kprobes: support probing module __exit function

Allows kprobes to probe __exit routine. This adds flags member to struct kprobe. When module is freed(kprobes hooks module_notifier to get this event), kprobes which probe the functions in that module are set to "Gone" flag to the flags member. These "Gone" probes are never be enabled. Users can check the GONE flag through debugfs. This also removes mod_refcounted, because we couldn't free a module if kprobe incremented the refcount of that module. [akpm@linux-foundation.org: document some locking] [mhiramat@redhat.com: bugfix: pass aggr_kprobe to arch_remove_kprobe] [mhiramat@redhat.com: bugfix: release old_p's insn_slot before error return] Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com> Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

kprobes: support probing module __exit function
Allows kprobes to probe __exit routine. This adds flags member to struct kprobe. When module is freed(kprobes hooks module_notifier to get this event), kprobes which probe the functions in that module are set to "Gone" flag to the flags member. These "Gone" probes are never be enabled. Users can check the GONE flag through debugfs. This also removes mod_refcounted, because we couldn't free a module if kprobe incremented the refcount of that module. [akpm@linux-foundation.org: document some locking] [mhiramat@redhat.com: bugfix: pass aggr_kprobe to arch_remove_kprobe] [mhiramat@redhat.com: bugfix: release old_p's insn_slot before error return] Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com> Acked-by: Ananth N Mavinakayanahalli <ananth@in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Masami Hiramatsu · Linus Torvalds
1 parent 017c39bdb1
Showing 3 changed files with 134 additions and 44 deletions Side-by-side Diff
Documentation/kprobes.txt
include/linux/kprobes.h
kernel/kprobes.c
@@ -497,7 +497,10 @@
 The second column identifies the type of probe (k - kprobe, r - kretprobe
 and j - jprobe), while the third column specifies the symbol+offset of
 the probe. If the probed function belongs to a module, the module name
-is also specified.
+is also specified. Following columns show probe status. If the probe is on
+a virtual address that is no longer valid (module init sections, module
+virtual addresses that correspond to modules that've been unloaded),
+such probes are marked with [GONE].
  
 /debug/kprobes/enabled: Turn kprobes ON/OFF
  
@@ -69,9 +69,6 @@
 	/* list of kprobes for multi-handler support */
 	struct list_head list;
  
-	/* Indicates that the corresponding module has been ref counted */
-	unsigned int mod_refcounted;
-
 	/*count the number of times this probe was temporarily disarmed */
 	unsigned long nmissed;
  
  
@@ -103,7 +100,18 @@
  
 	/* copy of the original instruction */
 	struct arch_specific_insn ainsn;
+
+	/* Indicates various status flags.  Protected by kprobe_mutex. */
+	u32 flags;
 };
+
+/* Kprobe status flags */
+#define KPROBE_FLAG_GONE	1 /* breakpoint has already gone */
+
+static inline int kprobe_gone(struct kprobe *p)
+{
+	return p->flags & KPROBE_FLAG_GONE;
+}
  
 /*
  * Special probe type that uses setjmp-longjmp type tricks to resume
@@ -327,7 +327,7 @@
 	struct kprobe *kp;
  
 	list_for_each_entry_rcu(kp, &p->list, list) {
-		if (kp->pre_handler) {
+		if (kp->pre_handler && !kprobe_gone(kp)) {
 			set_kprobe_instance(kp);
 			if (kp->pre_handler(kp, regs))
 				return 1;
@@ -343,7 +343,7 @@
 	struct kprobe *kp;
  
 	list_for_each_entry_rcu(kp, &p->list, list) {
-		if (kp->post_handler) {
+		if (kp->post_handler && !kprobe_gone(kp)) {
 			set_kprobe_instance(kp);
 			kp->post_handler(kp, regs, flags);
 			reset_kprobe_instance();
  
