I tried to use ftrace to hook kernel functions in arm64 kernel, but failed. Some important parts of my code are as follows:
static void notrace ftrace_hook_handler(size_t ip, size_t parent_ip, struct ftrace_ops *ops, struct ftrace_regs *fregs)
{
pr_info("ftrace hooking");
return;
}
int my_ftrace_hook {
struct ftrace_ops fops;
fops.func = ftrace_hook_handler;
fops.flags = FTRACE_OPS_FL_SAVE_REGS_IF_SUPPORTED;
pr_info("symbol: %s, addr: %px\n", "security_path_unlink", addr_security_path_unlink);
err = ftrace_set_filter_ip(&fops, addr_security_path_unlink, 0, 0);
if (err)
{
pr_err("ftrace_set_filter_ip() failed: %d\n", err);
return err;
}
}
but got an error:
# dmesg
[ 945.791221] ftrace_module: loading out-of-tree module taints kernel.
[ 945.791464] ftrace_module: module verification failed: signature and/or required key missing - tainting kernel
[ 945.820649] [ftrace_module] symbol: security_path_unlink, addr: ffffa13fc4fafd10
[ 945.820663] [my_ftrace_hook] ftrace_set_filter_ip() failed: -22
system information is:
# uname -a
Linux ubuntu2204 5.15.0-43-generic #46-Ubuntu SMP Wed Jul 13 06:42:04 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
How can I fix this? Is there an open source project to reference? Any help will be appreciated.
In arm64, use ftrace, before calling function: ftrace_set_filter_ip
Below is sample code:
faddr = ftrace_location_range(hookaddr, hookaddr + AARCH64_INSN_SIZE);
ret = ftrace_set_filter_ip(hook->fops, faddr, 1, 0);