2 files changed, 116 insertions, 1 deletions
diff --git a/arch/i386/kernel/kprobes.c b/arch/i386/kernel/kprobes.c
index 59ff9b455069..048f754bbe23 100644
--- a/arch/i386/kernel/kprobes.c
+++ b/arch/i386/kernel/kprobes.c
@@ -23,6 +23,9 @@
 *              Rusty Russell).
 * 2004-July    Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
 *              interface to access function arguments.
+ * 2005-May     Hien Nguyen <hien@us.ibm.com>, Jim Keniston
+ *              <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
+ *              <prasanna@in.ibm.com> added function-return probes.
 */
 #include <linux/config.h>
@@ -91,6 +94,53 @@ static inline void prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
                regs->eip = (unsigned long)&p->ainsn.insn;
 }
+struct task_struct  *arch_get_kprobe_task(void *ptr)
+{
+        return ((struct thread_info *) (((unsigned long) ptr) &
+                                        (~(THREAD_SIZE -1))))->task;
+}
+void arch_prepare_kretprobe(struct kretprobe *rp, struct pt_regs *regs)
+{
+        unsigned long *sara = (unsigned long *)&regs->esp;
+        struct kretprobe_instance *ri;
+        static void *orig_ret_addr;
+        /*
+         * Save the return address when the return probe hits
+         * the first time, and use it to populate the (krprobe
+         * instance)->ret_addr for subsequent return probes at
+         * the same addrress since stack address would have
+         * the kretprobe_trampoline by then.
+         */
+        if (((void*) *sara) != kretprobe_trampoline)
+                orig_ret_addr = (void*) *sara;
+        if ((ri = get_free_rp_inst(rp)) != NULL) {
+                ri->rp = rp;
+                ri->stack_addr = sara;
+                ri->ret_addr = orig_ret_addr;
+                add_rp_inst(ri);
+                /* Replace the return addr with trampoline addr */
+                *sara = (unsigned long) &kretprobe_trampoline;
+        } else {
+                rp->nmissed++;
+        }
+}
+void arch_kprobe_flush_task(struct task_struct *tk, spinlock_t *kp_lock)
+{
+        unsigned long flags = 0;
+        struct kretprobe_instance *ri;
+        spin_lock_irqsave(kp_lock, flags);
+        while ((ri = get_rp_inst_tsk(tk)) != NULL) {
+                *((unsigned long *)(ri->stack_addr)) =
+                                        (unsigned long) ri->ret_addr;
+                recycle_rp_inst(ri);
+        }
+        spin_unlock_irqrestore(kp_lock, flags);
+}
 /*
 * Interrupts are disabled on entry as trap3 is an interrupt gate and they
 * remain disabled thorough out this function.
@@ -184,6 +234,55 @@ no_kprobe:
 }
 /*
+ * For function-return probes, init_kprobes() establishes a probepoint
+ * here. When a retprobed function returns, this probe is hit and
+ * trampoline_probe_handler() runs, calling the kretprobe's handler.
+ */
+ void kretprobe_trampoline_holder(void)
+ {
+        asm volatile (  ".global kretprobe_trampoline\n"
+                        "kretprobe_trampoline: \n"
+                        "nop\n");
+ }
+/*
+ * Called when we hit the probe point at kretprobe_trampoline
+ */
+int trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
+{
+        struct task_struct *tsk;
+        struct kretprobe_instance *ri;
+        struct hlist_head *head;
+        struct hlist_node *node;
+        unsigned long *sara = ((unsigned long *) &regs->esp) - 1;
+        tsk = arch_get_kprobe_task(sara);
+        head = kretprobe_inst_table_head(tsk);
+        hlist_for_each_entry(ri, node, head, hlist) {
+                if (ri->stack_addr == sara && ri->rp) {
+                        if (ri->rp->handler)
+                                ri->rp->handler(ri, regs);
+                }
+        }
+        return 0;
+}
+void trampoline_post_handler(struct kprobe *p, struct pt_regs *regs,
+                                                unsigned long flags)
+{
+        struct kretprobe_instance *ri;
+        /* RA already popped */
+        unsigned long *sara = ((unsigned long *)&regs->esp) - 1;
+        while ((ri = get_rp_inst(sara))) {
+                regs->eip = (unsigned long)ri->ret_addr;
+                recycle_rp_inst(ri);
+        }
+        regs->eflags &= ~TF_MASK;
+}
+/*
 * Called after single-stepping.  p->addr is the address of the
 * instruction whose first byte has been replaced by the "int 3"
 * instruction.  To avoid the SMP problems that can occur when we
@@ -266,7 +365,8 @@ static inline int post_kprobe_handler(struct pt_regs *regs)
        if (current_kprobe->post_handler)
                current_kprobe->post_handler(current_kprobe, regs, 0);
-        resume_execution(current_kprobe, regs);
+        if (current_kprobe->post_handler != trampoline_post_handler)
+                resume_execution(current_kprobe, regs);
        regs->eflags |= kprobe_saved_eflags;
        unlock_kprobes();
diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index be3efba7caf7..aea2ce1145df 100644
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -37,6 +37,7 @@
 #include <linux/kallsyms.h>
 #include <linux/ptrace.h>
 #include <linux/random.h>
+#include <linux/kprobes.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -339,6 +340,13 @@ void exit_thread(void)
        struct task_struct *tsk = current;
        struct thread_struct *t = &tsk->thread;
+        /*
+         * Remove function-return probe instances associated with this task
+         * and put them back on the free list. Do not insert an exit probe for
+         * this function, it will be disabled by kprobe_flush_task if you do.
