$ cat kprobe-exam.c
/* kprobe-exam.c */
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/kprobes.h>
#include <linux/kallsyms.h>
#include <linux/sched.h>
#include <linux/time.h>
static struct kprobe kp;
static struct timeval start, end;
static int schedule_counter = 0;
int handler_pre(struct kprobe *p, struct pt_regs *regs)
{
printk("current task on CPU#%d: %s (before scheduling), preempt_count = %d\n", smp_processor_id(), current->comm, preempt_count());
schedule_counter++;
return 0;
}
void handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long flags)
{
printk("current task on CPU#%d: %s (after scheduling), preempt_count = %d\n", smp_processor_id(), current->comm, preempt_count());
}
int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr)
{
printk("A fault happened during probing.\n");
return 0;
}
int init_module(void)
{
int ret;
kp.pre_handler = handler_pre;
kp.post_handler = handler_post;
kp.fault_handler = handler_fault;
//kp.addr = (kprobe_opcode_t*) kallsyms_lookup_name("schedule");
kp.addr = (kprobe_opcode_t*) kallsyms_lookup_name("i40e_get_link_ksettings");
if (!kp.addr) {
printk("Couldn't get the address of schedule.\n");
return -1;
}
if ((ret = register_kprobe(&kp) < 0)) {
printk("register_kprobe failed, returned %d\n", ret);
return -1;
}
do_gettimeofday(&start);
printk("kprobe registered\n");
return 0;
}
void cleanup_module(void)
{
unregister_kprobe(&kp);
do_gettimeofday(&end);
printk("Scheduling times is %d during of %ld milliseconds.\n", schedule_counter, ((end.tv_sec - start.tv_sec)*1000000 + (end.tv_usec - start.tv_usec))/1000);
printk("kprobe unregistered\n");
}
MODULE_LICENSE("GPL");
$ cat Makefile
obj-m := kprobe-exam.o
CROSS_COMPILE=''
KDIR := /lib/modules/$(shell uname -r)/build
all:
make -C $(KDIR) M=$(PWD) modules
clean:
rm -f *.ko *.o *.mod.o *.mod.c .*.cmd *.symvers modul*
輸入make
sudo insmod kprobe-exam.ko
測試即可觸發:
cat /sys/class/net/eth01/speed
即可在dmesg看到對應的內容
後:
sudo bpftrace -e ‘k:i40e_get_link_ksettings { @size[pid, comm] = hist(arg2); }’
類似方式可以通過bpftrace進行查看