Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Linux Kernel - How to match a jprobe to kretprobe?

Tags:

c

linux

linux-kernel

kernel

kernel-module

I am writing a kernel module to monitor a few syscalls wanting to return the function arguments to user-land (via netlink socket) if the call was successful.

jprobe.kp.symbol_name = "rename";
jprobe.entry = rename_handler;

kretprobe.kp.symbol_name = "rename";
kretprobe.handler = rename_ret_handler;

static rename_obj_t _g_cur_rename = NULL;

static void _rename_handler(const char *oldpath, const char *newpath)
{
    _g_cur_rename = create_rename(oldpath, newpath);
    jprobe_return();
}

static void _rename_ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
    /* Send only if successful */
    if (regs_return_value(regs) == 0) {
        add_send_queue(_g_cur_rename);
    }
    return 0;
}

I worry that another rename syscall may preempt[1] the current one after the jprobe and I will send incorrect return codes and arguments.

jprobe: rename(a, b)
    jprobe rename(c, d)
    kretprobe
kretprobe

Edit: This article[2] states that interrupts are disabled during a kprobe handler. But does that mean that interrupts are disable throughout the whole chain (jprobe -> kprobe -> kretprobe) or just for that single kprobe?

  1. https://unix.stackexchange.com/questions/186355/few-questions-about-system-calls-and-kernel-modules-kernel-services-in-parallel
  2. https://lwn.net/Articles/132196/
like image 379
rvk Avatar asked Oct 03 '16 14:10

rvk

1 Answers

Interrupts are disabled for each jprobe call: not for the entire sequence.

How many calls are you expecting in the time it will take the application to process them? There are different approaches depending on how fast you expect the calls to come in. The simplest method, if you are only expecting maybe a few hundred calls before you can process them and you will dedicate the static memory to the purpose, is to implement a static array of rename_obj_t objects in memory and then use atomic_add from the kernel asm includes to point to the next entry (mod the size of your array).

This way you are returning a unique static reference each time, so long as the counter doesn't wrap around before you process the returned values. atomic_add is guaranteed to have the correct memory barriers in place so you don't have to worry about things like cache coherency.

like image 194
Daniel Wisehart Avatar answered Sep 19 '22 20:09

Daniel Wisehart
Sign in to Comment

Related questions

Change an mmap'd memory region from MAP_SHARED to MAP_PRIVATE
Improving "randomness" when extending the range of rand()
What gcc option enables loop unrolling for SSE intrinsics with immediate operands?
Can Test and Set be implemented in software without hardware support?
Understanding assembly language
Should the visibility attribute be specified in declarations or in definitions?
Speeding up Matlab Engine calls
Why isn't it possible in C to initialize a constant with another constant? [duplicate]
Updating array of doubles with atomic operations
What does "the choice must be consistent for all consumers" mean?
GCC not working but G++ does
GCC optimization differences in recursive functions using globals
How to fix distcc error
How can I find the bridge device name for my tap adapter in C?
How is the anatomy of memory mapped Kernel space
why are there multiple fcntl.h in linux?
How does OpenCL work without ICD loader extension?
Multiplying integer by rational without intermediate overflow
Meaning of ldexp and frexp?
C compiler bug or program error?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!