+         */
+        kprobe_flush_task(tsk);
        /* The process may have allocated an io port bitmap... nuke it. */
        if (unlikely(NULL != t->io_bitmap_ptr)) {
                int cpu = get_cpu();
@@ -362,6 +370,13 @@ void flush_thread(void)
 {
        struct task_struct *tsk = current;
+        /*
+         * Remove function-return probe instances associated with this task
+         * and put them back on the free list. Do not insert an exit probe for
+         * this function, it will be disabled by kprobe_flush_task if you do.
+         */
+        kprobe_flush_task(tsk);
        memset(tsk->thread.debugreg, 0, sizeof(unsigned long)*8);
        memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));        
        /*

diff --git a/arch/i386/kernel/kprobes.c b/arch/i386/kernel/kprobes.c index 59ff9b455069..048f754bbe23 100644 --- a/arch/i386/kernel/kprobes.c +++ b/arch/i386/kernel/kprobes.c
@@ -23,6 +23,9 @@
23	* Rusty Russell).	23	* Rusty Russell).
24	* 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes	24	* 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
25	* interface to access function arguments.	25	* interface to access function arguments.
		26	* 2005-May Hien Nguyen <hien@us.ibm.com>, Jim Keniston
		27	* <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
		28	* <prasanna@in.ibm.com> added function-return probes.
26	*/	29	*/
27		30
28	#include <linux/config.h>	31	#include <linux/config.h>
@@ -91,6 +94,53 @@ static inline void prepare_singlestep(struct kprobe p, struct pt_regs regs)
91	regs->eip = (unsigned long)&p->ainsn.insn;	94	regs->eip = (unsigned long)&p->ainsn.insn;
92	}	95	}
93		96
		97	struct task_struct arch_get_kprobe_task(void ptr)
		98	{
		99	return ((struct thread_info *) (((unsigned long) ptr) &
		100	(~(THREAD_SIZE -1))))->task;
		101	}
		102
		103	void arch_prepare_kretprobe(struct kretprobe rp, struct pt_regs regs)
		104	{
		105	unsigned long sara = (unsigned long )&regs->esp;
		106	struct kretprobe_instance *ri;
		107	static void *orig_ret_addr;
		108
		109	/*
		110	* Save the return address when the return probe hits
		111	* the first time, and use it to populate the (krprobe
		112	* instance)->ret_addr for subsequent return probes at
		113	* the same addrress since stack address would have
		114	* the kretprobe_trampoline by then.
		115	*/
		116	if (((void) sara) != kretprobe_trampoline)
		117	orig_ret_addr = (void) sara;
		118
		119	if ((ri = get_free_rp_inst(rp)) != NULL) {
		120	ri->rp = rp;
		121	ri->stack_addr = sara;
		122	ri->ret_addr = orig_ret_addr;
		123	add_rp_inst(ri);
		124	/* Replace the return addr with trampoline addr */
		125	*sara = (unsigned long) &kretprobe_trampoline;
		126	} else {
		127	rp->nmissed++;
		128	}
		129	}
		130
		131	void arch_kprobe_flush_task(struct task_struct tk, spinlock_t kp_lock)
		132	{
		133	unsigned long flags = 0;
		134	struct kretprobe_instance *ri;
		135	spin_lock_irqsave(kp_lock, flags);
		136	while ((ri = get_rp_inst_tsk(tk)) != NULL) {
		137	((unsigned long )(ri->stack_addr)) =
		138	(unsigned long) ri->ret_addr;
		139	recycle_rp_inst(ri);
		140	}
		141	spin_unlock_irqrestore(kp_lock, flags);
		142	}
		143
94	/*	144	/*
95	* Interrupts are disabled on entry as trap3 is an interrupt gate and they	145	* Interrupts are disabled on entry as trap3 is an interrupt gate and they
96	* remain disabled thorough out this function.	146	* remain disabled thorough out this function.
@@ -184,6 +234,55 @@ no_kprobe:
184	}	234	}
185		235
186	/*	236	/*
		237	* For function-return probes, init_kprobes() establishes a probepoint
		238	* here. When a retprobed function returns, this probe is hit and
		239	* trampoline_probe_handler() runs, calling the kretprobe's handler.
