I am trying to use kprobe to track handle_pte_fault function calls in linux kernel. I can probe handle_mm_fault but when I try to probe handle_pte_dault, kprobe's handler for handle_pte_fault doesn't print anything.
Using this I figured that i can't probe a function which is inline and also maybe static. So, I changed the definition of the handle_pte_fault function as following and recompiled the kernel.
From:
static int handle_pte_fault(struct vm_fault *vmf)
to:
noinline int handle_pte_fault(struct vm_fault *vmf)
I also added following to make sure handle_pte_fault symbol exists
EXPORT_SYMBOL_GPL(handle_pte_fault);
Still I am not able to track/probe handle_pte_fault function. Any help or explanation. Does it mean kprobe will only work for some random functions?
I am using kernel v4.13.
Below is the kernel module code for the kprobe that i am using:
#include<linux/module.h>
#include<linux/version.h>
#include<linux/kernel.h>
#include<linux/init.h>
#include<linux/kprobes.h>
static struct kprobe kp;
static const char *probed_func = "handle_pte_fault";
static unsigned int counter = 0;
int Pre_Handler(struct kprobe *p, struct pt_regs *regs){
printk("Pre_Handler: counter=%u\n",counter++);
return 0;
}
void Post_Handler(struct kprobe *p, struct pt_regs *regs, unsigned long flags){
printk("Post_Handler: counter=%u\n",counter++);
}
int myinit(void)
{
printk("module inserted\n ");
kp.pre_handler = Pre_Handler;
kp.post_handler = Post_Handler;
kp.addr = (kprobe_opcode_t *)kallsyms_lookup_name(probed_func);
register_kprobe(&kp);
return 0;
}
void myexit(void)
{
unregister_kprobe(&kp);
printk("module removed\n ");
}
module_init(myinit);
module_exit(myexit);
MODULE_AUTHOR("User1");
MODULE_DESCRIPTION("KPROBE MODULE");
MODULE_LICENSE("GPL");