函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:arch\x86\kernel\kprobes\core.c Create Date:2022-07-27 09:37:47
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Copy an instruction with recovering modified instruction by kprobes* and adjust the displacement if the instruction uses the %rip-relative* addressing mode. Note that since @real will be the final place of copied

函数原型:int __copy_instruction(u8 *dest, u8 *src, u8 *real, struct insn *insn)

返回类型:int

参数:

类型参数名称
u8 *dest
u8 *src
u8 *real
struct insn *insn
341  recovered_insn等于Recover the probed instruction at addr for further analysis.* Caller must lock kprobes by kprobe_mutex, or disable preemption* for preventing to release referencing kprobes.* Returns zero if the instruction can not get recovered (or access failed).
344  如果非recovered_insn或非insn则返回:0
348  如果probe_kernel_read(): safely attempt to read from a location*@dst: pointer to the buffer that shall take the data*@src: address to read from*@size: size of the data chunk* Safely read from address @src to the buffer at @dst. If a kernel fault则返回:0
351  Init insn for kernel text
352  sn_get_length() - Get the length of instruction*@insn: &struct insn containing instruction* If necessary, first collects the instruction up to and including the* immediates bytes.
355  如果insn_has_emulate_prefix(insn)则返回:0
359  如果bytes[0]恒等于BREAKPOINT_INSTRUCTION则返回:0
363  如果Intel SDM Vol.3A 6.8.3 states;* "Any single-step trap that would be delivered following the MOV to SS* instruction or POP to SS instruction (because EFLAGS.TF is 1) is* suppressed."* This function returns true if @insn is MOV SS or POP SS. On these则返回:0
368  如果sn_rip_relative() - Does instruction use RIP-relative addressing mode?*@insn: &struct insn containing instruction* If necessary, first collects the instruction up to and including the* ModRM byte. No effect if @insn->x86_64 is 0.
383  newdisp等于srcvaluereal
385  如果newdisp不等于newdisp
386  打印错误信息("Kprobes error: new displacement does not fit into s32 (%llx)\n", newdisp)
387  返回:0
389  disp等于destinsn_offset_displacement(insn)
390  disp等于newdisp
393  返回:length
调用者
名称描述
arch_copy_kprobe
copy_optimized_instructions