		240	*/
		241	void kretprobe_trampoline_holder(void)
		242	{
		243	asm volatile ( ".global kretprobe_trampoline\n"
		244	"kretprobe_trampoline: \n"
		245	"nop\n");
		246	}
		247
		248	/*
		249	* Called when we hit the probe point at kretprobe_trampoline
		250	*/
		251	int trampoline_probe_handler(struct kprobe p, struct pt_regs regs)
		252	{
		253	struct task_struct *tsk;
		254	struct kretprobe_instance *ri;
		255	struct hlist_head *head;
		256	struct hlist_node *node;
		257	unsigned long sara = ((unsigned long ) &regs->esp) - 1;
		258
		259	tsk = arch_get_kprobe_task(sara);
		260	head = kretprobe_inst_table_head(tsk);
		261
		262	hlist_for_each_entry(ri, node, head, hlist) {
		263	if (ri->stack_addr == sara && ri->rp) {
		264	if (ri->rp->handler)
		265	ri->rp->handler(ri, regs);
		266	}
		267	}
		268	return 0;
		269	}
		270
		271	void trampoline_post_handler(struct kprobe p, struct pt_regs regs,
		272	unsigned long flags)
		273	{
		274	struct kretprobe_instance *ri;
		275	/* RA already popped */
		276	unsigned long sara = ((unsigned long )&regs->esp) - 1;
		277
		278	while ((ri = get_rp_inst(sara))) {
		279	regs->eip = (unsigned long)ri->ret_addr;
		280	recycle_rp_inst(ri);
		281	}
		282	regs->eflags &= ~TF_MASK;
		283	}
		284
		285	/*
187	* Called after single-stepping. p->addr is the address of the	286	* Called after single-stepping. p->addr is the address of the
188	* instruction whose first byte has been replaced by the "int 3"	287	* instruction whose first byte has been replaced by the "int 3"
189	* instruction. To avoid the SMP problems that can occur when we	288	* instruction. To avoid the SMP problems that can occur when we
@@ -266,7 +365,8 @@ static inline int post_kprobe_handler(struct pt_regs *regs)
266	if (current_kprobe->post_handler)	365	if (current_kprobe->post_handler)
267	current_kprobe->post_handler(current_kprobe, regs, 0);	366	current_kprobe->post_handler(current_kprobe, regs, 0);
268		367
269	resume_execution(current_kprobe, regs);	368	if (current_kprobe->post_handler != trampoline_post_handler)
		369	resume_execution(current_kprobe, regs);
270	regs->eflags \|= kprobe_saved_eflags;	370	regs->eflags \|= kprobe_saved_eflags;
271		371
272	unlock_kprobes();	372	unlock_kprobes();


diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c index be3efba7caf7..aea2ce1145df 100644 --- a/arch/i386/kernel/process.c +++ b/arch/i386/kernel/process.c
@@ -37,6 +37,7 @@
37	#include <linux/kallsyms.h>	37	#include <linux/kallsyms.h>
38	#include <linux/ptrace.h>	38	#include <linux/ptrace.h>
39	#include <linux/random.h>	39	#include <linux/random.h>
		40	#include <linux/kprobes.h>
40		41
41	#include <asm/uaccess.h>	42	#include <asm/uaccess.h>
42	#include <asm/pgtable.h>	43	#include <asm/pgtable.h>
@@ -339,6 +340,13 @@ void exit_thread(void)
339	struct task_struct *tsk = current;	340	struct task_struct *tsk = current;
340	struct thread_struct *t = &tsk->thread;	341	struct thread_struct *t = &tsk->thread;
341		342
		343	/*
		344	* Remove function-return probe instances associated with this task
		345	* and put them back on the free list. Do not insert an exit probe for
		346	* this function, it will be disabled by kprobe_flush_task if you do.
		347	*/
		348	kprobe_flush_task(tsk);
		349
342	/* The process may have allocated an io port bitmap... nuke it. */	350	/* The process may have allocated an io port bitmap... nuke it. */
343	if (unlikely(NULL != t->io_bitmap_ptr)) {	351	if (unlikely(NULL != t->io_bitmap_ptr)) {
344	int cpu = get_cpu();	352	int cpu = get_cpu();
@@ -362,6 +370,13 @@ void flush_thread(void)
362	{	370	{
363	struct task_struct *tsk = current;	371	struct task_struct *tsk = current;
364		372
		373	/*
		374	* Remove function-return probe instances associated with this task
		375	* and put them back on the free list. Do not insert an exit probe for
		376	* this function, it will be disabled by kprobe_flush_task if you do.
		377	*/
		378	kprobe_flush_task(tsk);
		379
365	memset(tsk->thread.debugreg, 0, sizeof(unsigned long)*8);	380	memset(tsk->thread.debugreg, 0, sizeof(unsigned long)*8);
366	memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));	381	memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
367	/*	382	/*