Add examples of Linux kernel modules.

Author: kz0817

kernel_mod/kprobe_templ/Makefile

@@ -0,0 +1,25 @@
+obj-m := schk.o devmem_ret_one.o \
+    kp_alter_ovl_tnc.o \
+    kp_igd_alter_ovl2.o \
+    kp_emgd_alter_ovl2.o \
+    jp_drm_ioctl.o \
+    kp_trace_many.o \
+    kretp_alter_ovl_tnc.o \
+    kp_drm_wait_vblank.o
+
+all:
+	make -C /lib/modules/`uname -r`/build M=`pwd` V=1
+
+.PHONY: clean ins rm rei
+clean:
+	rm -fr *.ko *.o *.mod.* Module.symvers
+
+ins:
+	insmod schk.ko
+
+rm:
+	rmmod schk.ko
+
+rei:
+	rmmod schk.ko
+	insmod schk.ko

kernel_mod/kprobe_templ/devmem_ret_one.c

@@ -0,0 +1,37 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+static struct kretprobe my_kretprobe;
+static const char *sym_name = "devmem_is_allowed";
+
+static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
+{
+	regs->ax = 1;
+	return 0;
+}
+
+static __init int init_devmem_ret_one(void)
+{
+	int ret;
+	printk("%s: sym_name: %s\n", __func__, sym_name);
+	my_kretprobe.handler = ret_handler;
+	my_kretprobe.kp.symbol_name = "devmem_is_allowed";
+	if ((ret = register_kretprobe(&my_kretprobe)) < 0) {
+		printk("register_kretprobe failed, returned %d\n", ret);
+		return -1;
+	}
+	printk("Planted return probe at %p\n", my_kretprobe.kp.addr);
+	return 0;
+}
+module_init(init_devmem_ret_one);
+
+static __exit void cleanup_devmem_ret_one(void)
+{
+	printk("%s\n", __func__);
+	unregister_kretprobe(&my_kretprobe);
+}
+module_exit(cleanup_devmem_ret_one);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/jp_drm_ioctl.c

@@ -0,0 +1,75 @@
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+#include <linux/fb.h>
+
+//struct jprobe jp0;
+struct jprobe jp;
+
+long
+jp_drm_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+{
+	printk(KERN_INFO "cmd: %x, arg: %lx\n", cmd, arg);
+	jprobe_return();
+	return 0;
+}
+/*
+int
+jp_fb_ioctl(struct inode *inode, struct file *file, unsigned int cmd,
+	unsigned long arg) 
+{
+	printk("cmd: 0x%x\n", cmd);
+	jprobe_return();
+	return 0;
+}*/
+
+/*
+int jp_fb_set_var(struct kprobe *p, struct pt_regs *regs) {
+  //printk("pre_handler: p->addr=0x%p, eflags=0x%lx\n",p->addr,
+  //  regs->eflags);
+  int i;
+  dump_stack();
+  unsigned long* sp = (unsigned long*)regs->esp;
+  unsigned long ret = *sp;
+  unsigned long* a_info = (unsigned long*) *(sp+1);
+  unsigned long* a_var  = (unsigned long*) *(sp+2);
+  printk("esp: %lx, sp: %p, ret: %lx, a_info: %p, a_var: %p, eip: %lx, ebp: %lx\n",
+  	regs->esp, sp, ret, a_info, a_var, regs->eip, regs->ebp);
+
+  for (i = 0; i < 10; i++) {
+  	printk("%lx\n", sp[i]);
+  }
+
+  return 0;
+}*/
+
+static __init int init_myjp(void)
+{
+  printk("Hello\n");
+
+  //
+  // Settting up kprobes;
+  //
+  jp.kp.symbol_name = "drm_ioctl";
+  jp.entry= JPROBE_ENTRY(jp_drm_ioctl);
+  register_jprobe(&jp);
+
+  /*
+  jp0.kp.symbol_name = "fb_ioctl";
+  jp0.entry= JPROBE_ENTRY(jp_fb_ioctl);
+  register_jprobe(&jp0);
+  */
+
+  return 0;
+}
+module_init(init_myjp);
+
+static __exit void cleanup_myjp(void)
+{
+  unregister_jprobe(&jp);
+  //unregister_jprobe(&jp0);
+  printk("Good by!\n");
+}
+module_exit(cleanup_myjp);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/kp_alter_ovl_tnc.c

@@ -0,0 +1,38 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+static struct kprobe kp;
+static const char *sym_name = "alter_ovl_tnc";
+
+static int pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+	printk(KERN_INFO "pre_handler\n");
+	//dump_stack();
+	return 0;
+}
+
+static __init int init_mykp(void)
+{
+	int ret;
+	printk("%s: sym_name: %s\n", __func__, sym_name);
+	kp.pre_handler = pre_handler;
+	kp.symbol_name = sym_name;
+	if ((ret = register_kprobe(&kp)) < 0) {
+		printk("register_kprobe failed, returned %d\n", ret);
+		return -1;
+	}
+	printk("Planted return probe at %p\n", kp.addr);
+	return 0;
+}
+module_init(init_mykp);
+
+static __exit void cleanup_mykp(void)
+{
+	printk("%s\n", __func__);
+	unregister_kprobe(&kp);
+}
+module_exit(cleanup_mykp);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/kp_drm_wait_vblank.c

