----- Original Message ----- > From: "tarek slaymia" <[email protected]> > To: [email protected], [email protected] > Sent: Thursday, May 29, 2014 3:53:10 PM > Subject: [lttng-dev] lttng kretprobe issue
> Hi all > when i replace a syscall function address for example sys_write using this > function in my LKM module : > xchg(&sys_call_table[__NR_write],my_own_write); > In the normal case the content of sys_call_table[__NR_write] address changes > and it displays the address of my_own_write using debug technique . > I have an issue when tracing this change using lttng kretprobe : > lttng enable-event sys_write -k --function sys_write > The ip value of sys_write ( the same address of sys_call_table[__NR_write] ) > remains the same even after changing it by the new function address (address > of my_own_write) > Why the ip value of sys_write syscall displayed in lttng traces remains the > same even after changing it ? sys_write is a symbol, and its address does not change. You place the kretprobe on the symbol. What you are overwriting is the content of the sys_call_table array, not the address of the sys_write symbol. So the resulting behavior is very much expected. Thanks, Mathieu > Best regards. > _______________________________________________ > lttng-dev mailing list > [email protected] > http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com
_______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
