struct trace_kprobe *tk)
183 {
184 unsigned long nhit = 0;
185 int cpu;
186
187 for_each_possible_cpu(cpu)
188 nhit += *per_cpu_ptr(tk->nhit, cpu);
189
190 return nhit;
191 }
192
trace_kprobe_is_registered(struct trace_kprobe * tk)193 static nokprobe_inline bool trace_kprobe_is_registered(struct trace_kprobe *tk)
194 {
195 return !(list_empty(&tk->rp.kp.list) &&
196 hlist_unhashed(&tk->rp.kp.hlist));
197 }
198
199 /* Return 0 if it fails to find the symbol address */
200 static nokprobe_inline
trace_kprobe_address(struct trace_kprobe * tk)201 unsigned long trace_kprobe_address(struct trace_kprobe *tk)
202 {
203 unsigned long addr;
204
205 if (tk->symbol) {
206 addr = (unsigned long)
207 kallsyms_lookup_name(trace_kprobe_symbol(tk));
208 if (addr)
209 addr += tk->rp.kp.offset;
210 } else {
211 addr = (unsigned long)tk->rp.kp.addr;
212 }
213 return addr;
214 }
215
216 static nokprobe_inline struct trace_kprobe *
trace_kprobe_primary_from_call(struct trace_event_call * call)217 trace_kprobe_primary_from_call(struct trace_event_call *call)
218 {
219 struct trace_probe *tp;
220
221 tp = trace_probe_primary_from_call(call);
222 if (WARN_ON_ONCE(!tp))
223 return NULL;
224
225 return container_of(tp, struct trace_kprobe, tp);
226 }
227
trace_kprobe_on_func_entry(struct trace_event_call * call)228 bool trace_kprobe_on_func_entry(struct trace_event_call *call)
229 {
230 struct trace_kprobe *tk = trace_kprobe_primary_from_call(call);
231
232 return tk ? (kprobe_on_func_entry(tk->rp.kp.addr,
233 tk->rp.kp.addr ? NULL : tk->rp.kp.symbol_name,
234 tk->rp.kp.addr ? 0 : tk->rp.kp.offset) == 0) : false;
235 }
236
trace_kprobe_error_injectable(struct trace_event_call * call)237 bool trace_kprobe_error_injectable(struct trace_event_call *call)
238 {
239 struct trace_kprobe *tk = trace_kprobe_primary_from_call(call);
240
241 return tk ? within_error_injection_list(trace_kprobe_address(tk)) :
242 false;
243 }
244
245 static int register_kprobe_event(struct trace_kprobe *tk);
246 static int unregister_kprobe_event(struct trace_kprobe *tk);
247
248 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs);
249 static int kretprobe_dispatcher(struct kretprobe_instance *ri,
250 struct pt_regs *regs);
251
free_trace_kprobe(struct trace_kprobe * tk)252 static void free_trace_kprobe(struct trace_kprobe *tk)
253 {
254 if (tk) {
255 trace_probe_cleanup(&tk->tp);
256 kfree(tk->symbol);
257 free_percpu(tk->nhit);
258 kfree(tk);
259 }
260 }
261
262 DEFINE_FREE(free_trace_kprobe, struct trace_kprobe *,
263 if (!IS_ERR_OR_NULL(_T)) free_trace_kprobe(_T))
264
265 /*
266 * Allocate new trace_probe and initialize it (including kprobes).
267 */
alloc_trace_kprobe(const char * group,const char * event,void * addr,const char * symbol,unsigned long offs,int maxactive,int nargs,bool is_return)268 static struct trace_kprobe *alloc_trace_kprobe(const char *group,
269 const char *event,
270 void *addr,
271 const char *symbol,
272 unsigned long offs,
273 int maxactive,
274 int nargs, bool is_return)
275 {
276 struct trace_kprobe *tk __free(free_trace_kprobe) = NULL;
277 int ret = -ENOMEM;
278
279 tk = kzalloc_flex(*tk, tp.args, nargs);
280 if (!tk)
281 return ERR_PTR(ret);
282
283 tk->nhit = alloc_percpu(unsigned long);
284 if (!tk->nhit)
285 return ERR_PTR(ret);
286
287 if (symbol) {
288 tk->symbol = kstrdup(symbol, GFP_KERNEL);
289 if (!tk->symbol)
290 return ERR_PTR(ret);
291 tk->rp.kp.symbol_name = tk->symbol;
292 tk->rp.kp.offset = offs;
293 } else
294 tk->rp.kp.addr = addr;
295
296 if (is_return)
297 tk->rp.handler = kretprobe_dispatcher;
298 else
299 tk->rp.kp.pre_handler = kprobe_dispatcher;
300
301 tk->rp.maxactive = maxactive;
302 INIT_HLIST_NODE(&tk->rp.kp.hlist);
303 INIT_LIST_HEAD(&tk->rp.kp.list);
304
305 ret = trace_probe_init(&tk->tp, event, group, false, nargs);
306 if (ret < 0)
307 return ERR_PTR(ret);
308
309 dyn_event_init(&tk->devent, &trace_kprobe_ops);
310 return_ptr(tk);
311 }
312
find_trace_kprobe(const char * event,const char * group)313 static struct trace_kprobe *find_trace_kprobe(const char *event,
314 const char *group)
315 {
316 struct dyn_event *pos;
317 struct trace_kprobe *tk;
318
319 for_each_trace_kprobe(tk, pos)
320 if (strcmp(trace_probe_name(&tk->tp), event) == 0 &&
321 strcmp(trace_probe_group_name(&tk->tp), group) == 0)
322 return tk;
323 return NULL;
324 }
325
__enable_trace_kprobe(struct trace_kprobe * tk)326 static inline int __enable_trace_kprobe(struct trace_kprobe *tk)
327 {
328 int ret = 0;
329
330 if (trace_kprobe_is_registered(tk) && !trace_kprobe_has_gone(tk)) {
331 if (trace_kprobe_is_return(tk))
332 ret = enable_kretprobe(&tk->rp);
333 else
334 ret = enable_kprobe(&tk->rp.kp);
335 }
336
337 return ret;
338 }
339
__disable_trace_kprobe(struct trace_probe * tp)340 static void __disable_trace_kprobe(struct trace_probe *tp)
341 {
342 struct trace_kprobe *tk;
343
344 list_for_each_entry(tk, trace_probe_probe_list(tp), tp.list) {
345 if (!trace_kprobe_is_registered(tk))
346 continue;
347 if (trace_kprobe_is_return(tk))
348 disable_kretprobe(&tk->rp);
349 else
350 disable_kprobe(&tk->rp.kp);
351 }
352 }
353
354 /*
355 * Enable trace_probe
356 * if the file is NULL, enable "perf" handler, or enable "trace" handler.
357 */
enable_trace_kprobe(struct trace_event_call * call,struct trace_event_file * file)358 static int enable_trace_kprobe(struct trace_event_call *call,
359 struct trace_event_file *file)
360 {
361 struct trace_probe *tp;
362 struct trace_kprobe *tk;
363 bool enabled;
364 int ret = 0;
365
366 tp = trace_probe_primary_from_call(call);
367 if (WARN_ON_ONCE(!tp))
368 return -ENODEV;
369 enabled = trace_probe_is_enabled(tp);
370
371 /* This also changes "enabled" state */
372 if (file) {
373 ret = trace_probe_add_file(tp, file);
374 if (ret)
375 return ret;
376 } else
377 trace_probe_set_flag(tp, TP_FLAG_PROFILE);
378
379 if (enabled)
380 return 0;
381
382 list_for_each_entry(tk, trace_probe_probe_list(tp), tp.list) {
383 if (trace_kprobe_has_gone(tk))
384 continue;
385 ret = __enable_trace_kprobe(tk);
386 if (ret)
387 break;
388 enabled = true;
389 }
390
391 if (ret) {
392 /* Failed to enable one of them. Roll back all */
393 if (enabled)
394 __disable_trace_kprobe(tp);
395 if (file)
396 trace_probe_remove_file(tp, file);
397 else
398 trace_probe_clear_flag(tp, TP_FLAG_PROFILE);
399 }
400
401 return ret;
402 }
403
404 /*
405 * Disable trace_probe
406 * if the file is NULL, disable "perf" handler, or disable "trace" handler.
407 */
disable_trace_kprobe(struct trace_event_call * call,struct trace_event_file * file)408 static int disable_trace_kprobe(struct trace_event_call *call,
409 struct trace_event_file *file)
410 {
411 struct trace_probe *tp;
412
413 tp = trace_probe_primary_from_call(call);
414 if (WARN_ON_ONCE(!tp))
415 return -ENODEV;
416
417 if (file) {
418 if (!trace_probe_get_file_link(tp, file))
419 return -ENOENT;
420 if (!trace_probe_has_single_file(tp))
421 goto out;
422 trace_probe_clear_flag(tp, TP_FLAG_TRACE);
423 } else
424 trace_probe_clear_flag(tp, TP_FLAG_PROFILE);
425
426 if (!trace_probe_is_enabled(tp))
427 __disable_trace_kprobe(tp);
428
429 out:
430 if (file)
431 /*
432 * Synchronization is done in below function. For perf event,
433 * file == NULL and perf_trace_event_unreg() calls
434 * tracepoint_synchronize_unregister() to ensure synchronize
435 * event. We don't need to care about it.
436 */
437 trace_probe_remove_file(tp, file);
438
439 return 0;
440 }
441
442 #if defined(CONFIG_DYNAMIC_FTRACE) && \
443 !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE)
__within_notrace_func(unsigned long addr)444 static bool __within_notrace_func(unsigned long addr)
445 {
446 unsigned long offset, size;
447
448 if (!addr || !kallsyms_lookup_size_offset(addr, &size, &offset))
449 return false;
450
451 /* Get the entry address of the target function */
452 addr -= offset;
453
454 /*
455 * Since ftrace_location_range() does inclusive range check, we need
456 * to subtract 1 byte from the end address.