@@ -545,9 +545,10 @@
 	ap->addr = p->addr;
 	ap->pre_handler = aggr_pre_handler;
 	ap->fault_handler = aggr_fault_handler;
-	if (p->post_handler)
+	/* We don't care the kprobe which has gone. */
+	if (p->post_handler && !kprobe_gone(p))
 		ap->post_handler = aggr_post_handler;
-	if (p->break_handler)
+	if (p->break_handler && !kprobe_gone(p))
 		ap->break_handler = aggr_break_handler;
  
 	INIT_LIST_HEAD(&ap->list);
  
  
  
  
@@ -566,17 +567,41 @@
 	int ret = 0;
 	struct kprobe *ap;
  
+	if (kprobe_gone(old_p)) {
+		/*
+		 * Attempting to insert new probe at the same location that
+		 * had a probe in the module vaddr area which already
+		 * freed. So, the instruction slot has already been
+		 * released. We need a new slot for the new probe.
+		 */
+		ret = arch_prepare_kprobe(old_p);
+		if (ret)
+			return ret;
+	}
 	if (old_p->pre_handler == aggr_pre_handler) {
 		copy_kprobe(old_p, p);
 		ret = add_new_kprobe(old_p, p);
+		ap = old_p;
 	} else {
 		ap = kzalloc(sizeof(struct kprobe), GFP_KERNEL);
-		if (!ap)
+		if (!ap) {
+			if (kprobe_gone(old_p))
+				arch_remove_kprobe(old_p);
 			return -ENOMEM;
+		}
 		add_aggr_kprobe(ap, old_p);
 		copy_kprobe(ap, p);
 		ret = add_new_kprobe(ap, p);
 	}
+	if (kprobe_gone(old_p)) {
+		/*
+		 * If the old_p has gone, its breakpoint has been disarmed.
+		 * We have to arm it again after preparing real kprobes.
+		 */
+		ap->flags &= ~KPROBE_FLAG_GONE;
+		if (kprobe_enabled)
+			arch_arm_kprobe(ap);
+	}
 	return ret;
 }
  
@@ -639,8 +664,7 @@
 		return -EINVAL;
 	}
  
-	p->mod_refcounted = 0;
-
+	p->flags = 0;
 	/*
 	 * Check if are we probing a module.
 	 */
  
@@ -649,16 +673,14 @@
 		struct module *calling_mod;
 		calling_mod = __module_text_address(called_from);
 		/*
-		 * We must allow modules to probe themself and in this case
-		 * avoid incrementing the module refcount, so as to allow
-		 * unloading of self probing modules.
+		 * We must hold a refcount of the probed module while updating
+		 * its code to prohibit unexpected unloading.
 		 */
 		if (calling_mod != probed_mod) {
 			if (unlikely(!try_module_get(probed_mod))) {
 				preempt_enable();
 				return -EINVAL;
 			}
-			p->mod_refcounted = 1;
 		} else
 			probed_mod = NULL;
 	}
  
@@ -687,8 +709,9 @@
 out:
 	mutex_unlock(&kprobe_mutex);
  
-	if (ret && probed_mod)
+	if (probed_mod)
 		module_put(probed_mod);
+
 	return ret;
 }
  
  
  
  
@@ -716,16 +739,16 @@
 	     list_is_singular(&old_p->list))) {
 		/*
 		 * Only probe on the hash list. Disarm only if kprobes are
-		 * enabled - otherwise, the breakpoint would already have
-		 * been removed. We save on flushing icache.
+		 * enabled and not gone - otherwise, the breakpoint would
+		 * already have been removed. We save on flushing icache.
 		 */
-		if (kprobe_enabled)
+		if (kprobe_enabled && !kprobe_gone(old_p))
 			arch_disarm_kprobe(p);
 		hlist_del_rcu(&old_p->hlist);
 	} else {
-		if (p->break_handler)
+		if (p->break_handler && !kprobe_gone(p))
 			old_p->break_handler = NULL;
-		if (p->post_handler) {
+		if (p->post_handler && !kprobe_gone(p)) {
 			list_for_each_entry_rcu(list_p, &old_p->list, list) {
 				if ((list_p != p) && (list_p->post_handler))
 					goto noclean;
  
