LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-05-2004, 09:21 PM   #1
shogun1234
Member
 
Registered: May 2004
Posts: 226

Rep: Reputation: 15
kprobes prgramming problem


When I learn to program kprobe follow the post on ibm[http://www-106.ibm.com/developerwork...l-kprobes.html], there's something I can't figure out. According to the post, to register a probe was to specify handlers[pre_handler, etc]. However, in the post, the code looks like
Code:
  kp.pre_handler=handler_pre;
  kp.post_handler=handler_post;
  kp.fault_handler=handler_fault;
But it will results in error "request for member pre_handler in something or not a struct or union"; that's because the handler_pre is a function stated in the previous section in the article, as follow:
Code:
int handler_pre(struct kprobe *p, struct pt_regs *regs) {
  printk("pre_handler: p->addr=0x%p, eflags=0x%lx\n",p->addr,
    regs->eflags);
  return 0;
}
There might be missing part I do not inderstand, what should I do to enable to register a probe?
I appreciate any suppgestion,
regards,
p.s.:env is debian 3.0r2 with kernel updated to 2.6.9; gcc 2.95.4.

Last edited by shogun1234; 11-05-2004 at 09:27 PM.
 
Old 11-08-2004, 01:31 AM   #2
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
Did you include/define the structures "struct kprobe" , and "struct pt_regs" defined in -->
int handler_pre(struct kprobe *p, struct pt_regs *regs) .
 
Old 11-08-2004, 04:17 AM   #3
shogun1234
Member
 
Registered: May 2004
Posts: 226

Original Poster
Rep: Reputation: 15
Thanks for replying my question. I did solve this problem by moving handler_pre function
declared before the assignment [kp.pre_handler=hander_pre];
but I don't know the reason why.
Would you please to tell me the reason why?
That's my new first question.
Second, I encounter new one after compiling source code. It has messenges like "***
Warning: "kallsyms_lookup_name"
[/root/program/kernel/module/sample/probe.ko] undefined!",
which results in the error when 'inmode my_module.ko' ( error message
is "insmod: error inserting 'probe.ko': -1 Unknown symbol in module");
but I've already had kallsyms.h decleared in my source code.
How to solve it? I know it maybe a stupid question, but I'm new to
such kind of programming and willing to know how.
I appreciate any suggestion,
Sincerely
env is debian 3.0r2 with kernel updated to 2.6.9; gcc 2.95.4.

below is my source code:
==========Kprobe.c==========BEG
#include <linux/kallsyms.h>

#include <linux/module.h>
#include <linux/kernel.h>

/* kprobes */
#include <linux/kprobes.h>

int
handler_pre(struct kprobe *p, struct pt_regs *regs)
{
printk("pre_hanlder: p->addr=0x%p, eflags=0x%lx\n",
p->addr, regs->eflags);
return 0;
}

void
handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long
eflags)
{
printk("post_handler: p->addr=0x%p, eflags=0x%lx \n",
p->addr, regs->eflags);
}

int
handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
printk("fault_handler->addr=0x%p, eflags=0x%lx\n",
p->addr, regs->eflags);
return 0;
}

int
init_module(void)
{
struct kprobe kp;

printk(KERN_ALERT"init module!\n");
kp.pre_handler=handler_pre;
kp.post_handler=handler_post;
kp.fault_handler=handler_fault;
kp.addr=(kprobe_opcode_t *)kallsyms_lookup_name("do_fork");
if(kp.addr==NULL){
printk("kallsyms_lookup_name could not find address for the
specified sumbol name!\n");
return 1;
}
register_kprobe(&kp);
return 0;
}

void
cleanup_module()
{
printk(KERN_ALERT"cleanup module!\n");
}


==========Kprobe.c==========END


Quote:
Originally posted by UsualTuxpect
Did you include/define the structures "struct kprobe" , and "struct pt_regs" defined in -->
int handler_pre(struct kprobe *p, struct pt_regs *regs) .
 
Old 11-08-2004, 11:29 AM   #4
UsualTuxpect
Member
 
Registered: Aug 2004
Location: New York
Distribution: --------- Gentoo-2004.2 [2.6.8] Redhat-9 [2.6.6]
Posts: 545

Rep: Reputation: 31
******So did you compile your kernel with CONFIG_KALLSYMS enabled ?????