457 */
458 return !ftrace_location_range(addr, addr + size - 1);
459 }
460
within_notrace_func(struct trace_kprobe * tk)461 static bool within_notrace_func(struct trace_kprobe *tk)
462 {
463 unsigned long addr = trace_kprobe_address(tk);
464 char symname[KSYM_NAME_LEN], *p;
465
466 if (!__within_notrace_func(addr))
467 return false;
468
469 /* Check if the address is on a suffixed-symbol */
470 if (!lookup_symbol_name(addr, symname)) {
471 p = strchr(symname, '.');
472 if (!p)
473 return true;
474 *p = '\0';
475 addr = (unsigned long)kprobe_lookup_name(symname, 0);
476 if (addr)
477 return __within_notrace_func(addr);
478 }
479
480 return true;
481 }
482 #else
483 #define within_notrace_func(tk) (false)
484 #endif
485
486 /* Internal register function - just handle k*probes and flags */
__register_trace_kprobe(struct trace_kprobe * tk)487 static int __register_trace_kprobe(struct trace_kprobe *tk)
488 {
489 int i, ret;
490
491 ret = security_locked_down(LOCKDOWN_KPROBES);
492 if (ret)
493 return ret;
494
495 if (trace_kprobe_is_registered(tk))
496 return -EINVAL;
497
498 if (within_notrace_func(tk)) {
499 pr_warn("Could not probe notrace function %ps\n",
500 (void *)trace_kprobe_address(tk));
501 return -EINVAL;
502 }
503
504 for (i = 0; i < tk->tp.nr_args; i++) {
505 ret = traceprobe_update_arg(&tk->tp.args[i]);
506 if (ret)
507 return ret;
508 }
509
510 /* Set/clear disabled flag according to tp->flag */
511 if (trace_probe_is_enabled(&tk->tp))
512 tk->rp.kp.flags &= ~KPROBE_FLAG_DISABLED;
513 else
514 tk->rp.kp.flags |= KPROBE_FLAG_DISABLED;
515
516 if (trace_kprobe_is_return(tk))
517 ret = register_kretprobe(&tk->rp);
518 else
519 ret = register_kprobe(&tk->rp.kp);
520
521 return ret;
522 }
523
524 /* Internal unregister function - just handle k*probes and flags */
__unregister_trace_kprobe(struct trace_kprobe * tk)525 static void __unregister_trace_kprobe(struct trace_kprobe *tk)
526 {
527 if (trace_kprobe_is_registered(tk)) {
528 if (trace_kprobe_is_return(tk))
529 unregister_kretprobe(&tk->rp);
530 else
531 unregister_kprobe(&tk->rp.kp);
532 /* Cleanup kprobe for reuse and mark it unregistered */
533 INIT_HLIST_NODE(&tk->rp.kp.hlist);
534 INIT_LIST_HEAD(&tk->rp.kp.list);
535 if (tk->rp.kp.symbol_name)
536 tk->rp.kp.addr = NULL;
537 }
538 }
539
540 /* Unregister a trace_probe and probe_event */
unregister_trace_kprobe(struct trace_kprobe * tk)541 static int unregister_trace_kprobe(struct trace_kprobe *tk)
542 {
543 /* If other probes are on the event, just unregister kprobe */
544 if (trace_probe_has_sibling(&tk->tp))
545 goto unreg;
546
547 /* Enabled event can not be unregistered */
548 if (trace_probe_is_enabled(&tk->tp))
549 return -EBUSY;
550
551 /* If there's a reference to the dynamic event */
552 if (trace_event_dyn_busy(trace_probe_event_call(&tk->tp)))
553 return -EBUSY;
554
555 /* Will fail if probe is being used by ftrace or perf */
556 if (unregister_kprobe_event(tk))
557 return -EBUSY;
558
559 unreg:
560 __unregister_trace_kprobe(tk);
561 dyn_event_remove(&tk->devent);
562 trace_probe_unlink(&tk->tp);
563
564 return 0;
565 }
566
trace_kprobe_has_same_kprobe(struct trace_kprobe * orig,struct trace_kprobe * comp)567 static bool trace_kprobe_has_same_kprobe(struct trace_kprobe *orig,
568 struct trace_kprobe *comp)
569 {
570 struct trace_probe_event *tpe = orig->tp.event;
571 int i;
572
573 list_for_each_entry(orig, &tpe->probes, tp.list) {
574 if (strcmp(trace_kprobe_symbol(orig),
575 trace_kprobe_symbol(comp)) ||
576 trace_kprobe_offset(orig) != trace_kprobe_offset(comp))
577 continue;
578
579 /*
580 * trace_probe_compare_arg_type() ensured that nr_args and
581 * each argument name and type are same. Let's compare comm.
582 */
583 for (i = 0; i < orig->tp.nr_args; i++) {
584 if (strcmp(orig->tp.args[i].comm,
585 comp->tp.args[i].comm))
586 break;
587 }
588
589 if (i == orig->tp.nr_args)
590 return true;
591 }
592
593 return false;
594 }
595
append_trace_kprobe(struct trace_kprobe * tk,struct trace_kprobe * to)596 static int append_trace_kprobe(struct trace_kprobe *tk, struct trace_kprobe *to)
597 {
598 int ret;
599
600 ret = trace_probe_compare_arg_type(&tk->tp, &to->tp);
601 if (ret) {
602 /* Note that argument starts index = 2 */
603 trace_probe_log_set_index(ret + 1);
604 trace_probe_log_err(0, DIFF_ARG_TYPE);
605 return -EEXIST;
606 }
607 if (trace_kprobe_has_same_kprobe(to, tk)) {
608 trace_probe_log_set_index(0);
609 trace_probe_log_err(0, SAME_PROBE);
610 return -EEXIST;
611 }
612
613 /* Append to existing event */
614 ret = trace_probe_append(&tk->tp, &to->tp);
615 if (ret)
616 return ret;
617
618 /* Register k*probe */
619 ret = __register_trace_kprobe(tk);
620 if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) {
621 pr_warn("This probe might be able to register after target module is loaded. Continue.\n");
622 ret = 0;
623 }
624
625 if (ret)
626 trace_probe_unlink(&tk->tp);
627 else
628 dyn_event_add(&tk->devent, trace_probe_event_call(&tk->tp));
629
630 return ret;
631 }
632
633 /* Register a trace_probe and probe_event */
register_trace_kprobe(struct trace_kprobe * tk)634 static int register_trace_kprobe(struct trace_kprobe *tk)
635 {
636 struct trace_kprobe *old_tk;
637 int ret;
638
639 guard(mutex)(&event_mutex);
640
641 old_tk = find_trace_kprobe(trace_probe_name(&tk->tp),
642 trace_probe_group_name(&tk->tp));
643 if (old_tk) {
644 if (trace_kprobe_is_return(tk) != trace_kprobe_is_return(old_tk)) {
645 trace_probe_log_set_index(0);
646 trace_probe_log_err(0, DIFF_PROBE_TYPE);
647 return -EEXIST;
648 }
649 return append_trace_kprobe(tk, old_tk);
650 }
651
652 /* Register new event */
653 ret = register_kprobe_event(tk);
654 if (ret) {
655 if (ret == -EEXIST) {
656 trace_probe_log_set_index(0);
657 trace_probe_log_err(0, EVENT_EXIST);
658 } else
659 pr_warn("Failed to register probe event(%d)\n", ret);
660 return ret;
661 }
662
663 /* Register k*probe */
664 ret = __register_trace_kprobe(tk);
665 if (ret == -ENOENT && !trace_kprobe_module_exist(tk)) {
666 pr_warn("This probe might be able to register after target module is loaded. Continue.\n");
667 ret = 0;
668 }
669
670 if (ret < 0)
671 unregister_kprobe_event(tk);
672 else
673 dyn_event_add(&tk->devent, trace_probe_event_call(&tk->tp));
674
675 return ret;
676 }
677
678 #ifdef CONFIG_MODULES
679 static int validate_module_probe_symbol(const char *modname, const char *symbol);
680
register_module_trace_kprobe(struct module * mod,struct trace_kprobe * tk)681 static int register_module_trace_kprobe(struct module *mod, struct trace_kprobe *tk)
682 {
683 const char *p;
684 int ret = 0;
685
686 p = strchr(trace_kprobe_symbol(tk), ':');
687 if (p)
688 ret = validate_module_probe_symbol(module_name(mod), p + 1);
689 if (!ret)
690 ret = __register_trace_kprobe(tk);
691 return ret;
692 }
693
694 /* Module notifier call back, checking event on the module */
trace_kprobe_module_callback(struct notifier_block * nb,unsigned long val,void * data)695 static int trace_kprobe_module_callback(struct notifier_block *nb,
696 unsigned long val, void *data)
697 {
698 struct module *mod = data;
699 struct dyn_event *pos;
700 struct trace_kprobe *tk;
701 int ret;
702
703 if (val != MODULE_STATE_COMING)
704 return NOTIFY_DONE;
705
706 /* Update probes on coming module */
707 guard(mutex)(&event_mutex);
708 for_each_trace_kprobe(tk, pos) {
709 if (trace_kprobe_within_module(tk, mod)) {
710 /* Don't need to check busy - this should have gone. */
711 __unregister_trace_kprobe(tk);
712 ret = register_module_trace_kprobe(mod, tk);
713 if (ret)
714 pr_warn("Failed to re-register probe %s on %s: %d\n",
715 trace_probe_name(&tk->tp),
716 module_name(mod), ret);
717 }
718 }
719
720 return NOTIFY_DONE;
721 }
722
723 static struct notifier_block trace_kprobe_module_nb = {
724 .notifier_call = trace_kprobe_module_callback,
725 .priority = 2 /* Invoked after kprobe and jump_label module callback */
726 };
trace_kprobe_register_module_notifier(void)727 static int trace_kprobe_register_module_notifier(void)
728 {
729 return register_module_notifier(&trace_kprobe_module_nb);
730 }
731 #else
trace_kprobe_register_module_notifier(void)732 static int trace_kprobe_register_module_notifier(void)
733 {
734 return 0;
735 }
736 #endif /* CONFIG_MODULES */
737
count_symbols(void * data,unsigned long unused)738 static int count_symbols(void *data, unsigned long unused)
739 {
740 unsigned int *count = data;
741
742 (*count)++;
743
744 return 0;
745 }
746
747 struct sym_count_ctx {
748 unsigned int count;
749 const char *name;
750 };
751
count_mod_symbols(void * data,const char * name,unsigned long unused)752 static int count_mod_symbols(void *data, const char *name, unsigned long unused)
753 {
754 struct sym_count_ctx *ctx = data;
755
756 if (strcmp(name, ctx->name) == 0)
757 ctx->count++;
758
759 return 0;
760 }
761
number_of_same_symbols(const char * mod,const char * func_name)762 static unsigned int number_of_same_symbols(const char *mod, const char *func_name)
763 {
764 struct sym_count_ctx ctx = { .count = 0, .name = func_name };
765
766 if (!mod)
767 kallsyms_on_each_match_symbol(count_symbols, func_name, &ctx.count);
768
769 /*
770 * If the symbol is found in vmlinux, use vmlinux resolution only.
