kprobe

1、保证编译环境可用。
1）获取 Compile_Tool-3.0.93-1.0.x86_64.rpm 。
2）解压：rpm2cpio Compile_Tool_3.0.93-1.0.x86_64.rpm  | cpio -div
3) 安装环境rpm包：rpm -ivh kernel-source-3.0.93-0.8.2.x86_64.rpm
                  rpm -ivh kernel-xen-devel-3.0.93-0.8.2.x86_64.rpm

2、修改samples/kprobes/Makefile ,如：
obj-m := kprobe_example.o

KDIR := /lib/modules/$(shell uname -r)/build

PWD := $(shell pwd)

all:
            make -C $(KDIR) M=$(PWD) modules

clean:
            rm *.o *.ko *.mod.c Modules.symvers modules.order -f

3、增加samples/kprobes/kprobe_example.c用例后，make产生一个ko文件。

在linux目录下
make modules M=samples/kprobes

4、insmod  ko文件。 看dmesg信息打印。

 

 

vim /proc/kallsyms 获.取内核函数符号表

 

struct timespec ts0_start, ts0_end;

/* kprobe pre_handler: called just before the probed instruction is executed */
static int ocfs2_write_begin_handler_pre(struct kprobe *probe, struct pt_regs *regs)
{

dump_stack();
 ktime_get_ts(&ts0_start);
 printk("ocfs2_write_begin ... \n");
 //printk("ocfs2_write_begin, start_ns: %llu\n", timespec_to_ns(&ts0_start));
 return 0;
}

/* kprobe post_handler: called after the probed instruction is executed */
static void ocfs2_write_begin_handler_post(struct kprobe *p, struct pt_regs *regs,
    unsigned long flags)
{
 ktime_get_ts(&ts0_end);
 printk("ocfs2_write_begin spend time: %llu ns, ts0_start_ns: %llu, ts0_end_ns: %llu \n",
  timespec_to_ns(&ts0_end) - timespec_to_ns(&ts0_start), timespec_to_ns(&ts0_start), timespec_to_ns(&ts0_end)); 
}