[PATCH 2.6.12-rc1-mm3] [2/2] kprobes += function-return probes -example: probing arbitrary functions

From: Hien Nguyen
Date: Tue Mar 29 2005 - 17:35:14 EST


Also include here is a test module

The testrprobe.ko is a generic test module. One could use this module to insert an exit probe to any function in the kernel.
For example :
insmod test_rprobe.ko <entryaddr=address for func entry>
or use the included loadtestrprobe.sh script
./loadtestrprobe.sh <function name>

One good example is to see what kind of page fault is encountered
./loadtestrprobe.sh handle_mm_fault

Signed-off-by: hien Nguyen <hien@xxxxxxxxxx> #include <linux/module.h>
#include <linux/kprobes.h>

static unsigned long entryaddr;
module_param(entryaddr, ulong, 0);
MODULE_PARM_DESC(addr,
"\nfunction entry address.\n");

int inst_test_erprobe (void)
{
jprobe_return();
return 0;
}


int rp_handler(struct retprobe_instance *ri, struct pt_regs *regs)
{
printk("rprobe handler: p->addr=0x%p, ret=0x%lx\n", ri->rp->kprobe->addr, regs->eax);
return 0;
}

static struct jprobe jp = {
.entry = (kprobe_opcode_t *) inst_test_erprobe,
};


static struct retprobe rp = {
.handler = rp_handler,
.maxactive = 1,
.nmissed = 0
};


static int init_testrp(void)
{
if (entryaddr == 0 ) {
printk("Need to input an function entry address as parameter.\n");
return -EINVAL;
}
jp.kp.addr = (kprobe_opcode_t *) entryaddr;

register_jretprobe(&jp, &rp);
printk("exit probe init: instrumentation is enabled...\n");
return 0;
}

static void cleanup_testrp(void)
{
unregister_jprobe(&jp);
printk("exit probe cleanup.\n");
}

module_init(init_testrp);
module_exit(cleanup_testrp);
MODULE_LICENSE("GPL");

Attachment: loadtestrprobe.sh
Description: application/shellscript