771 * This prevents module symbols from shadowing vmlinux symbols
772 * and causing -EADDRNOTAVAIL for unqualified kprobe targets.
773 */
774 if (!mod && ctx.count > 0)
775 return ctx.count;
776
777 module_kallsyms_on_each_symbol(mod, count_mod_symbols, &ctx);
778
779 return ctx.count;
780 }
781
validate_module_probe_symbol(const char * modname,const char * symbol)782 static int validate_module_probe_symbol(const char *modname, const char *symbol)
783 {
784 unsigned int count = number_of_same_symbols(modname, symbol);
785
786 if (count > 1) {
787 /*
788 * Users should use ADDR to remove the ambiguity of
789 * using KSYM only.
790 */
791 return -EADDRNOTAVAIL;
792 } else if (count == 0) {
793 /*
794 * We can return ENOENT earlier than when register the
795 * kprobe.
796 */
797 return -ENOENT;
798 }
799 return 0;
800 }
801
802 #ifdef CONFIG_MODULES
803 /* Return NULL if the module is not loaded or under unloading. */
try_module_get_by_name(const char * name)804 static struct module *try_module_get_by_name(const char *name)
805 {
806 struct module *mod;
807
808 guard(rcu)();
809 mod = find_module(name);
810 if (mod && !try_module_get(mod))
811 mod = NULL;
812 return mod;
813 }
814 #else
815 #define try_module_get_by_name(name) (NULL)
816 #endif
817
validate_probe_symbol(char * symbol)818 static int validate_probe_symbol(char *symbol)
819 {
820 struct module *mod = NULL;
821 char *modname = NULL, *p;
822 int ret = 0;
823
824 p = strchr(symbol, ':');
825 if (p) {
826 modname = symbol;
827 symbol = p + 1;
828 *p = '\0';
829 mod = try_module_get_by_name(modname);
830 if (!mod)
831 goto out;
832 }
833
834 ret = validate_module_probe_symbol(modname, symbol);
835 out:
836 if (p)
837 *p = ':';
838 if (mod)
839 module_put(mod);
840 return ret;
841 }
842
843 static int trace_kprobe_entry_handler(struct kretprobe_instance *ri,
844 struct pt_regs *regs);
845
trace_kprobe_create_internal(int argc,const char * argv[],struct traceprobe_parse_context * ctx)846 static int trace_kprobe_create_internal(int argc, const char *argv[],
847 struct traceprobe_parse_context *ctx)
848 {
849 /*
850 * Argument syntax:
851 * - Add kprobe:
852 * p[:[GRP/][EVENT]] [MOD:]KSYM[+OFFS]|KADDR [FETCHARGS]
853 * - Add kretprobe:
854 * r[MAXACTIVE][:[GRP/][EVENT]] [MOD:]KSYM[+0] [FETCHARGS]
855 * Or
856 * p[:[GRP/][EVENT]] [MOD:]KSYM[+0]%return [FETCHARGS]
857 *
858 * Fetch args:
859 * $retval : fetch return value
860 * $stack : fetch stack address
861 * $stackN : fetch Nth of stack (N:0-)
862 * $comm : fetch current task comm
863 * @ADDR : fetch memory at ADDR (ADDR should be in kernel)
864 * @SYM[+|-offs] : fetch memory at SYM +|- offs (SYM is a data symbol)
865 * %REG : fetch register REG
866 * Dereferencing memory fetch:
867 * +|-offs(ARG) : fetch memory at ARG +|- offs address.
868 * Alias name of args:
869 * NAME=FETCHARG : set NAME as alias of FETCHARG.
870 * Type of args:
871 * FETCHARG:TYPE : use TYPE instead of unsigned long.
872 */
873 struct trace_kprobe *tk __free(free_trace_kprobe) = NULL;
874 const char *event = NULL, *group = KPROBE_EVENT_SYSTEM;
875 const char **new_argv __free(kfree) = NULL;
876 int i, len, new_argc = 0, ret = 0;
877 char *symbol __free(kfree) = NULL;
878 char *ebuf __free(kfree) = NULL;
879 char *gbuf __free(kfree) = NULL;
880 char *abuf __free(kfree) = NULL;
881 char *dbuf __free(kfree) = NULL;
882 enum probe_print_type ptype;
883 bool is_return = false;
884 int maxactive = 0;
885 void *addr = NULL;
886 char *tmp = NULL;
887 long offset = 0;
888
889 switch (argv[0][0]) {
890 case 'r':
891 is_return = true;
892 break;
893 case 'p':
894 break;
895 default:
896 return -ECANCELED;
897 }
898 if (argc < 2)
899 return -ECANCELED;
900
901 event = strchr(&argv[0][1], ':');
902 if (event)
903 event++;
904
905 if (isdigit(argv[0][1])) {
906 char *buf __free(kfree) = NULL;
907
908 if (!is_return) {
909 trace_probe_log_err(1, BAD_MAXACT_TYPE);
910 return -EINVAL;
911 }
912 if (event)
913 len = event - &argv[0][1] - 1;
914 else
915 len = strlen(&argv[0][1]);
916 if (len > MAX_EVENT_NAME_LEN - 1) {
917 trace_probe_log_err(1, BAD_MAXACT);
918 return -EINVAL;
919 }
920 buf = kmemdup(&argv[0][1], len + 1, GFP_KERNEL);
921 if (!buf)
922 return -ENOMEM;
923 buf[len] = '\0';
924 ret = kstrtouint(buf, 0, &maxactive);
925 if (ret || !maxactive) {
926 trace_probe_log_err(1, BAD_MAXACT);
927 return -EINVAL;
928 }
929 /* kretprobes instances are iterated over via a list. The
930 * maximum should stay reasonable.