  
@@ -740,27 +763,16 @@
  
 static void __kprobes __unregister_kprobe_bottom(struct kprobe *p)
 {
-	struct module *mod;
 	struct kprobe *old_p;
  
-	if (p->mod_refcounted) {
-		/*
-		 * Since we've already incremented refcount,
-		 * we don't need to disable preemption.
-		 */
-		mod = module_text_address((unsigned long)p->addr);
-		if (mod)
-			module_put(mod);
-	}
-
-	if (list_empty(&p->list) || list_is_singular(&p->list)) {
-		if (!list_empty(&p->list)) {
-			/* "p" is the last child of an aggr_kprobe */
-			old_p = list_entry(p->list.next, struct kprobe, list);
-			list_del(&p->list);
-			kfree(old_p);
-		}
+	if (list_empty(&p->list))
 		arch_remove_kprobe(p);
+	else if (list_is_singular(&p->list)) {
+		/* "p" is the last child of an aggr_kprobe */
+		old_p = list_entry(p->list.next, struct kprobe, list);
+		list_del(&p->list);
+		arch_remove_kprobe(old_p);
+		kfree(old_p);
 	}
 }
  
@@ -1074,6 +1086,67 @@
  
 #endif /* CONFIG_KRETPROBES */
  
+/* Set the kprobe gone and remove its instruction buffer. */
+static void __kprobes kill_kprobe(struct kprobe *p)
+{
+	struct kprobe *kp;
+	p->flags |= KPROBE_FLAG_GONE;
+	if (p->pre_handler == aggr_pre_handler) {
+		/*
+		 * If this is an aggr_kprobe, we have to list all the
+		 * chained probes and mark them GONE.
+		 */
+		list_for_each_entry_rcu(kp, &p->list, list)
+			kp->flags |= KPROBE_FLAG_GONE;
+		p->post_handler = NULL;
+		p->break_handler = NULL;
+	}
+	/*
+	 * Here, we can remove insn_slot safely, because no thread calls
+	 * the original probed function (which will be freed soon) any more.
+	 */
+	arch_remove_kprobe(p);
+}
+
+/* Module notifier call back, checking kprobes on the module */
+static int __kprobes kprobes_module_callback(struct notifier_block *nb,
+					     unsigned long val, void *data)
+{
+	struct module *mod = data;
+	struct hlist_head *head;
+	struct hlist_node *node;
+	struct kprobe *p;
+	unsigned int i;
+
+	if (val != MODULE_STATE_GOING)
+		return NOTIFY_DONE;
+
+	/*
+	 * module .text section will be freed. We need to
+	 * disable kprobes which have been inserted in the section.
+	 */
+	mutex_lock(&kprobe_mutex);
+	for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
+		head = &kprobe_table[i];
+		hlist_for_each_entry_rcu(p, node, head, hlist)
+			if (within_module_core((unsigned long)p->addr, mod)) {
+				/*
+				 * The vaddr this probe is installed will soon
+				 * be vfreed buy not synced to disk. Hence,
+				 * disarming the breakpoint isn't needed.
+				 */
+				kill_kprobe(p);
+			}
+	}
+	mutex_unlock(&kprobe_mutex);
+	return NOTIFY_DONE;
+}
+
+static struct notifier_block kprobe_module_nb = {
+	.notifier_call = kprobes_module_callback,
+	.priority = 0
+};
+
 static int __init init_kprobes(void)
 {
 	int i, err = 0;
@@ -1130,6 +1203,9 @@
 	err = arch_init_kprobes();
 	if (!err)
 		err = register_die_notifier(&kprobe_exceptions_nb);
+	if (!err)
+		err = register_module_notifier(&kprobe_module_nb);
+
 	kprobes_initialized = (err == 0);
  
 	if (!err)
  
