Am trying to intercept below function in module using kprobes. "register_kprobe" passed for this function but Kprobe handler is not getting triggered when function is called.
Strangely it starts working (kprobe handler gets called) if I print function address inside probing function. It works for other functions in kernel as well.
Why is kprobe handler not getting triggered and what difference printing function address is making?
system has 3.10 kernel on x86_64 installed.
Not working code:
int race;
void test_increment()
{
race++;
printk(KERN_INFO "VALUE=%d\n",race);
return;
}
Working code:
int race;
void test_increment()
{
race++;
printk(KERN_INFO "test_increment address: %p\n", test_increment);
printk(KERN_INFO "VALUE=%d\n",race);
return;
}
calling func (it is registered as callback for write to debugfs file):
static ssize_t write_conf_pid(struct file *file, const char *buf,
size_t count, loff_t *position)
{
char temp_str[STRING_MAX];
int ret;
if (copy_from_user(temp_str, buf, STRING_MAX) != 0)
return -EFAULT;
/* NEVER TRUST USER INPUT */
if (count > STRING_MAX)
return -EINVAL;
test_increment();
return count;
}
kprobe function:
kp = kzalloc(sizeof(struct kprobe), GFP_KERNEL);
kp->post_handler = exit_func;
kp->pre_handler = entry_func;
kp->addr = sym_addr;
ret = register_kprobe(kp);
Thanks.
You did no provide code calling the func.
What most likely happens is that he compiler inlines the body at the callsite and the addition of priting the address convinces it to generate full body and call it instead. Should be easy to check by disassembling.
However, the actual question is always the same: what are you doing?