问题描述
我正在尝试使用kprobes拦截模块中的以下功能.为此函数传递了"register_kprobe",但调用该函数时未触发Kprobe处理程序.
Am trying to intercept below function in module using kprobes. "register_kprobe" passed for this function but Kprobe handler is not getting triggered when function is called.
奇怪的是,如果我在探测函数中打印函数地址,它将开始工作(调用kprobe处理程序).它也适用于内核中的其他功能.
Strangely it starts working (kprobe handler gets called) if I print function address inside probing function. It works for other functions in kernel as well.
为什么不触发kprobe处理程序,并且打印功能的地址有何不同?
Why is kprobe handler not getting triggered and what difference printing function address is making?
系统在x86_64上安装了3.10内核.
system has 3.10 kernel on x86_64 installed.
无效的代码:
int race;
void test_increment()
{
race++;
printk(KERN_INFO "VALUE=%d\n",race);
return;
}
工作代码:
int race;
void test_increment()
{
race++;
printk(KERN_INFO "test_increment address: %p\n", test_increment);
printk(KERN_INFO "VALUE=%d\n",race);
return;
}
调用func(已注册为回调,用于写入debugfs文件):
calling func (it is registered as callback for write to debugfs file):
static ssize_t write_conf_pid(struct file *file, const char *buf,
size_t count, loff_t *position)
{
char temp_str[STRING_MAX];
int ret;
if (copy_from_user(temp_str, buf, STRING_MAX) != 0)
return -EFAULT;
/* NEVER TRUST USER INPUT */
if (count > STRING_MAX)
return -EINVAL;
test_increment();
return count;
}
kprobe函数:
kp = kzalloc(sizeof(struct kprobe), GFP_KERNEL);
kp->post_handler = exit_func;
kp->pre_handler = entry_func;
kp->addr = sym_addr;
ret = register_kprobe(kp);
谢谢.
推荐答案
您未提供调用函数的代码.
You did no provide code calling the func.
最有可能发生的事情是,他的编译器在内联了调用站点的正文,并添加了地址地址以说服它生成完整的正文并调用它.应该很容易通过拆卸来检查.
What most likely happens is that he compiler inlines the body at the callsite and the addition of priting the address convinces it to generate full body and call it instead. Should be easy to check by disassembling.
但是,实际的问题始终是相同的:您在做什么?
However, the actual question is always the same: what are you doing?
这篇关于kprobe处理程序未触发特定功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!