@@ -1150,10 +1226,12 @@
 	else
 		kprobe_type = "k";
 	if (sym)
-		seq_printf(pi, "%p  %s  %s+0x%x  %s\n", p->addr, kprobe_type,
-			sym, offset, (modname ? modname : " "));
+		seq_printf(pi, "%p  %s  %s+0x%x  %s %s\n", p->addr, kprobe_type,
+			sym, offset, (modname ? modname : " "),
+			(kprobe_gone(p) ? "[GONE]" : ""));
 	else
-		seq_printf(pi, "%p  %s  %p\n", p->addr, kprobe_type, p->addr);
+		seq_printf(pi, "%p  %s  %p %s\n", p->addr, kprobe_type, p->addr,
+			(kprobe_gone(p) ? "[GONE]" : ""));
 }
  
 static void __kprobes *kprobe_seq_start(struct seq_file *f, loff_t *pos)
@@ -1234,7 +1312,8 @@
 	for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
 		head = &kprobe_table[i];
 		hlist_for_each_entry_rcu(p, node, head, hlist)
-			arch_arm_kprobe(p);
+			if (!kprobe_gone(p))
+				arch_arm_kprobe(p);
 	}
  
 	kprobe_enabled = true;
@@ -1263,7 +1342,7 @@
 	for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
 		head = &kprobe_table[i];
 		hlist_for_each_entry_rcu(p, node, head, hlist) {
-			if (!arch_trampoline_kprobe(p))
+			if (!arch_trampoline_kprobe(p) && !kprobe_gone(p))
 				arch_disarm_kprobe(p);
 		}
 	}
...	...	@@ -497,7 +497,10 @@
497	497	The second column identifies the type of probe (k - kprobe, r - kretprobe
498	498	and j - jprobe), while the third column specifies the symbol+offset of
499	499	the probe. If the probed function belongs to a module, the module name
500		-is also specified.
	500	+is also specified. Following columns show probe status. If the probe is on
	501	+a virtual address that is no longer valid (module init sections, module
	502	+virtual addresses that correspond to modules that've been unloaded),
	503	+such probes are marked with [GONE].
501	504
502	505	/debug/kprobes/enabled: Turn kprobes ON/OFF
503	506
...	...	@@ -69,9 +69,6 @@
69	69	/* list of kprobes for multi-handler support */
70	70	struct list_head list;
71	71
72		- /* Indicates that the corresponding module has been ref counted */
73		- unsigned int mod_refcounted;
74		-
75	72	/count the number of times this probe was temporarily disarmed /
76	73	unsigned long nmissed;
77	74
78	75
...	...	@@ -103,7 +100,18 @@
103	100
104	101	/* copy of the original instruction */
105	102	struct arch_specific_insn ainsn;
	103	+
	104	+ /* Indicates various status flags. Protected by kprobe_mutex. */
	105	+ u32 flags;
106	106	};
	107	+
	108	+/* Kprobe status flags */
	109	+#define KPROBE_FLAG_GONE 1 /* breakpoint has already gone */
	110	+
	111	+static inline int kprobe_gone(struct kprobe *p)
	112	+{
	113	+ return p->flags & KPROBE_FLAG_GONE;
	114	+}
107	115
108	116	/*
109	117	* Special probe type that uses setjmp-longjmp type tricks to resume
...	...	@@ -327,7 +327,7 @@
327	327	struct kprobe *kp;
328	328
329	329	list_for_each_entry_rcu(kp, &p->list, list) {
330		- if (kp->pre_handler) {
	330	+ if (kp->pre_handler && !kprobe_gone(kp)) {
331	331	set_kprobe_instance(kp);
332	332	if (kp->pre_handler(kp, regs))
333	333	return 1;
...	...	@@ -343,7 +343,7 @@
343	343	struct kprobe *kp;
