I just checked kprobe in Linux-5.8.18 with the following codes, but it seemed not work as expected.
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/kprobes.h>
#include <linux/init.h>
#include <linux/version.h>
MODULE_DESCRIPTION("kprobe test");
MODULE_LICENSE("GPL");
int kprobe_handler(struct kprobe *p, struct pt_regs *reg) //long start, size_t len_in, int bhv)
{
printk("XXXXXXXXXXXX Being called by %d\n", current->pid);
return 0;
}
static void handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long flags)
{
printk("XXXXXXXXXXXX Being called\n");
return;
}
static struct kprobe kprobe_entry = {
.pre_handler = kprobe_handler,
.post_handler = handler_post,
.symbol_name = "do_madvise",
};
static int __init kprobe_test_init(void)
{
int ret;
ret = register_kprobe(&kprobe_entry);
if (ret < 0) {
return ret;
}
printk("Initializing kprobe, KP.addr %px\n", kprobe_entry.addr);
return 0;
}
static void __exit kprobe_test_exit(void)
{
unregister_kprobe(&kprobe_entry);
printk("Finalizing kprobe\n");
}
module_init(kprobe_test_init);
module_exit(kprobe_test_exit);
I tried to probe the do_madvise() <I tried to probe the system call function of sys_madvise, but I did NOT find what is the right function name to probe by reading /proc/kallsyms, So I turned to probe do_madvise.>
The register_kprobe() succeeded, but when an application called madvise() in user space, there is NO kernel log from the kprobe handlers I provided. It seemed that kprobe handlers are NOT being called or the do_madvise() is NOT being probed properly.
Thanks,