#include "monitor_kallsyms.h" unsigned long (*diag_kallsyms_lookup_name)(const char *name); struct kprobe kprobe_kallsyms_lookup_name = {.symbol_name = "kallsyms_lookup_name"}; // orig_fun unsigned int (*orig_stack_trace_save_tsk)(struct task_struct *task, unsigned long *store, unsigned int size, unsigned int skipnr); void (*orig_show_stack)(struct task_struct *task, unsigned long *sp, const char *loglvl); struct sched_class *orig_idle_sched_class; int (*orig_get_task_type)(struct sched_entity *se); int (*orig_kernfs_name)(struct kernfs_node *kn, char *buf, size_t buflen); int (*orig_access_remote_vm)(struct mm_struct *mm, unsigned long addr, void *buf, int len, unsigned int gup_flags); struct task_struct *(*orig_find_task_by_vpid)(pid_t nr); void (*orig_open_softirq)(int nr, void (*action)(struct softirq_action *)); void (*orig_raise_softirq)(unsigned int nr); /** * @brief diag_kallsyms_lookup_name init * * @return int */ static int fn_kallsyms_lookup_name_init(void) { register_kprobe(&kprobe_kallsyms_lookup_name); diag_kallsyms_lookup_name = (void *)kprobe_kallsyms_lookup_name.addr; unregister_kprobe(&kprobe_kallsyms_lookup_name); printk(KERN_INFO "diag_kallsyms_lookup_name is %p\n", diag_kallsyms_lookup_name); if (!diag_kallsyms_lookup_name) { return -EINVAL; } return 0; } /** * @brief get all orig_fun * * @return int 0 is success */ int init_orig_fun(void) { int ret = fn_kallsyms_lookup_name_init(); // init kallsyms_lookup_name if (ret) { printk(KERN_INFO "init kallsyms_lookup_name failed\n"); return ret; } LOOKUP_SYMS(stack_trace_save_tsk); // stack_trace_save_tsk LOOKUP_SYMS(show_stack); // show_stack LOOKUP_SYMS(idle_sched_class); // idle_sched_class LOOKUP_SYMS(access_remote_vm); // access_remote_vm LOOKUP_SYMS_NORET( get_task_type); // get_task_type | this fun is not available on 5.17.15 LOOKUP_SYMS_NORET(kernfs_name); // kernfs_name LOOKUP_SYMS_NORET(find_task_by_vpid); LOOKUP_SYMS_NORET(open_softirq); LOOKUP_SYMS_NORET(raise_softirq); return 0; }