[lttng-dev] lttng kretprobe issue
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Thu Jun 5 13:08:31 EDT 2014
----- Original Message -----
> From: "tarek slaymia" <tarek.slaymia at gmail.com>
> To: lttng-dev at lists.lttng.org, lttng-dev-request at lists.lttng.org
> Sent: Thursday, May 29, 2014 3:53:10 PM
> Subject: [lttng-dev] lttng kretprobe issue
> Hi all
> when i replace a syscall function address for example sys_write using this
> function in my LKM module :
> xchg(&sys_call_table[__NR_write],my_own_write);
> In the normal case the content of sys_call_table[__NR_write] address changes
> and it displays the address of my_own_write using debug technique .
> I have an issue when tracing this change using lttng kretprobe :
> lttng enable-event sys_write -k --function sys_write
> The ip value of sys_write ( the same address of sys_call_table[__NR_write] )
> remains the same even after changing it by the new function address (address
> of my_own_write)
> Why the ip value of sys_write syscall displayed in lttng traces remains the
> same even after changing it ?
sys_write is a symbol, and its address does not change. You place the
kretprobe on the symbol.
What you are overwriting is the content of the sys_call_table array, not
the address of the sys_write symbol.
So the resulting behavior is very much expected.
Thanks,
Mathieu
> Best regards.
> _______________________________________________
> lttng-dev mailing list
> lttng-dev at lists.lttng.org
> http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lttng.org/pipermail/lttng-dev/attachments/20140605/687f6920/attachment.html>
More information about the lttng-dev
mailing list