@@ -0,0 +1,73 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+struct probe_info {
+	const char  *name;
+	unsigned int offset;
+};
+
+static const struct probe_info symbols[] = {
+	{"drm_wait_vblank", 0},
+	{"drm_wait_vblank", 0x43},
+	{"drm_wait_vblank", 0x50},
+	{"drm_wait_vblank", 0x5d},
+	{"drm_wait_vblank", 0xa5},
+	{"drm_wait_vblank", 0xd5},
+	{"drm_wait_vblank", 0x114},
+	{"drm_control", 0},
+};
+
+#define NUM_SYMS sizeof(symbols) / sizeof (struct probe_info)
+
+static struct kprobe kp_array[NUM_SYMS];
+static int pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+	printk(KERN_INFO "pre_handler[%d] %s [%lx]\n",
+	       current->pid, p->symbol_name, regs->ip);
+	//dump_stack();
+	drm_irq_install();
+	return 0;
+}
+
+static __init int init_mykp(void)
+{
+	int idx;
+	int ret;
+	for  (idx = 0; idx < NUM_SYMS; idx++) {
+		struct kprobe *kp = &kp_array[idx];
+		printk("%s: sym_name: %s (%x)\n", __func__,
+		       symbols[idx].name, symbols[idx].offset);
+		kp->pre_handler = pre_handler;
+		kp->symbol_name = symbols[idx].name;
+		kp->offset      = symbols[idx].offset;
+		if ((ret = register_kprobe(kp)) < 0) {
+			printk("register_kprobe failed, returned %d\n", ret);
+			goto error;
+		}
+		printk("  => Addr: %p\n", kp->addr);
+	}
+	return 0;
+
+error:
+	for (idx--; idx >= 0; idx--) {
+		struct kprobe *kp = &kp_array[idx];
+		unregister_kprobe(kp);
+	}
+	return 0;
+}
+module_init(init_mykp);
+
+static __exit void cleanup_mykp(void)
+{
+	int idx;
+	for  (idx = NUM_SYMS - 1; idx >= 0; idx--) {
+		struct kprobe *kp = &kp_array[idx];
+		printk("[%s] Unregister: %s\n", __func__, kp->symbol_name);
+		unregister_kprobe(kp);
+	}
+}
+module_exit(cleanup_mykp);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/kp_emgd_alter_ovl2.c

@@ -0,0 +1,38 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+static struct kprobe kp;
+static const char *sym_name = "emgd_alter_ovl2";
+
+static int pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+	printk(KERN_INFO "pre_handler [%s]\n", sym_name);
+	//dump_stack();
+	return 0;
+}
+
+static __init int init_mykp(void)
+{
+	int ret;
+	printk("%s: sym_name: %s\n", __func__, sym_name);
+	kp.pre_handler = pre_handler;
+	kp.symbol_name = sym_name;
+	if ((ret = register_kprobe(&kp)) < 0) {
+		printk("register_kprobe failed, returned %d\n", ret);
+		return -1;
+	}
+	printk("Planted return probe at %p\n", kp.addr);
+	return 0;
+}
+module_init(init_mykp);
+
+static __exit void cleanup_mykp(void)
+{
+	printk("%s\n", __func__);
+	unregister_kprobe(&kp);
+}
+module_exit(cleanup_mykp);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/kp_igd_alter_ovl2.c

@@ -0,0 +1,38 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+static struct kprobe kp;
+static const char *sym_name = "igd_alter_ovl2";
+
+static int pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+	printk(KERN_INFO "pre_handler [%s]\n", sym_name);
+	//dump_stack();
+	return 0;
+}
+
+static __init int init_mykp(void)
+{
+	int ret;
+	printk("%s: sym_name: %s\n", __func__, sym_name);
+	kp.pre_handler = pre_handler;
+	kp.symbol_name = sym_name;
+	if ((ret = register_kprobe(&kp)) < 0) {
+		printk("register_kprobe failed, returned %d\n", ret);
+		return -1;
+	}
+	printk("Planted return probe at %p\n", kp.addr);
+	return 0;
+}
+module_init(init_mykp);
+
+static __exit void cleanup_mykp(void)
+{
+	printk("%s\n", __func__);
+	unregister_kprobe(&kp);
+}
+module_exit(cleanup_mykp);
+
+MODULE_LICENSE("GPL");

kernel_mod/kprobe_templ/kp_trace_many.c

@@ -0,0 +1,59 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/kallsyms.h>
+
+static const char *symbols[] = {
+	"emgd_alter_ovl2",
+	"emgd_alter_ovl",
+	"gmm_alloc_region",
+};
+
+#define NUM_SYMS sizeof(symbols) / sizeof (char *)
+
+static struct kprobe kp_array[NUM_SYMS];
+static int pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+	printk(KERN_INFO "pre_handler %s [%lx]\n", p->symbol_name, regs->ip);
+	//dump_stack();
+	return 0;
+}
+
+static __init int init_mykp(void)
+{
+	int idx;
+	int ret;
+	for  (idx = 0; idx < NUM_SYMS; idx++) {
+		struct kprobe *kp = &kp_array[idx];
+		printk("%s: sym_name: %s\n", __func__, symbols[idx]);
+		kp->pre_handler = pre_handler;
+		kp->symbol_name = symbols[idx];
+		if ((ret = register_kprobe(kp)) < 0) {
+			printk("register_kprobe failed, returned %d\n", ret);
+			goto error;
+		}
+		printk("  => Addr: %p\n", kp->addr);
+	}
+	return 0;
+
+error:
+	for (idx--; idx >= 0; idx--) {
+		struct kprobe *kp = &kp_array[idx];
+		unregister_kprobe(kp);
+	}
+	return 0;
+}
+module_init(init_mykp);
+
+static __exit void cleanup_mykp(void)
+{
+	int idx;
+	for  (idx = NUM_SYMS - 1; idx >= 0; idx--) {
+		struct kprobe *kp = &kp_array[idx];
+		printk("[%s] Unregister: %s\n", __func__, kp->symbol_name);
+		unregister_kprobe(kp);
+	}
+}
+module_exit(cleanup_mykp);
+
+MODULE_LICENSE("GPL");