344	344
345	345	list_for_each_entry_rcu(kp, &p->list, list) {
346		- if (kp->post_handler) {
	346	+ if (kp->post_handler && !kprobe_gone(kp)) {
347	347	set_kprobe_instance(kp);
348	348	kp->post_handler(kp, regs, flags);
349	349	reset_kprobe_instance();
350	350
...	...	@@ -545,9 +545,10 @@
545	545	ap->addr = p->addr;
546	546	ap->pre_handler = aggr_pre_handler;
547	547	ap->fault_handler = aggr_fault_handler;
548		- if (p->post_handler)
	548	+ /* We don't care the kprobe which has gone. */
	549	+ if (p->post_handler && !kprobe_gone(p))
549	550	ap->post_handler = aggr_post_handler;
550		- if (p->break_handler)
	551	+ if (p->break_handler && !kprobe_gone(p))
551	552	ap->break_handler = aggr_break_handler;
552	553
553	554	INIT_LIST_HEAD(&ap->list);
554	555
555	556
556	557
557	558
...	...	@@ -566,17 +567,41 @@
566	567	int ret = 0;
567	568	struct kprobe *ap;
568	569
	570	+ if (kprobe_gone(old_p)) {
	571	+ /*
	572	+ * Attempting to insert new probe at the same location that
	573	+ * had a probe in the module vaddr area which already
	574	+ * freed. So, the instruction slot has already been
	575	+ * released. We need a new slot for the new probe.
	576	+ */
	577	+ ret = arch_prepare_kprobe(old_p);
	578	+ if (ret)
	579	+ return ret;
	580	+ }
569	581	if (old_p->pre_handler == aggr_pre_handler) {
570	582	copy_kprobe(old_p, p);
571	583	ret = add_new_kprobe(old_p, p);
	584	+ ap = old_p;
572	585	} else {
573	586	ap = kzalloc(sizeof(struct kprobe), GFP_KERNEL);
574		- if (!ap)
	587	+ if (!ap) {
	588	+ if (kprobe_gone(old_p))
	589	+ arch_remove_kprobe(old_p);
575	590	return -ENOMEM;
	591	+ }
576	592	add_aggr_kprobe(ap, old_p);
577	593	copy_kprobe(ap, p);
578	594	ret = add_new_kprobe(ap, p);
579	595	}
	596	+ if (kprobe_gone(old_p)) {
	597	+ /*
	598	+ * If the old_p has gone, its breakpoint has been disarmed.
	599	+ * We have to arm it again after preparing real kprobes.
	600	+ */
	601	+ ap->flags &= ~KPROBE_FLAG_GONE;
	602	+ if (kprobe_enabled)
	603	+ arch_arm_kprobe(ap);
	604	+ }
580	605	return ret;
581	606	}
582	607
...	...	@@ -639,8 +664,7 @@
639	664	return -EINVAL;
640	665	}
641	666
642		- p->mod_refcounted = 0;
643		-
	667	+ p->flags = 0;
644	668	/*
645	669	* Check if are we probing a module.
646	670	*/
647	671
...	...	@@ -649,16 +673,14 @@
649	673	struct module *calling_mod;
650	674	calling_mod = __module_text_address(called_from);
651	675	/*
652		- * We must allow modules to probe themself and in this case
653		- * avoid incrementing the module refcount, so as to allow
654		- * unloading of self probing modules.
	676	+ * We must hold a refcount of the probed module while updating
	677	+ * its code to prohibit unexpected unloading.
655	678	*/
656	679	if (calling_mod != probed_mod) {
657	680	if (unlikely(!try_module_get(probed_mod))) {
658	681	preempt_enable();
659	682	return -EINVAL;
660	683	}
661		- p->mod_refcounted = 1;
662	684	} else
663	685	probed_mod = NULL;
664	686	}
665	687
...	...	@@ -687,8 +709,9 @@
687	709	out:
688	710	mutex_unlock(&kprobe_mutex);