931 */
932 if (maxactive > KRETPROBE_MAXACTIVE_MAX) {
933 trace_probe_log_err(1, MAXACT_TOO_BIG);
934 return -EINVAL;
935 }
936 }
937
938 /* try to parse an address. if that fails, try to read the
939 * input as a symbol. */
940 if (kstrtoul(argv[1], 0, (unsigned long *)&addr)) {
941 trace_probe_log_set_index(1);
942 /* Check whether uprobe event specified */
943 if (strchr(argv[1], '/') && strchr(argv[1], ':'))
944 return -ECANCELED;
945
946 /* a symbol specified */
947 symbol = kstrdup(argv[1], GFP_KERNEL);
948 if (!symbol)
949 return -ENOMEM;
950
951 tmp = strchr(symbol, '%');
952 if (tmp) {
953 if (!strcmp(tmp, "%return")) {
954 *tmp = '\0';
955 is_return = true;
956 } else {
957 trace_probe_log_err(tmp - symbol, BAD_ADDR_SUFFIX);
958 return -EINVAL;
959 }
960 }
961
962 /* TODO: support .init module functions */
963 ret = traceprobe_split_symbol_offset(symbol, &offset);
964 if (ret || offset < 0 || offset > UINT_MAX) {
965 trace_probe_log_err(0, BAD_PROBE_ADDR);
966 return -EINVAL;
967 }
968 ret = validate_probe_symbol(symbol);
969 if (ret) {
970 if (ret == -EADDRNOTAVAIL)
971 trace_probe_log_err(0, NON_UNIQ_SYMBOL);
972 else
973 trace_probe_log_err(0, BAD_PROBE_ADDR);
974 return -EINVAL;
975 }
976 if (is_return)
977 ctx->flags |= TPARG_FL_RETURN;
978 ret = kprobe_on_func_entry(NULL, symbol, offset);
979 if (ret == 0 && !is_return)
980 ctx->flags |= TPARG_FL_FENTRY;
981 /* Defer the ENOENT case until register kprobe */
982 if (ret == -EINVAL && is_return) {
983 trace_probe_log_err(0, BAD_RETPROBE);
984 return -EINVAL;
985 }
986 }
987
988 trace_probe_log_set_index(0);
989 if (event) {
990 gbuf = kmalloc(MAX_EVENT_NAME_LEN, GFP_KERNEL);
991 if (!gbuf)
992 return -ENOMEM;
993 ret = traceprobe_parse_event_name(&event, &group, gbuf,
994 event - argv[0]);
995 if (ret)
996 return ret;
997 }
998
999 if (!event) {
1000 /* Make a new event name */
1001 ebuf = kmalloc(MAX_EVENT_NAME_LEN, GFP_KERNEL);
1002 if (!ebuf)
1003 return -ENOMEM;
1004 if (symbol)
1005 snprintf(ebuf, MAX_EVENT_NAME_LEN, "%c_%s_%ld",
1006 is_return ? 'r' : 'p', symbol, offset);
1007 else
1008 snprintf(ebuf, MAX_EVENT_NAME_LEN, "%c_0x%p",
1009 is_return ? 'r' : 'p', addr);
1010 sanitize_event_name(ebuf);
1011 event = ebuf;
1012 }
1013
1014 abuf = kmalloc(MAX_BTF_ARGS_LEN, GFP_KERNEL);
1015 if (!abuf)
1016 return -ENOMEM;
1017 argc -= 2; argv += 2;
1018 ctx->funcname = symbol;
1019 new_argv = traceprobe_expand_meta_args(argc, argv, &new_argc,
1020 abuf, MAX_BTF_ARGS_LEN, ctx);
1021 if (IS_ERR(new_argv)) {
1022 ret = PTR_ERR(new_argv);
1023 new_argv = NULL;
1024 return ret;
1025 }
1026 if (new_argv) {
1027 argc = new_argc;
1028 argv = new_argv;
1029 }
1030 if (argc > MAX_TRACE_ARGS) {
1031 trace_probe_log_set_index(2);
1032 trace_probe_log_err(0, TOO_MANY_ARGS);
1033 return -E2BIG;
1034 }
1035
1036 ret = traceprobe_expand_dentry_args(argc, argv, &dbuf);
1037 if (ret)
1038 return ret;
1039
1040 /* setup a probe */
1041 tk = alloc_trace_kprobe(group, event, addr, symbol, offset, maxactive,
1042 argc, is_return);
1043 if (IS_ERR(tk)) {
1044 ret = PTR_ERR(tk);
1045 /* This must return -ENOMEM, else there is a bug */
1046 WARN_ON_ONCE(ret != -ENOMEM);
1047 return ret; /* We know tk is not allocated */
1048 }
1049
1050 /* parse arguments */
1051 for (i = 0; i < argc; i++) {
1052 trace_probe_log_set_index(i + 2);
1053 ctx->offset = 0;
1054 ret = traceprobe_parse_probe_arg(&tk->tp, i, argv[i], ctx);
1055 if (ret)
1056 return ret; /* This can be -ENOMEM */
1057 }
1058 /* entry handler for kretprobe */
1059 if (is_return && tk->tp.entry_arg) {
1060 tk->rp.entry_handler = trace_kprobe_entry_handler;
1061 tk->rp.data_size = traceprobe_get_entry_data_size(&tk->tp);
1062 }
1063
1064 ptype = is_return ? PROBE_PRINT_RETURN : PROBE_PRINT_NORMAL;
1065 ret = traceprobe_set_print_fmt(&tk->tp, ptype);
1066 if (ret < 0)
1067 return ret;
1068
1069 ret = register_trace_kprobe(tk);
1070 if (ret) {
1071 trace_probe_log_set_index(1);
1072 if (ret == -EILSEQ)
1073 trace_probe_log_err(0, BAD_INSN_BNDRY);
1074 else if (ret == -ENOENT)
1075 trace_probe_log_err(0, BAD_PROBE_ADDR);
1076 else if (ret != -ENOMEM && ret != -EEXIST)
1077 trace_probe_log_err(0, FAIL_REG_PROBE);
1078 return ret;
1079 }
1080 /*
1081 * Here, 'tk' has been registered to the list successfully,
1082 * so we don't need to free it.
1083 */
1084 tk = NULL;
1085
1086 return 0;
1087 }
1088
trace_kprobe_create_cb(int argc,const char * argv[])1089 static int trace_kprobe_create_cb(int argc, const char *argv[])
1090 {
1091 struct traceprobe_parse_context *ctx __free(traceprobe_parse_context) = NULL;
1092 int ret;
1093
1094 ctx = kzalloc_obj(*ctx);
1095 if (!ctx)
1096 return -ENOMEM;
1097 ctx->flags = TPARG_FL_KERNEL;
1098
1099 trace_probe_log_init("trace_kprobe", argc, argv);
1100
1101 ret = trace_kprobe_create_internal(argc, argv, ctx);
1102
1103 trace_probe_log_clear();
1104 return ret;
1105 }
1106
trace_kprobe_create(const char * raw_command)1107 static int trace_kprobe_create(const char *raw_command)
1108 {
1109 return trace_probe_create(raw_command, trace_kprobe_create_cb);
1110 }
1111
create_or_delete_trace_kprobe(const char * raw_command)1112 static int create_or_delete_trace_kprobe(const char *raw_command)
1113 {
1114 int ret;
1115
1116 if (raw_command[0] == '-')
1117 return dyn_event_release(raw_command, &trace_kprobe_ops);
1118
1119 ret = dyn_event_create(raw_command, &trace_kprobe_ops);
1120 return ret == -ECANCELED ? -EINVAL : ret;
1121 }
1122
trace_kprobe_run_command(struct dynevent_cmd * cmd)1123 static int trace_kprobe_run_command(struct dynevent_cmd *cmd)
1124 {
1125 return create_or_delete_trace_kprobe(cmd->seq.buffer);
1126 }
1127
1128 /**
1129 * kprobe_event_cmd_init - Initialize a kprobe event command object
1130 * @cmd: A pointer to the dynevent_cmd struct representing the new event
1131 * @buf: A pointer to the buffer used to build the command
1132 * @maxlen: The length of the buffer passed in @buf
1133 *
1134 * Initialize a synthetic event command object. Use this before
1135 * calling any of the other kprobe_event functions.
1136 */
kprobe_event_cmd_init(struct dynevent_cmd * cmd,char * buf,int maxlen)1137 void kprobe_event_cmd_init(struct dynevent_cmd *cmd, char *buf, int maxlen)
1138 {
1139 dynevent_cmd_init(cmd, buf, maxlen, DYNEVENT_TYPE_KPROBE,
1140 trace_kprobe_run_command);
1141 }
1142 EXPORT_SYMBOL_GPL(kprobe_event_cmd_init);
1143
1144 /**
1145 * __kprobe_event_gen_cmd_start - Generate a kprobe event command from arg list
1146 * @cmd: A pointer to the dynevent_cmd struct representing the new event
1147 * @kretprobe: Is this a return probe?
1148 * @name: The name of the kprobe event
1149 * @loc: The location of the kprobe event
1150 * @...: Variable number of arg (pairs), one pair for each field
1151 *
1152 * NOTE: Users normally won't want to call this function directly, but
1153 * rather use the kprobe_event_gen_cmd_start() wrapper, which automatically
1154 * adds a NULL to the end of the arg list. If this function is used
1155 * directly, make sure the last arg in the variable arg list is NULL.
1156 *
1157 * Generate a kprobe event command to be executed by
1158 * kprobe_event_gen_cmd_end(). This function can be used to generate the
1159 * complete command or only the first part of it; in the latter case,
1160 * kprobe_event_add_fields() can be used to add more fields following this.
1161 *
1162 * Unlikely the synth_event_gen_cmd_start(), @loc must be specified. This
1163 * returns -EINVAL if @loc == NULL.
1164 *
1165 * Return: 0 if successful, error otherwise.
1166 */
__kprobe_event_gen_cmd_start(struct dynevent_cmd * cmd,bool kretprobe,const char * name,const char * loc,...)1167 int __kprobe_event_gen_cmd_start(struct dynevent_cmd *cmd, bool kretprobe,
1168 const char *name, const char *loc, ...)
1169 {
1170 char buf[MAX_EVENT_NAME_LEN];
1171 struct dynevent_arg arg;
1172 va_list args;
1173 int ret;
1174
1175 if (cmd->type != DYNEVENT_TYPE_KPROBE)
1176 return -EINVAL;
1177
1178 if (!loc)
1179 return -EINVAL;
1180
1181 if (kretprobe)
1182 snprintf(buf, MAX_EVENT_NAME_LEN, "r:kprobes/%s", name);
1183 else
1184 snprintf(buf, MAX_EVENT_NAME_LEN, "p:kprobes/%s", name);
1185
1186 ret = dynevent_str_add(cmd, buf);
1187 if (ret)
1188 return ret;
1189
1190 dynevent_arg_init(&arg, 0);
1191 arg.str = loc;
1192 ret = dynevent_arg_add(cmd, &arg, NULL);
1193 if (ret)
1194 return ret;
1195
1196 va_start(args, loc);
1197 for (;;) {
1198 const char *field;
1199
1200 field = va_arg(args, const char *);
1201 if (!field)
1202 break;
1203
1204 if (++cmd->n_fields > MAX_TRACE_ARGS) {
1205 ret = -EINVAL;
1206 break;
1207 }
1208
1209 arg.str = field;
1210 ret = dynevent_arg_add(cmd, &arg, NULL);
1211 if (ret)
1212 break;
1213 }
1214 va_end(args);
1215
1216 return ret;
1217 }
1218 EXPORT_SYMBOL_GPL(__kprobe_event_gen_cmd_start);
1219
1220 /**
1221 * __kprobe_event_add_fields - Add probe fields to a kprobe command from arg list
1222 * @cmd: A pointer to the dynevent_cmd struct representing the new event
1223 * @...: Variable number of arg (pairs), one pair for each field
1224 *
1225 * NOTE: Users normally won't want to call this function directly, but
1226 * rather use the kprobe_event_add_fields() wrapper, which
1227 * automatically adds a NULL to the end of the arg list. If this
1228 * function is used directly, make sure the last arg in the variable
1229 * arg list is NULL.
