Where in the linux kernel does "mmap" looks at the file inode to see if it's already loaded?

Question

I want to kprobe the function that maps new files onto the memory, but i'm having difficulty finding the function that checks if the file descriptor is already loaded.

I tried hooking the mmap syscall but that's not really helping because I get already mapped files like libc.so.

I can't seem to figure out if it's filesystem related or memory related, I looked in both places and can't find where it happens.

score 0 · Answer 1 · answered Aug 11 '19 at 00:08

The inode is a kernel-private object. The kernel does not use libc.so. User level programs (which may use libc.so) cannot directly reference inodes; instead they have a process local identifier (a file descriptor) which the kernel knows how to translate to the appropriate structure.

So, you are looking in the wrong place.

Where in the linux kernel does "mmap" looks at the file inode to see if it's already loaded?

1 Answers1