Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:arch\x86\kernel\kprobes\core.c Create Date:2022-07-28 08:38:31
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Copy an instruction with recovering modified instruction by kprobes* and adjust the displacement if the instruction uses the %rip-relative* addressing mode. Note that since @real will be the final place of copied

Proto:int __copy_instruction(u8 *dest, u8 *src, u8 *real, struct insn *insn)

Type:int

Parameter:

TypeParameterName
u8 *dest
u8 *src
u8 *real
struct insn *insn
341  recovered_insn = Recover the probed instruction at addr for further analysis.* Caller must lock kprobes by kprobe_mutex, or disable preemption* for preventing to release referencing kprobes.* Returns zero if the instruction can not get recovered (or access failed).
344  If Not recovered_insn || Not insn Then Return 0
348  If probe_kernel_read(): safely attempt to read from a location*@dst: pointer to the buffer that shall take the data*@src: address to read from*@size: size of the data chunk* Safely read from address @src to the buffer at @dst. If a kernel fault Then Return 0
351  Init insn for kernel text
352  sn_get_length() - Get the length of instruction*@insn: &struct insn containing instruction* If necessary, first collects the instruction up to and including the* immediates bytes.
355  If insn_has_emulate_prefix(insn) Then Return 0
359  If bytes[0] == BREAKPOINT_INSTRUCTION Then Return 0
363  If Intel SDM Vol.3A 6.8.3 states;* "Any single-step trap that would be delivered following the MOV to SS* instruction or POP to SS instruction (because EFLAGS.TF is 1) is* suppressed."* This function returns true if @insn is MOV SS or POP SS. On these Then Return 0
368  If sn_rip_relative() - Does instruction use RIP-relative addressing mode?*@insn: &struct insn containing instruction* If necessary, first collects the instruction up to and including the* ModRM byte. No effect if @insn->x86_64 is 0. Then
383  newdisp = src + value - real
385  If newdisp != newdisp Then
386  pr_err("Kprobes error: new displacement does not fit into s32 (%llx)\n", newdisp)
387  Return 0
389  disp = dest + insn_offset_displacement(insn)
390  disp = newdisp
393  Return length
Caller
NameDescribe
arch_copy_kprobe
copy_optimized_instructions