I am testing FTRACE in Linux VM (ubuntu 24.04) the kernel is Linux VirtualBox 6.11.0-26-generic.
I wrote a kernel module to register a hook (probe) to kernel tracepoint of signal_generate, here is the code.
include <linux/module.h> #include <linux/kernel.h> #include <trace/events/signal.h> static void trace_signal_generate_handler(void *ignore, int sig, struct kernel_siginfo *info, struct task_struct *task, int type, int result) { printk("Signal %d generated for task %s (PID=%d), type=%d\n", sig, task->comm, task->pid, type); } static int __init my_module_init(void) { int ret; ret = register_trace_signal_generate(trace_signal_generate_handler, NULL); if (ret) { pr_err("Failed to register tracepoint: %d\n", ret); return ret; } return 0; } static void __exit my_module_exit(void) { unregister_trace_signal_generate(trace_signal_generate_handler, NULL); tracepoint_synchronize_unregister(); } module_init(my_module_init); module_exit(my_module_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("wangt13"); MODULE_DESCRIPTION("Signal Generate Tracepoint Hook Example"); When I compiled this module, I hit following error.
make[1]: Entering directory '/usr/src/linux-headers-6.11.0-26-generic' warning: the compiler differs from the one used to build the kernel The kernel was built by: x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0 You are using: gcc-13 (Ubuntu 13.2.0-23ubuntu4) 13.2.0 MODPOST /home/wangt/develop/kermod/Module.symvers ERROR: modpost: "__tracepoint_signal_generate" [/home/wangt/develop/kermod/tracep_reg.ko] undefined! make[3]: *** [scripts/Makefile.modpost:145: /home/wangt/develop/kermod/Module.symvers] Error 1 make[2]: *** [/usr/src/linux-headers-6.11.0-26-generic/Makefile:1879: modpost] Error 2 make[1]: *** [Makefile:224: __sub-make] Error 2 I checked the /usr/src/linux-headers-6.11.0-26-generic/include/trace/events/signal.h, and found it is defined there.
36 /** 37 * signal_generate - called when a signal is generated 38 * @sig: signal number 39 * @info: pointer to struct siginfo 40 * @task: pointer to struct task_struct 41 * @group: shared or private 42 * @result: TRACE_SIGNAL_* 43 * 44 * Current process sends a 'sig' signal to 'task' process with 45 * 'info' siginfo. If 'info' is SEND_SIG_NOINFO or SEND_SIG_PRIV, 46 * 'info' is not a pointer and you can't access its field. Instead, 47 * SEND_SIG_NOINFO means that si_code is SI_USER, and SEND_SIG_PRIV 48 * means that si_code is SI_KERNEL. 49 */ 50 TRACE_EVENT(signal_generate, 51 52 TP_PROTO(int sig, struct kernel_siginfo *info, struct task_struct *task, 53 int group, int result), 54 55 TP_ARGS(sig, info, task, group, result), 56 57 TP_STRUCT__entry( 58 __field( int, sig ) 59 __field( int, errno ) 60 __field( int, code ) 61 __array( char, comm, TASK_COMM_LEN ) 62 __field( pid_t, pid ) 63 __field( int, group ) 64 __field( int, result ) 65 ), ....... I don't know why there was the error in module compiling.
I tried to hook another kernel tracepoint of kmalloc as follows,
ret = register_trace_kmalloc(probe_kmalloc, NULL); and it was compiled and loaded without error.
So how to fix the error of hooking probe to tracepoint of signal_generate, and what is the right way to hook my probe to the tracepoint of signal_generate from within kernel module?