689	711
690		- if (ret && probed_mod)
	712	+ if (probed_mod)
691	713	module_put(probed_mod);
	714	+
692	715	return ret;
693	716	}
694	717
695	718
696	719
697	720
...	...	@@ -716,16 +739,16 @@
716	739	list_is_singular(&old_p->list))) {
717	740	/*
718	741	* Only probe on the hash list. Disarm only if kprobes are
719		- * enabled - otherwise, the breakpoint would already have
720		- * been removed. We save on flushing icache.
	742	+ * enabled and not gone - otherwise, the breakpoint would
	743	+ * already have been removed. We save on flushing icache.
721	744	*/
722		- if (kprobe_enabled)
	745	+ if (kprobe_enabled && !kprobe_gone(old_p))
723	746	arch_disarm_kprobe(p);
724	747	hlist_del_rcu(&old_p->hlist);
725	748	} else {
726		- if (p->break_handler)
	749	+ if (p->break_handler && !kprobe_gone(p))
727	750	old_p->break_handler = NULL;
728		- if (p->post_handler) {
	751	+ if (p->post_handler && !kprobe_gone(p)) {
729	752	list_for_each_entry_rcu(list_p, &old_p->list, list) {
730	753	if ((list_p != p) && (list_p->post_handler))
731	754	goto noclean;
732	755
733	756
...	...	@@ -740,27 +763,16 @@
740	763
741	764	static void __kprobes __unregister_kprobe_bottom(struct kprobe *p)
742	765	{
743		- struct module *mod;
744	766	struct kprobe *old_p;
745	767
746		- if (p->mod_refcounted) {
747		- /*
748		- * Since we've already incremented refcount,
749		- * we don't need to disable preemption.
750		- */
751		- mod = module_text_address((unsigned long)p->addr);
752		- if (mod)
753		- module_put(mod);
754		- }
755		-
756		- if (list_empty(&p->list) \|\| list_is_singular(&p->list)) {
757		- if (!list_empty(&p->list)) {
758		- /* "p" is the last child of an aggr_kprobe */
759		- old_p = list_entry(p->list.next, struct kprobe, list);
760		- list_del(&p->list);
761		- kfree(old_p);
762		- }
	768	+ if (list_empty(&p->list))
763	769	arch_remove_kprobe(p);
	770	+ else if (list_is_singular(&p->list)) {
	771	+ /* "p" is the last child of an aggr_kprobe */
	772	+ old_p = list_entry(p->list.next, struct kprobe, list);
	773	+ list_del(&p->list);
	774	+ arch_remove_kprobe(old_p);
	775	+ kfree(old_p);
764	776	}
765	777	}
766	778
...	...	@@ -1074,6 +1086,67 @@
1074	1086
1075	1087	#endif /* CONFIG_KRETPROBES */
1076	1088
	1089	+/* Set the kprobe gone and remove its instruction buffer. */
	1090	+static void __kprobes kill_kprobe(struct kprobe *p)
	1091	+{
	1092	+ struct kprobe *kp;
	1093	+ p->flags \|= KPROBE_FLAG_GONE;
	1094	+ if (p->pre_handler == aggr_pre_handler) {
	1095	+ /*
	1096	+ * If this is an aggr_kprobe, we have to list all the
	1097	+ * chained probes and mark them GONE.
	1098	+ */
	1099	+ list_for_each_entry_rcu(kp, &p->list, list)
	1100	+ kp->flags \|= KPROBE_FLAG_GONE;
	1101	+ p->post_handler = NULL;
	1102	+ p->break_handler = NULL;
	1103	+ }
	1104	+ /*
	1105	+ * Here, we can remove insn_slot safely, because no thread calls
	1106	+ * the original probed function (which will be freed soon) any more.
	1107	+ */
	1108	+ arch_remove_kprobe(p);
	1109	+}
	1110	+
