module function probe

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

module function probe

bibo,mao-2
Hi,
        I wrote one module named probed.ko after compiled, and the other
is kprobe module named probing.ko which is to probe some function
defined in probed.ko module.
        And then I executed the follow command so that some function can
be probed.
                #insmod probed.ko
                #insmod probing.ko
But when I undelete module in such order kernel will crash
                #rmmod probed.ko (system is ok)
                #rmmod probing.ko (system will crash)
The reason is that when unregister kprobe it will restore original
instruction, but when probed module exits, its instruction address space
is freed, so when restore original instruction it will crash.

Regards
Bibo,mao
Reply | Threaded
Open this post in threaded view
|

RE: module function probe

Zhang, Yanmin
The module reference count is not correct. The module ref count should be increased with 1 when a kprobe is registered at the module exec text, and vice versa.

Yanmin

>>-----Original Message-----
>>From: Mao, Bibo
>>Sent: 2005年11月25日 13:50
>>To: [hidden email]
>>Cc: 'Frank Ch. Eigler'; Keshavamurthy, Anil S; Zhang, Yanmin
>>Subject: module function probe
>>
>>Hi,
>> I wrote one module named probed.ko after compiled, and the other is kprobe
>>module named probing.ko which is to probe some function defined in probed.ko
>>module.
>> And then I executed the follow command so that some function can be probed.
>> #insmod probed.ko
>> #insmod probing.ko
>>But when I undelete module in such order kernel will crash
>> #rmmod probed.ko (system is ok)
>> #rmmod probing.ko (system will crash)
>>The reason is that when unregister kprobe it will restore original instruction,
>>but when probed module exits, its instruction address space is freed, so when
>>restore original instruction it will crash.
>>
>>Regards
>>Bibo,mao
Reply | Threaded
Open this post in threaded view
|

Re: module function probe

Frank Ch. Eigler
In reply to this post by bibo,mao-2
Hi -

> I wrote one module named probed.ko after compiled, and the other
> is kprobe module named probing.ko which is to probe some function
> defined in probed.ko module.
> [...]
> #insmod probed.ko
> #insmod probing.ko
> #rmmod probed.ko
> #rmmod probing.ko
> [...]

To manage module reference counts in a way that prevents this problem,
systemtap keeps a file descriptor open on some file under
/sys/module/<PROBED>/.  By using plain insmod, you are giving up this
protection.

- FChE
Reply | Threaded
Open this post in threaded view
|

RE: module function probe

Keshavamurthy, Anil S
In reply to this post by bibo,mao-2
Please see my comments.

>-----Original Message-----
>From: [hidden email]
>[mailto:[hidden email]] On Behalf Of Frank Ch. Eigler
>Sent: Friday, November 25, 2005 4:37 AM
>To: Mao, Bibo
>Cc: [hidden email]
>Subject: Re: module function probe
>
>Hi -
>
>> I wrote one module named probed.ko after compiled, and the other
>> is kprobe module named probing.ko which is to probe some function
>> defined in probed.ko module.
>> [...]
>> #insmod probed.ko
>> #insmod probing.ko
>> #rmmod probed.ko
>> #rmmod probing.ko
>> [...]
>
>To manage module reference counts in a way that prevents this problem,
>systemtap keeps a file descriptor open on some file under
>/sys/module/<PROBED>/.  By using plain insmod, you are giving up this
>protection.

I think we should implement this module reference count
logic built in the kernel kprobes code.

Here is how it can be done.
register_kprobe(...)
{
.....
+ if ((mod = module_text_address((unsigned long) p->addr)))
+ if (unlikely(!try_module_get(mod))) return -EINVAL;

....
}

Unregister_kprobe(...)
{
....
+ module_put(module_text_address((unsigned long)p->addr));
...
}

Opened a bugzilla
http://sources.redhat.com/bugzilla/show_bug.cgi?id=1954

Cheers,
Anil Keshavamurthy