1230 *
1231 * Add probe fields to an existing kprobe command using a variable
1232 * list of args. Fields are added in the same order they're listed.
1233 *
1234 * Return: 0 if successful, error otherwise.
1235 */
__kprobe_event_add_fields(struct dynevent_cmd * cmd,...)1236 int __kprobe_event_add_fields(struct dynevent_cmd *cmd, ...)
1237 {
1238 struct dynevent_arg arg;
1239 va_list args;
1240 int ret = 0;
1241
1242 if (cmd->type != DYNEVENT_TYPE_KPROBE)
1243 return -EINVAL;
1244
1245 dynevent_arg_init(&arg, 0);
1246
1247 va_start(args, cmd);
1248 for (;;) {
1249 const char *field;
1250
1251 field = va_arg(args, const char *);
1252 if (!field)
1253 break;
1254
1255 if (++cmd->n_fields > MAX_TRACE_ARGS) {
1256 ret = -EINVAL;
1257 break;
1258 }
1259
1260 arg.str = field;
1261 ret = dynevent_arg_add(cmd, &arg, NULL);
1262 if (ret)
1263 break;
1264 }
1265 va_end(args);
1266
1267 return ret;
1268 }
1269 EXPORT_SYMBOL_GPL(__kprobe_event_add_fields);
1270
1271 /**
1272 * kprobe_event_delete - Delete a kprobe event
1273 * @name: The name of the kprobe event to delete
1274 *
1275 * Delete a kprobe event with the give @name from kernel code rather
1276 * than directly from the command line.
1277 *
1278 * Return: 0 if successful, error otherwise.
1279 */
kprobe_event_delete(const char * name)1280 int kprobe_event_delete(const char *name)
1281 {
1282 char buf[MAX_EVENT_NAME_LEN];
1283
1284 snprintf(buf, MAX_EVENT_NAME_LEN, "-:%s", name);
1285
1286 return create_or_delete_trace_kprobe(buf);
1287 }
1288 EXPORT_SYMBOL_GPL(kprobe_event_delete);
1289
trace_kprobe_release(struct dyn_event * ev)1290 static int trace_kprobe_release(struct dyn_event *ev)
1291 {
1292 struct trace_kprobe *tk = to_trace_kprobe(ev);
1293 int ret = unregister_trace_kprobe(tk);
1294
1295 if (!ret)
1296 free_trace_kprobe(tk);
1297 return ret;
1298 }
1299
trace_kprobe_show(struct seq_file * m,struct dyn_event * ev)1300 static int trace_kprobe_show(struct seq_file *m, struct dyn_event *ev)
1301 {
1302 struct trace_kprobe *tk = to_trace_kprobe(ev);
1303 int i;
1304
1305 seq_putc(m, trace_kprobe_is_return(tk) ? 'r' : 'p');
1306 if (trace_kprobe_is_return(tk) && tk->rp.maxactive)
1307 seq_printf(m, "%d", tk->rp.maxactive);
1308 seq_printf(m, ":%s/%s", trace_probe_group_name(&tk->tp),
1309 trace_probe_name(&tk->tp));
1310
1311 if (!tk->symbol)
1312 seq_printf(m, " 0x%p", tk->rp.kp.addr);
1313 else if (tk->rp.kp.offset)
1314 seq_printf(m, " %s+%u", trace_kprobe_symbol(tk),
1315 tk->rp.kp.offset);
1316 else
1317 seq_printf(m, " %s", trace_kprobe_symbol(tk));
1318
1319 for (i = 0; i < tk->tp.nr_args; i++)
1320 seq_printf(m, " %s=%s", tk->tp.args[i].name, tk->tp.args[i].comm);
1321 seq_putc(m, '\n');
1322
1323 return 0;
1324 }
1325
probes_seq_show(struct seq_file * m,void * v)1326 static int probes_seq_show(struct seq_file *m, void *v)
1327 {
1328 struct dyn_event *ev = v;
1329
1330 if (!is_trace_kprobe(ev))
1331 return 0;
1332
1333 return trace_kprobe_show(m, ev);
1334 }
1335
1336 static const struct seq_operations probes_seq_op = {
1337 .start = dyn_event_seq_start,
1338 .next = dyn_event_seq_next,
1339 .stop = dyn_event_seq_stop,
1340 .show = probes_seq_show
1341 };
1342
probes_open(struct inode * inode,struct file * file)1343 static int probes_open(struct inode *inode, struct file *file)
1344 {
1345 int ret;
1346
1347 ret = security_locked_down(LOCKDOWN_TRACEFS);
1348 if (ret)
1349 return ret;
1350
1351 if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
1352 ret = dyn_events_release_all(&trace_kprobe_ops);
1353 if (ret < 0)
1354 return ret;
1355 }
1356
1357 return seq_open(file, &probes_seq_op);
1358 }
1359
probes_write(struct file * file,const char __user * buffer,size_t count,loff_t * ppos)1360 static ssize_t probes_write(struct file *file, const char __user *buffer,
1361 size_t count, loff_t *ppos)
1362 {
1363 return trace_parse_run_command(file, buffer, count, ppos,
1364 create_or_delete_trace_kprobe);
1365 }
1366
1367 static const struct file_operations kprobe_events_ops = {
1368 .owner = THIS_MODULE,
1369 .open = probes_open,
1370 .read = seq_read,
1371 .llseek = seq_lseek,
1372 .release = seq_release,
1373 .write = probes_write,
1374 };
1375
trace_kprobe_missed(struct trace_kprobe * tk)1376 static unsigned long trace_kprobe_missed(struct trace_kprobe *tk)
1377 {
1378 return trace_kprobe_is_return(tk) ?
1379 tk->rp.kp.nmissed + tk->rp.nmissed : tk->rp.kp.nmissed;
1380 }
1381
1382 /* Probes profiling interfaces */
probes_profile_seq_show(struct seq_file * m,void * v)1383 static int probes_profile_seq_show(struct seq_file *m, void *v)
1384 {
1385 struct dyn_event *ev = v;
1386 struct trace_kprobe *tk;
1387 unsigned long nmissed;
1388
1389 if (!is_trace_kprobe(ev))
1390 return 0;
1391
1392 tk = to_trace_kprobe(ev);
1393 nmissed = trace_kprobe_missed(tk);
1394 seq_printf(m, " %-44s %15lu %15lu\n",
1395 trace_probe_name(&tk->tp),
1396 trace_kprobe_nhit(tk),
1397 nmissed);
1398
1399 return 0;
1400 }
1401
1402 static const struct seq_operations profile_seq_op = {
1403 .start = dyn_event_seq_start,
1404 .next = dyn_event_seq_next,
1405 .stop = dyn_event_seq_stop,
1406 .show = probes_profile_seq_show
1407 };
1408
profile_open(struct inode * inode,struct file * file)1409 static int profile_open(struct inode *inode, struct file *file)
1410 {
1411 int ret;
1412
1413 ret = security_locked_down(LOCKDOWN_TRACEFS);
1414 if (ret)
1415 return ret;
1416
1417 return seq_open(file, &profile_seq_op);
1418 }
1419
1420 static const struct file_operations kprobe_profile_ops = {
1421 .owner = THIS_MODULE,
1422 .open = profile_open,
1423 .read = seq_read,
1424 .llseek = seq_lseek,
1425 .release = seq_release,
1426 };
1427
1428 /* Note that we don't verify it, since the code does not come from user space */
1429 static int
process_fetch_insn(struct fetch_insn * code,void * rec,void * edata,void * dest,void * base)1430 process_fetch_insn(struct fetch_insn *code, void *rec, void *edata,
1431 void *dest, void *base)
1432 {
1433 struct pt_regs *regs = rec;
1434 unsigned long val;
1435 int ret;
1436
1437 retry:
1438 /* 1st stage: get value from context */
1439 switch (code->op) {
1440 case FETCH_OP_REG:
1441 val = regs_get_register(regs, code->param);
1442 break;
1443 case FETCH_OP_STACK:
1444 val = regs_get_kernel_stack_nth(regs, code->param);
1445 break;
1446 case FETCH_OP_STACKP:
1447 val = kernel_stack_pointer(regs);
1448 break;
1449 case FETCH_OP_RETVAL:
1450 val = regs_return_value(regs);
1451 break;
1452 #ifdef CONFIG_HAVE_FUNCTION_ARG_ACCESS_API
1453 case FETCH_OP_ARG:
1454 val = regs_get_kernel_argument(regs, code->param);
1455 break;
1456 case FETCH_OP_EDATA:
1457 val = *(unsigned long *)((unsigned long)edata + code->offset);
1458 break;
1459 #endif
1460 case FETCH_NOP_SYMBOL: /* Ignore a place holder */
1461 code++;
1462 goto retry;
1463 default:
1464 ret = process_common_fetch_insn(code, &val);
1465 if (ret < 0)
1466 return ret;
1467 }
1468 code++;
1469
1470 return process_fetch_insn_bottom(code, val, dest, base);
1471 }
NOKPROBE_SYMBOL(process_fetch_insn)1472 NOKPROBE_SYMBOL(process_fetch_insn)
1473
1474 /* Kprobe handler */
1475 static nokprobe_inline void
1476 __kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs,
1477 struct trace_event_file *trace_file)
1478 {
1479 struct kprobe_trace_entry_head *entry;
1480 struct trace_event_call *call = trace_probe_event_call(&tk->tp);
1481 struct trace_event_buffer fbuffer;
1482 int dsize;
1483
1484 WARN_ON(call != trace_file->event_call);
1485
1486 if (trace_trigger_soft_disabled(trace_file))
1487 return;
1488
1489 dsize = __get_data_size(&tk->tp, regs, NULL);
1490
1491 entry = trace_event_buffer_reserve(&fbuffer, trace_file,
1492 sizeof(*entry) + tk->tp.size + dsize);
1493 if (!entry)
1494 return;
1495
1496 fbuffer.regs = regs;
1497 entry->ip = (unsigned long)tk->rp.kp.addr;
1498 store_trace_args(&entry[1], &tk->tp, regs, NULL, sizeof(*entry), dsize);
1499
1500 trace_event_buffer_commit(&fbuffer);
1501 }
1502
1503 static void
kprobe_trace_func(struct trace_kprobe * tk,struct pt_regs * regs)1504 kprobe_trace_func(struct trace_kprobe *tk, struct pt_regs *regs)
1505 {
1506 struct event_file_link *link;
1507
1508 trace_probe_for_each_link_rcu(link, &tk->tp)
1509 __kprobe_trace_func(tk, regs, link->file);
1510 }
1511 NOKPROBE_SYMBOL(kprobe_trace_func);
1512
1513 /* Kretprobe handler */
1514
trace_kprobe_entry_handler(struct kretprobe_instance * ri,struct pt_regs * regs)1515 static int trace_kprobe_entry_handler(struct kretprobe_instance *ri,
1516 struct pt_regs *regs)
1517 {
1518 struct kretprobe *rp = get_kretprobe(ri);
1519 struct trace_kprobe *tk;
1520
1521 /*
1522 * There is a small chance that get_kretprobe(ri) returns NULL when
1523 * the kretprobe is unregister on another CPU between kretprobe's
1524 * trampoline_handler and this function.