	1111	+/* Module notifier call back, checking kprobes on the module */
	1112	+static int __kprobes kprobes_module_callback(struct notifier_block *nb,
	1113	+ unsigned long val, void *data)
	1114	+{
	1115	+ struct module *mod = data;
	1116	+ struct hlist_head *head;
	1117	+ struct hlist_node *node;
	1118	+ struct kprobe *p;
	1119	+ unsigned int i;
	1120	+
	1121	+ if (val != MODULE_STATE_GOING)
	1122	+ return NOTIFY_DONE;
	1123	+
	1124	+ /*
	1125	+ * module .text section will be freed. We need to
	1126	+ * disable kprobes which have been inserted in the section.
	1127	+ */
	1128	+ mutex_lock(&kprobe_mutex);
	1129	+ for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
	1130	+ head = &kprobe_table[i];
	1131	+ hlist_for_each_entry_rcu(p, node, head, hlist)
	1132	+ if (within_module_core((unsigned long)p->addr, mod)) {
	1133	+ /*
	1134	+ * The vaddr this probe is installed will soon
	1135	+ * be vfreed buy not synced to disk. Hence,
	1136	+ * disarming the breakpoint isn't needed.
	1137	+ */
	1138	+ kill_kprobe(p);
	1139	+ }
	1140	+ }
	1141	+ mutex_unlock(&kprobe_mutex);
	1142	+ return NOTIFY_DONE;
	1143	+}
	1144	+
	1145	+static struct notifier_block kprobe_module_nb = {
	1146	+ .notifier_call = kprobes_module_callback,
	1147	+ .priority = 0
	1148	+};
	1149	+
1077	1150	static int __init init_kprobes(void)
1078	1151	{
1079	1152	int i, err = 0;
...	...	@@ -1130,6 +1203,9 @@
1130	1203	err = arch_init_kprobes();
1131	1204	if (!err)
1132	1205	err = register_die_notifier(&kprobe_exceptions_nb);
	1206	+ if (!err)
	1207	+ err = register_module_notifier(&kprobe_module_nb);
	1208	+
1133	1209	kprobes_initialized = (err == 0);
1134	1210
1135	1211	if (!err)
1136	1212
...	...	@@ -1150,10 +1226,12 @@
1150	1226	else
1151	1227	kprobe_type = "k";
1152	1228	if (sym)
1153		- seq_printf(pi, "%p %s %s+0x%x %s\n", p->addr, kprobe_type,
1154		- sym, offset, (modname ? modname : " "));
	1229	+ seq_printf(pi, "%p %s %s+0x%x %s %s\n", p->addr, kprobe_type,
	1230	+ sym, offset, (modname ? modname : " "),
	1231	+ (kprobe_gone(p) ? "[GONE]" : ""));
1155	1232	else
1156		- seq_printf(pi, "%p %s %p\n", p->addr, kprobe_type, p->addr);
	1233	+ seq_printf(pi, "%p %s %p %s\n", p->addr, kprobe_type, p->addr,
	1234	+ (kprobe_gone(p) ? "[GONE]" : ""));
1157	1235	}
1158	1236
1159	1237	static void __kprobes kprobe_seq_start(struct seq_file f, loff_t *pos)
...	...	@@ -1234,7 +1312,8 @@
1234	1312	for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
1235	1313	head = &kprobe_table[i];
1236	1314	hlist_for_each_entry_rcu(p, node, head, hlist)
1237		- arch_arm_kprobe(p);
	1315	+ if (!kprobe_gone(p))
	1316	+ arch_arm_kprobe(p);
1238	1317	}
1239	1318
1240	1319	kprobe_enabled = true;
...	...	@@ -1263,7 +1342,7 @@
1263	1342	for (i = 0; i < KPROBE_TABLE_SIZE; i++) {
1264	1343	head = &kprobe_table[i];
1265	1344	hlist_for_each_entry_rcu(p, node, head, hlist) {
1266		- if (!arch_trampoline_kprobe(p))
	1345	+ if (!arch_trampoline_kprobe(p) && !kprobe_gone(p))
1267	1346	arch_disarm_kprobe(p);
1268	1347	}
1269	1348	}