Getting the address of a kernel routine
You also need to specify the address of the kernel routine where you want to insert the probe during registration. Use any of these methods to get the kernel routine address:

# Use the kallsyms_lookup_name() routine.
This routine is defined in the kernel/kallsyms.c file, and you must compile the kernel with CONFIG_KALLSYMS enabled in order to use it. kallsyms_lookup_name() takes a kernel routine name as a string and returns the address of that kernel routine. For example: kallsyms_lookup_name("do_fork");

OR)


****I DID THIS ON MY SYSTEM ACCORDING TO THE URL***and it returned the address of "do_fork".


$ grep do_fork /usr/src/linux-2.6.6-1.435/System.map
02118fa3 T do_fork

***********NOTE YOUR LOCATION OF System.map might be different******************

to find the location of System.map on your computer -->#locate System.map

Then you could pass the addres to kp.addr=02118fa3;
some thing like that, make sure you are typecasting it properly.

Last edited by UsualTuxpect; 11-08-2004 at 11:31 AM.
 
Old 11-09-2004, 04:21 AM   #5
shogun1234
Member
 
Registered: May 2004
Posts: 226

Original Poster
Rep: Reputation: 15
Ya, I've already had my kernel with CONFIG_KALLSYMS enabled (set to 'y') when making new kernel [config fragment and make command attached as below]. Or does it mean that I have to add some parameters when compiling kernel module? There might have missing part that I do not figure it out.
I appreciate your help, sincerely.
==========copile command BEG==========
make -C $HOME/kernel/linux-`uname -r` SUBDIRS=$PWD modules 2>error.txt
==========copile command END==========
==========.config BEG==========
#
# General setup
#
CONFIG_LOCALVERSION=""
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
# CONFIG_BSD_PROCESS_ACCT is not set
CONFIG_SYSCTL=y
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_LOG_BUF_SHIFT=15
CONFIG_HOTPLUG=y
# CONFIG_IKCONFIG is not set
# CONFIG_EMBEDDED is not set
CONFIG_KALLSYMS=y #<---------------------------- here
# CONFIG_KALLSYMS_ALL is not set
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SHMEM=y
# CONFIG_TINY_SHMEM is not set
...
...
...
#
# Kernel hacking
#
CONFIG_DEBUG_KERNEL=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_DEBUG_SLAB=y
CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_SPINLOCK_SLEEP=y
CONFIG_DEBUG_INFO=y
CONFIG_FRAME_POINTER=y
CONFIG_EARLY_PRINTK=y
CONFIG_DEBUG_STACKOVERFLOW=y
CONFIG_KPROBES=y
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_DEBUG_PAGEALLOC=y
CONFIG_4KSTACKS=y
CONFIG_SCHEDSTATS=y
CONFIG_X86_FIND_SMP_CONFIG=y
CONFIG_X86_MPPARSE=y
....
....
==========.config END==========

Quote:
Originally posted by UsualTuxpect
******So did you compile your kernel with CONFIG_KALLSYMS enabled ?????

Getting the address of a kernel routine
You also need to specify the address of the kernel routine where you want to insert the probe during registration. Use any of these methods to get the kernel routine address:

# Use the kallsyms_lookup_name() routine.
This routine is defined in the kernel/kallsyms.c file, and you must compile the kernel with CONFIG_KALLSYMS enabled in order to use it. kallsyms_lookup_name() takes a kernel routine name as a string and returns the address of that kernel routine. For example: kallsyms_lookup_name("do_fork");

OR)


****I DID THIS ON MY SYSTEM ACCORDING TO THE URL***and it returned the address of "do_fork".


$ grep do_fork /usr/src/linux-2.6.6-1.435/System.map
02118fa3 T do_fork

***********NOTE YOUR LOCATION OF System.map might be different******************

to find the location of System.map on your computer -->#locate System.map

Then you could pass the addres to kp.addr=02118fa3;
some thing like that, make sure you are typecasting it properly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
kprobes shogun1234 Linux - Software 2 11-08-2004 04:20 AM
perl problem? apache problem? cgi problem? WorldBuilder Linux - Software 1 09-17-2003 07:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration