1 #include <linux/kernel.h>
2 #include <linux/module.h>
3 #include <linux/fs.h>
4 #include <linux/uio.h>
5 #include <linux/kprobes.h>
6
7 /*
8 * Jumper probe for do_fork.
9 * Mirror principle enables access to arguments of the probed routine
10 * from the probe handler.
11 */
12
13 /* Proxy routine having the same arguments as actual do_fork() routine */
jdo_fork(unsigned long clone_flags,unsigned long stack_start,struct pt_regs * regs,unsigned long stack_size,int __user * parent_tidptr,int __user * child_tidptr)14 long jdo_fork(unsigned long clone_flags, unsigned long stack_start,
15 struct pt_regs *regs, unsigned long stack_size,
16 int __user * parent_tidptr, int __user * child_tidptr)
17 {
18 printk("jprobe: clone_flags=0x%lx, stack_size=0x%lx, regs=%p\n",
19 clone_flags, stack_size, regs);
20 /* Always end with a call to jprobe_return(). */
21 jprobe_return();
22
23 return 0;
24 }
25
26 static struct jprobe my_jprobe = {
27 .entry = jdo_fork
28 };
29
jprobe_init(void)30 static int __init jprobe_init(void)
31 {
32 int ret;
33 my_jprobe.kp.symbol_name = "do_fork";
34
35 if ((ret = register_jprobe(&my_jprobe)) < 0) {
36 printk("register_jprobe failed, returned %d\n", ret);
37 /* XXX: Exit code is wrong. */
38 return -1;
39 }
40 printk("Planted jprobe at %p, handler addr %p\n",
41 my_jprobe.kp.addr, my_jprobe.entry);
42 return 0;
43 }
44
jprobe_exit(void)45 static void __exit jprobe_exit(void)
46 {
47 unregister_jprobe(&my_jprobe);
48 printk("jprobe unregistered\n");
49 }
50
51 module_init(jprobe_init)
52 module_exit(jprobe_exit)
53 MODULE_LICENSE("GPL");
54