1525 */
1526 if (unlikely(!rp))
1527 return -ENOENT;
1528
1529 tk = container_of(rp, struct trace_kprobe, rp);
1530
1531 /* store argument values into ri->data as entry data */
1532 if (tk->tp.entry_arg)
1533 store_trace_entry_data(ri->data, &tk->tp, regs);
1534
1535 return 0;
1536 }
1537
1538
1539 static nokprobe_inline void
__kretprobe_trace_func(struct trace_kprobe * tk,struct kretprobe_instance * ri,struct pt_regs * regs,struct trace_event_file * trace_file)1540 __kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1541 struct pt_regs *regs,
1542 struct trace_event_file *trace_file)
1543 {
1544 struct kretprobe_trace_entry_head *entry;
1545 struct trace_event_buffer fbuffer;
1546 struct trace_event_call *call = trace_probe_event_call(&tk->tp);
1547 int dsize;
1548
1549 WARN_ON(call != trace_file->event_call);
1550
1551 if (trace_trigger_soft_disabled(trace_file))
1552 return;
1553
1554 dsize = __get_data_size(&tk->tp, regs, ri->data);
1555
1556 entry = trace_event_buffer_reserve(&fbuffer, trace_file,
1557 sizeof(*entry) + tk->tp.size + dsize);
1558 if (!entry)
1559 return;
1560
1561 fbuffer.regs = regs;
1562 entry->func = (unsigned long)tk->rp.kp.addr;
1563 entry->ret_ip = get_kretprobe_retaddr(ri);
1564 store_trace_args(&entry[1], &tk->tp, regs, ri->data, sizeof(*entry), dsize);
1565
1566 trace_event_buffer_commit(&fbuffer);
1567 }
1568
1569 static void
kretprobe_trace_func(struct trace_kprobe * tk,struct kretprobe_instance * ri,struct pt_regs * regs)1570 kretprobe_trace_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1571 struct pt_regs *regs)
1572 {
1573 struct event_file_link *link;
1574
1575 trace_probe_for_each_link_rcu(link, &tk->tp)
1576 __kretprobe_trace_func(tk, ri, regs, link->file);
1577 }
1578 NOKPROBE_SYMBOL(kretprobe_trace_func);
1579
1580 /* Event entry printers */
1581 static enum print_line_t
print_kprobe_event(struct trace_iterator * iter,int flags,struct trace_event * event)1582 print_kprobe_event(struct trace_iterator *iter, int flags,
1583 struct trace_event *event)
1584 {
1585 struct kprobe_trace_entry_head *field;
1586 struct trace_seq *s = &iter->seq;
1587 struct trace_probe *tp;
1588
1589 field = (struct kprobe_trace_entry_head *)iter->ent;
1590 tp = trace_probe_primary_from_call(
1591 container_of(event, struct trace_event_call, event));
1592 if (WARN_ON_ONCE(!tp))
1593 goto out;
1594
1595 trace_seq_printf(s, "%s: (", trace_probe_name(tp));
1596
1597 if (!seq_print_ip_sym_offset(s, field->ip, flags))
1598 goto out;
1599
1600 trace_seq_putc(s, ')');
1601
1602 if (trace_probe_print_args(s, tp->args, tp->nr_args,
1603 (u8 *)&field[1], field) < 0)
1604 goto out;
1605
1606 trace_seq_putc(s, '\n');
1607 out:
1608 return trace_handle_return(s);
1609 }
1610
1611 static enum print_line_t
print_kretprobe_event(struct trace_iterator * iter,int flags,struct trace_event * event)1612 print_kretprobe_event(struct trace_iterator *iter, int flags,
1613 struct trace_event *event)
1614 {
1615 struct kretprobe_trace_entry_head *field;
1616 struct trace_seq *s = &iter->seq;
1617 struct trace_probe *tp;
1618
1619 field = (struct kretprobe_trace_entry_head *)iter->ent;
1620 tp = trace_probe_primary_from_call(
1621 container_of(event, struct trace_event_call, event));
1622 if (WARN_ON_ONCE(!tp))
1623 goto out;
1624
1625 trace_seq_printf(s, "%s: (", trace_probe_name(tp));
1626
1627 if (!seq_print_ip_sym_offset(s, field->ret_ip, flags))
1628 goto out;
1629
1630 trace_seq_puts(s, " <- ");
1631
1632 if (!seq_print_ip_sym_no_offset(s, field->func, flags))
1633 goto out;
1634
1635 trace_seq_putc(s, ')');
1636
1637 if (trace_probe_print_args(s, tp->args, tp->nr_args,
1638 (u8 *)&field[1], field) < 0)
1639 goto out;
1640
1641 trace_seq_putc(s, '\n');
1642
1643 out:
1644 return trace_handle_return(s);
1645 }
1646
1647
kprobe_event_define_fields(struct trace_event_call * event_call)1648 static int kprobe_event_define_fields(struct trace_event_call *event_call)
1649 {
1650 int ret;
1651 struct kprobe_trace_entry_head field;
1652 struct trace_probe *tp;
1653
1654 tp = trace_probe_primary_from_call(event_call);
1655 if (WARN_ON_ONCE(!tp))
1656 return -ENOENT;
1657
1658 DEFINE_FIELD(unsigned long, ip, FIELD_STRING_IP, 0);
1659
1660 return traceprobe_define_arg_fields(event_call, sizeof(field), tp);
1661 }
1662
kretprobe_event_define_fields(struct trace_event_call * event_call)1663 static int kretprobe_event_define_fields(struct trace_event_call *event_call)
1664 {
1665 int ret;
1666 struct kretprobe_trace_entry_head field;
1667 struct trace_probe *tp;
1668
1669 tp = trace_probe_primary_from_call(event_call);
1670 if (WARN_ON_ONCE(!tp))
1671 return -ENOENT;
1672
1673 DEFINE_FIELD(unsigned long, func, FIELD_STRING_FUNC, 0);
1674 DEFINE_FIELD(unsigned long, ret_ip, FIELD_STRING_RETIP, 0);
1675
1676 return traceprobe_define_arg_fields(event_call, sizeof(field), tp);
1677 }
1678
1679 #ifdef CONFIG_PERF_EVENTS
1680
1681 /* Kprobe profile handler */
1682 static int
kprobe_perf_func(struct trace_kprobe * tk,struct pt_regs * regs)1683 kprobe_perf_func(struct trace_kprobe *tk, struct pt_regs *regs)
1684 {
1685 struct trace_event_call *call = trace_probe_event_call(&tk->tp);
1686 struct kprobe_trace_entry_head *entry;
1687 struct hlist_head *head;
1688 int size, __size, dsize;
1689 int rctx;
1690
1691 if (bpf_prog_array_valid(call)) {
1692 unsigned long orig_ip = instruction_pointer(regs);
1693 int ret;
1694
1695 ret = trace_call_bpf(call, regs);
1696
1697 /*
1698 * We need to check and see if we modified the pc of the
1699 * pt_regs, and if so return 1 so that we don't do the
1700 * single stepping.
