0

I am trying to debug MMAP with kprobe but I dont know how to set break points inside MMAP. In my lib/modules there I searched but could not find that resembles mmap containing module. how can I debug mmap with kprobe so I need object file of the routine.

I just need to set breakpoints at different locations. So I could use radare2 for this to view the assembly and check the memory locations which I will specify in KProbe module that will be injected in MMAP function in the routine containing MMAP function, for debugging it.

user786
  • 3,902
  • 4
  • 40
  • 72
  • 1
    I'm not sure if it helps you, but you can set a `struct kprobe`'s `symbol_name` and `offset` fields instead of passing an address. You'd still need to ensure that the offset is sane (i.e. not halfway through an instruction). If you're looking for the code, it's largely in `mm/mmap.c`, and not in any module. – Hasturkun Jan 12 '21 at 15:25
  • @Hasturkun please answer do you mean `symbol_name something like mmap` and use sane `offsets` to move further into mmap function memory start location. So in turn I will be setting break points into mmap function using kprobe. and for knowing which mmap instruction starts and end at which memory offset inside mmap function memory space I have to check mm/mmap? is this what u are saying – user786 Jan 13 '21 at 12:43
  • Yes, that sounds about right. – Hasturkun Jan 13 '21 at 14:10
  • @Hasturkun I like to ask can I access network device driver buffer in userspace using ioctl and having packets directly in userspace from device driver buffer using `ioctl`. I asked this question https://stackoverflow.com/questions/65704003/making-kernel-module-and-registering-it-as-pci-device-driver-and-network-device – user786 Jan 13 '21 at 14:37
  • You need cooperation from the network driver. As suggested there, take a look at DPDK, or alternately libpcap/tcpdump, depending on what you need (active participant vs passive observer). – Hasturkun Jan 14 '21 at 08:07

0 Answers0