In this post I will depict how to use jprobes in Linux. Jprobes are the functions which we need to register. Once registered your jprobe will be called just before the Linux kernel test function. For this to work properly your kernel should have been compiled with CONFIG_KPROBES as ''y'' . Also the kernel module shall be compiled with LICENSE "GPL".
Here is a sample module which puts prove on blk_queue_bio function of Linux kernel :
#include<linux/module.h>
#include<linux/version.h>
#include<linux/kernel.h>
#include<linux/init.h>
#include<linux/kprobes.h>
// for request_queue and bio
#include<linux/blkdev.h>
#include<linux/blk_types.h>
void my_handler(struct request_queue *q, struct bio *bio)
{
static int i = 0;
if(i <= 50)
i++;
if(i <= 50)
{
printk("Your probe got hit \n");
dump_stack();
if((bio->bi_bdev != NULL) && (bio->bi_bdev->bd_disk != NULL))
{
printk("disk_name = %s\n", bio->bi_bdev->bd_disk->disk_name);
}
}
jprobe_return();
}
static struct jprobe my_probe;
int myinit(void)
{
printk("module inserted\n");
my_probe.kp.addr = (kprobe_opcode_t *)0xffffffff81294310; //function address for blk_queue_bio
my_probe.entry = (kprobe_opcode_t *)my_handler;
register_jprobe(&my_probe);
return 0;
}
void myexit(void)
{
unregister_jprobe(&my_probe);
printk("module removed\n");
}
module_init(myinit);
module_exit(myexit);
MODULE_AUTHOR("K_K");
MODULE_DESCRIPTION("SIMPLE MODULE");
MODULE_LICENSE("GPL");
You can take address of any kernel function from /proc/kallsyms
[root@localhost jprobe]# cat /proc/kallsyms | grep blk_queue_bio
ffffffff81294310 T blk_queue_bio
Makefile for this module :
obj-m +=jprobe_example.o
KDIR= /lib/modules/$(shell uname -r)/build
all:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
clean:
rm -rf *.o *.ko *.mod.* .c* .t* .*.cmd .tmp_versions
You can check the dump_stack statements getting hit whenever a call to blk_queue_bio is made.
This module can be inserted and run like:
insmod jprobe_example.ko
dd if=/dev/mapper/mpatha of=/root/test_file bs=1M count=100
rmmod jprobe_example
Here is a sample module which puts prove on blk_queue_bio function of Linux kernel :
#include<linux/module.h>
#include<linux/version.h>
#include<linux/kernel.h>
#include<linux/init.h>
#include<linux/kprobes.h>
// for request_queue and bio
#include<linux/blkdev.h>
#include<linux/blk_types.h>
void my_handler(struct request_queue *q, struct bio *bio)
{
static int i = 0;
if(i <= 50)
i++;
if(i <= 50)
{
printk("Your probe got hit \n");
dump_stack();
if((bio->bi_bdev != NULL) && (bio->bi_bdev->bd_disk != NULL))
{
printk("disk_name = %s\n", bio->bi_bdev->bd_disk->disk_name);
}
}
jprobe_return();
}
static struct jprobe my_probe;
int myinit(void)
{
printk("module inserted\n");
my_probe.kp.addr = (kprobe_opcode_t *)0xffffffff81294310; //function address for blk_queue_bio
my_probe.entry = (kprobe_opcode_t *)my_handler;
register_jprobe(&my_probe);
return 0;
}
void myexit(void)
{
unregister_jprobe(&my_probe);
printk("module removed\n");
}
module_init(myinit);
module_exit(myexit);
MODULE_AUTHOR("K_K");
MODULE_DESCRIPTION("SIMPLE MODULE");
MODULE_LICENSE("GPL");
You can take address of any kernel function from /proc/kallsyms
[root@localhost jprobe]# cat /proc/kallsyms | grep blk_queue_bio
ffffffff81294310 T blk_queue_bio
Makefile for this module :
obj-m +=jprobe_example.o
KDIR= /lib/modules/$(shell uname -r)/build
all:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
clean:
rm -rf *.o *.ko *.mod.* .c* .t* .*.cmd .tmp_versions
You can check the dump_stack statements getting hit whenever a call to blk_queue_bio is made.
This module can be inserted and run like:
insmod jprobe_example.ko
dd if=/dev/mapper/mpatha of=/root/test_file bs=1M count=100
rmmod jprobe_example
No comments:
Post a Comment