1701 */
1702 if (orig_ip != instruction_pointer(regs))
1703 return 1;
1704 if (!ret)
1705 return 0;
1706 }
1707
1708 head = this_cpu_ptr(call->perf_events);
1709 if (hlist_empty(head))
1710 return 0;
1711
1712 dsize = __get_data_size(&tk->tp, regs, NULL);
1713 __size = sizeof(*entry) + tk->tp.size + dsize;
1714 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1715 size -= sizeof(u32);
1716
1717 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1718 if (!entry)
1719 return 0;
1720
1721 entry->ip = (unsigned long)tk->rp.kp.addr;
1722 memset(&entry[1], 0, dsize);
1723 store_trace_args(&entry[1], &tk->tp, regs, NULL, sizeof(*entry), dsize);
1724 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1725 head, NULL);
1726 return 0;
1727 }
1728 NOKPROBE_SYMBOL(kprobe_perf_func);
1729
1730 /* Kretprobe profile handler */
1731 static void
kretprobe_perf_func(struct trace_kprobe * tk,struct kretprobe_instance * ri,struct pt_regs * regs)1732 kretprobe_perf_func(struct trace_kprobe *tk, struct kretprobe_instance *ri,
1733 struct pt_regs *regs)
1734 {
1735 struct trace_event_call *call = trace_probe_event_call(&tk->tp);
1736 struct kretprobe_trace_entry_head *entry;
1737 struct hlist_head *head;
1738 int size, __size, dsize;
1739 int rctx;
1740
1741 if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs))
1742 return;
1743
1744 head = this_cpu_ptr(call->perf_events);
1745 if (hlist_empty(head))
1746 return;
1747
1748 dsize = __get_data_size(&tk->tp, regs, ri->data);
1749 __size = sizeof(*entry) + tk->tp.size + dsize;
1750 size = ALIGN(__size + sizeof(u32), sizeof(u64));
1751 size -= sizeof(u32);
1752
1753 entry = perf_trace_buf_alloc(size, NULL, &rctx);
1754 if (!entry)
1755 return;
1756
1757 entry->func = (unsigned long)tk->rp.kp.addr;
1758 entry->ret_ip = get_kretprobe_retaddr(ri);
1759 store_trace_args(&entry[1], &tk->tp, regs, ri->data, sizeof(*entry), dsize);
1760 perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
1761 head, NULL);
1762 }
1763 NOKPROBE_SYMBOL(kretprobe_perf_func);
1764
bpf_get_kprobe_info(const struct perf_event * event,u32 * fd_type,const char ** symbol,u64 * probe_offset,u64 * probe_addr,unsigned long * missed,bool perf_type_tracepoint)1765 int bpf_get_kprobe_info(const struct perf_event *event, u32 *fd_type,
1766 const char **symbol, u64 *probe_offset,
1767 u64 *probe_addr, unsigned long *missed,
1768 bool perf_type_tracepoint)
1769 {
1770 const char *pevent = trace_event_name(event->tp_event);
1771 const char *group = event->tp_event->class->system;
1772 struct trace_kprobe *tk;
1773
1774 if (perf_type_tracepoint)
1775 tk = find_trace_kprobe(pevent, group);
1776 else
1777 tk = trace_kprobe_primary_from_call(event->tp_event);
1778 if (!tk)
1779 return -EINVAL;
1780
1781 *fd_type = trace_kprobe_is_return(tk) ? BPF_FD_TYPE_KRETPROBE
1782 : BPF_FD_TYPE_KPROBE;
1783 *probe_offset = tk->rp.kp.offset;
1784 *probe_addr = kallsyms_show_value(current_cred()) ?
1785 (unsigned long)tk->rp.kp.addr : 0;
1786 *symbol = tk->symbol;
1787 if (missed)
1788 *missed = trace_kprobe_missed(tk);
1789 return 0;
1790 }
1791 #endif /* CONFIG_PERF_EVENTS */
1792
1793 /*
1794 * called by perf_trace_init() or __ftrace_set_clr_event() under event_mutex.
1795 *
1796 * kprobe_trace_self_tests_init() does enable_trace_probe/disable_trace_probe
1797 * lockless, but we can't race with this __init function.
1798 */
kprobe_register(struct trace_event_call * event,enum trace_reg type,void * data)1799 static int kprobe_register(struct trace_event_call *event,
1800 enum trace_reg type, void *data)
1801 {
1802 struct trace_event_file *file = data;
1803
1804 switch (type) {
1805 case TRACE_REG_REGISTER:
1806 return enable_trace_kprobe(event, file);
1807 case TRACE_REG_UNREGISTER:
1808 return disable_trace_kprobe(event, file);
1809
1810 #ifdef CONFIG_PERF_EVENTS
1811 case TRACE_REG_PERF_REGISTER:
1812 return enable_trace_kprobe(event, NULL);
1813 case TRACE_REG_PERF_UNREGISTER:
1814 return disable_trace_kprobe(event, NULL);
1815 case TRACE_REG_PERF_OPEN:
1816 case TRACE_REG_PERF_CLOSE:
1817 case TRACE_REG_PERF_ADD:
1818 case TRACE_REG_PERF_DEL:
1819 return 0;
1820 #endif
1821 }
1822 return 0;
1823 }
1824
kprobe_dispatcher(struct kprobe * kp,struct pt_regs * regs)1825 static int kprobe_dispatcher(struct kprobe *kp, struct pt_regs *regs)
1826 {
1827 struct trace_kprobe *tk = container_of(kp, struct trace_kprobe, rp.kp);
1828 unsigned int flags = trace_probe_load_flag(&tk->tp);
1829 int ret = 0;
1830
1831 raw_cpu_inc(*tk->nhit);
1832
1833 if (flags & TP_FLAG_TRACE)
1834 kprobe_trace_func(tk, regs);
1835 #ifdef CONFIG_PERF_EVENTS
1836 if (flags & TP_FLAG_PROFILE)
1837 ret = kprobe_perf_func(tk, regs);
1838 #endif
1839 return ret;
1840 }
1841 NOKPROBE_SYMBOL(kprobe_dispatcher);
1842
1843 static int
kretprobe_dispatcher(struct kretprobe_instance * ri,struct pt_regs * regs)1844 kretprobe_dispatcher(struct kretprobe_instance *ri, struct pt_regs *regs)
1845 {
1846 struct kretprobe *rp = get_kretprobe(ri);
1847 struct trace_kprobe *tk;
1848 unsigned int flags;
1849
1850 /*
1851 * There is a small chance that get_kretprobe(ri) returns NULL when
1852 * the kretprobe is unregister on another CPU between kretprobe's
1853 * trampoline_handler and this function.
1854 */
1855 if (unlikely(!rp))
1856 return 0;
1857
1858 tk = container_of(rp, struct trace_kprobe, rp);
1859 raw_cpu_inc(*tk->nhit);
1860
1861 flags = trace_probe_load_flag(&tk->tp);
1862 if (flags & TP_FLAG_TRACE)
1863 kretprobe_trace_func(tk, ri, regs);
1864 #ifdef CONFIG_PERF_EVENTS
1865 if (flags & TP_FLAG_PROFILE)
1866 kretprobe_perf_func(tk, ri, regs);
1867 #endif
1868 return 0; /* We don't tweak kernel, so just return 0 */
1869 }
1870 NOKPROBE_SYMBOL(kretprobe_dispatcher);
1871
1872 static struct trace_event_functions kretprobe_funcs = {
1873 .trace = print_kretprobe_event
1874 };
1875
1876 static struct trace_event_functions kprobe_funcs = {
1877 .trace = print_kprobe_event
1878 };
1879
1880 static struct trace_event_fields kretprobe_fields_array[] = {
1881 { .type = TRACE_FUNCTION_TYPE,
1882 .define_fields = kretprobe_event_define_fields },
1883 {}
1884 };
1885
1886 static struct trace_event_fields kprobe_fields_array[] = {
1887 { .type = TRACE_FUNCTION_TYPE,
1888 .define_fields = kprobe_event_define_fields },
1889 {}
1890 };
1891
init_trace_event_call(struct trace_kprobe * tk)1892 static inline void init_trace_event_call(struct trace_kprobe *tk)
1893 {
1894 struct trace_event_call *call = trace_probe_event_call(&tk->tp);
1895
1896 if (trace_kprobe_is_return(tk)) {
1897 call->event.funcs = &kretprobe_funcs;
1898 call->class->fields_array = kretprobe_fields_array;
1899 } else {
1900 call->event.funcs = &kprobe_funcs;
1901 call->class->fields_array = kprobe_fields_array;
1902 }
1903
1904 call->flags = TRACE_EVENT_FL_KPROBE;
1905 call->class->reg = kprobe_register;
1906 }
1907
register_kprobe_event(struct trace_kprobe * tk)1908 static int register_kprobe_event(struct trace_kprobe *tk)
1909 {
1910 init_trace_event_call(tk);
1911
1912 return trace_probe_register_event_call(&tk->tp);
1913 }
1914
unregister_kprobe_event(struct trace_kprobe * tk)1915 static int unregister_kprobe_event(struct trace_kprobe *tk)
1916 {
1917 return trace_probe_unregister_event_call(&tk->tp);
1918 }
1919
1920 #ifdef CONFIG_PERF_EVENTS
1921
1922 /* create a trace_kprobe, but don't add it to global lists */
1923 struct trace_event_call *
create_local_trace_kprobe(char * func,void * addr,unsigned long offs,bool is_return)1924 create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
1925 bool is_return)
1926 {
1927 enum probe_print_type ptype;
1928 struct trace_kprobe *tk __free(free_trace_kprobe) = NULL;
1929 int ret;
1930 char *event;
1931
1932 if (func) {
1933 ret = validate_probe_symbol(func);
1934 if (ret)
1935 return ERR_PTR(ret);
1936 }
1937
1938 /*
1939 * local trace_kprobes are not added to dyn_event, so they are never
1940 * searched in find_trace_kprobe(). Therefore, there is no concern of
1941 * duplicated name here.
1942 */
1943 event = func ? func : "DUMMY_EVENT";
1944
1945 tk = alloc_trace_kprobe(KPROBE_EVENT_SYSTEM, event, (void *)addr, func,
1946 offs, 0 /* maxactive */, 0 /* nargs */,
1947 is_return);
1948
1949 if (IS_ERR(tk)) {
1950 pr_info("Failed to allocate trace_probe.(%d)\n",
1951 (int)PTR_ERR(tk));
1952 return ERR_CAST(tk);
1953 }
1954
1955 init_trace_event_call(tk);
1956
1957 ptype = trace_kprobe_is_return(tk) ?
1958 PROBE_PRINT_RETURN : PROBE_PRINT_NORMAL;
1959 if (traceprobe_set_print_fmt(&tk->tp, ptype) < 0)
1960 return ERR_PTR(-ENOMEM);
1961
1962 ret = __register_trace_kprobe(tk);
1963 if (ret < 0)
1964 return ERR_PTR(ret);
1965
1966 return trace_probe_event_call(&(no_free_ptr(tk)->tp));
1967 }
1968
destroy_local_trace_kprobe(struct trace_event_call * event_call)1969 void destroy_local_trace_kprobe(struct trace_event_call *event_call)
1970 {
1971 struct trace_kprobe *tk;
1972
1973 tk = trace_kprobe_primary_from_call(event_call);
1974 if (unlikely(!tk))
1975 return;
1976
1977 if (trace_probe_is_enabled(&tk->tp)) {
1978 WARN_ON(1);
1979 return;
1980 }
1981
1982 __unregister_trace_kprobe(tk);
1983
1984 free_trace_kprobe(tk);
1985 }
1986 #endif /* CONFIG_PERF_EVENTS */
1987
enable_boot_kprobe_events(void)1988 static __init void enable_boot_kprobe_events(void)
1989 {
1990 struct trace_array *tr = top_trace_array();
1991 struct trace_event_file *file;
1992 struct trace_kprobe *tk;
1993 struct dyn_event *pos;
1994
1995 if (trace_kprobe_list_empty())
1996 return;
1997
1998 guard(mutex)(&event_mutex);
1999 for_each_trace_kprobe(tk, pos) {
2000 list_for_each_entry(file, &tr->events, list)
2001 if (file->event_call == trace_probe_event_call(&tk->tp))
2002 trace_event_enable_disable(file, 1, 0);
2003 }
2004 }
2005
setup_boot_kprobe_events(void)2006 static __init void setup_boot_kprobe_events(void)
2007 {
2008 char *p, *cmd = kprobe_boot_events_buf;
2009 int ret;
2010
2011 strreplace(kprobe_boot_events_buf, ',', ' ');
2012
2013 while (cmd && *cmd != '\0') {
2014 p = strchr(cmd, ';');
2015 if (p)
2016 *p++ = '\0';
2017
2018 ret = create_or_delete_trace_kprobe(cmd);
2019 if (ret)
2020 pr_warn("Failed to add event(%d): %s\n", ret, cmd);
2021
2022 cmd = p;
2023 }
2024
2025 enable_boot_kprobe_events();
2026 }
2027
2028 /*
2029 * Register dynevent at core_initcall. This allows kernel to setup kprobe
2030 * events in postcore_initcall without tracefs.
2031 */
init_kprobe_trace_early(void)2032 static __init int init_kprobe_trace_early(void)
2033 {
2034 int ret;
2035
2036 ret = dyn_event_register(&trace_kprobe_ops);
2037 if (ret)
2038 return ret;
2039
2040 if (trace_kprobe_register_module_notifier())
2041 return -EINVAL;
2042
2043 return 0;
2044 }
2045 core_initcall(init_kprobe_trace_early);
2046
2047 /* Make a tracefs interface for controlling probe points */
init_kprobe_trace(void)2048 static __init int init_kprobe_trace(void)
2049 {
2050 int ret;
2051
2052 ret = tracing_init_dentry();
2053 if (ret)
2054 return 0;
2055
2056 /* Event list interface */
2057 trace_create_file("kprobe_events", TRACE_MODE_WRITE,
2058 NULL, NULL, &kprobe_events_ops);
2059
2060 /* Profile interface */
2061 trace_create_file("kprobe_profile", TRACE_MODE_READ,
2062 NULL, NULL, &kprobe_profile_ops);
2063
2064 /* If no 'kprobe_event=' cmd is provided, return directly. */
2065 if (kprobe_boot_events_buf[0] == '\0')
2066 return 0;
2067
2068 setup_boot_kprobe_events();
2069
2070 return 0;
2071 }
2072 fs_initcall(init_kprobe_trace);
2073
2074
2075 #ifdef CONFIG_FTRACE_STARTUP_TEST
2076 static __init struct trace_event_file *
find_trace_probe_file(struct trace_kprobe * tk,struct trace_array * tr)2077 find_trace_probe_file(struct trace_kprobe *tk, struct trace_array *tr)
2078 {
2079 struct trace_event_file *file;
2080
2081 list_for_each_entry(file, &tr->events, list)
2082 if (file->event_call == trace_probe_event_call(&tk->tp))
2083 return file;
2084
2085 return NULL;
2086 }
2087
2088 /*
2089 * Nobody but us can call enable_trace_kprobe/disable_trace_kprobe at this
2090 * stage, we can do this lockless.
2091 */
kprobe_trace_self_tests_init(void)2092 static __init int kprobe_trace_self_tests_init(void)
2093 {
2094 int ret, warn = 0;
2095 int (*target)(int, int, int, int, int, int);
2096 struct trace_kprobe *tk;
2097 struct trace_event_file *file;
2098
2099 if (unlikely(tracing_disabled))
2100 return -ENODEV;
2101
2102 if (tracing_selftest_disabled)
2103 return 0;
2104
2105 target = kprobe_trace_selftest_target;
2106
2107 pr_info("Testing kprobe tracing: ");
2108
2109 ret = create_or_delete_trace_kprobe("p:testprobe kprobe_trace_selftest_target $stack $stack0 +0($stack)");
2110 if (WARN_ONCE(ret, "error on probing function entry.")) {
2111 warn++;
2112 } else {
2113 /* Enable trace point */
2114 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
2115 if (WARN_ONCE(tk == NULL, "error on probing function entry.")) {
2116 warn++;
2117 } else {
2118 file = find_trace_probe_file(tk, top_trace_array());
2119 if (WARN_ONCE(file == NULL, "error on getting probe file.")) {
2120 warn++;
2121 } else
2122 enable_trace_kprobe(
2123 trace_probe_event_call(&tk->tp), file);
2124 }
2125 }
2126
2127 ret = create_or_delete_trace_kprobe("r:testprobe2 kprobe_trace_selftest_target $retval");
2128 if (WARN_ONCE(ret, "error on probing function return.")) {
2129 warn++;
2130 } else {
2131 /* Enable trace point */
2132 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
2133 if (WARN_ONCE(tk == NULL, "error on getting 2nd new probe.")) {
2134 warn++;
2135 } else {
2136 file = find_trace_probe_file(tk, top_trace_array());
2137 if (WARN_ONCE(file == NULL, "error on getting probe file.")) {
2138 warn++;
2139 } else
2140 enable_trace_kprobe(
2141 trace_probe_event_call(&tk->tp), file);
2142 }
2143 }
2144
2145 if (warn)
2146 goto end;
2147
2148 ret = target(1, 2, 3, 4, 5, 6);
2149
2150 /*
2151 * Not expecting an error here, the check is only to prevent the
2152 * optimizer from removing the call to target() as otherwise there
2153 * are no side-effects and the call is never performed.
2154 */
2155 if (ret != 21)
2156 warn++;
2157
2158 /* Disable trace points before removing it */
2159 tk = find_trace_kprobe("testprobe", KPROBE_EVENT_SYSTEM);
2160 if (WARN_ONCE(tk == NULL, "error on getting test probe.")) {
2161 warn++;
2162 } else {
2163 if (WARN_ONCE(trace_kprobe_nhit(tk) != 1,
2164 "incorrect number of testprobe hits."))
2165 warn++;
2166
2167 file = find_trace_probe_file(tk, top_trace_array());
2168 if (WARN_ONCE(file == NULL, "error on getting probe file.")) {
2169 warn++;
2170 } else
2171 disable_trace_kprobe(
2172 trace_probe_event_call(&tk->tp), file);
2173 }
2174
2175 tk = find_trace_kprobe("testprobe2", KPROBE_EVENT_SYSTEM);
2176 if (WARN_ONCE(tk == NULL, "error on getting 2nd test probe.")) {
2177 warn++;
2178 } else {
2179 if (WARN_ONCE(trace_kprobe_nhit(tk) != 1,
2180 "incorrect number of testprobe2 hits."))
2181 warn++;
2182
2183 file = find_trace_probe_file(tk, top_trace_array());
2184 if (WARN_ONCE(file == NULL, "error on getting probe file.")) {
2185 warn++;
2186 } else
2187 disable_trace_kprobe(
2188 trace_probe_event_call(&tk->tp), file);
2189 }
2190
2191 ret = create_or_delete_trace_kprobe("-:testprobe");
2192 if (WARN_ONCE(ret, "error on deleting a probe."))
2193 warn++;
2194
2195 ret = create_or_delete_trace_kprobe("-:testprobe2");
2196 if (WARN_ONCE(ret, "error on deleting a probe."))
2197 warn++;
2198
2199
2200 end:
2201 /*
2202 * Wait for the optimizer work to finish. Otherwise it might fiddle
2203 * with probes in already freed __init text.
2204 */
2205 wait_for_kprobe_optimizer();
2206 if (warn)
2207 pr_cont("NG: Some tests are failed. Please check them.\n");
2208 else
2209 pr_cont("OK\n");
2210 return 0;
2211 }
2212
2213 late_initcall(kprobe_trace_self_tests_init);
2214
2215 #endif
2216