2

I am trying to use kprobes on Raspberry pi and and trying to store get the file struct from in the post handler of k_probe using the register struct pt_regs. I can't seem to figure out what register to fetch it from. In x86 it's ax so using below works.

struct file *file = (struct file *)regs->ax;

Please help me out.

peterbrown
  • 23
  • 5
  • What Raspberry PI version are you using? Could you share the output of `uname -a`? – pchaigno Mar 12 '22 at 14:04
  • output of uname -a: `Linux raspberrypi 5.10.17-v7l+ #1403 SMP Mon Feb 22 11:33:35 GMT 2021 armv7l GNU/Linux` its a raspberry pi 4 – peterbrown Mar 13 '22 at 21:27
  • Could you try `regs->uregs[0]` and, if that doesn't work, `ctx->regs[0]`? I'd expect it to be the first since you're on arm (vs. aarch64). – pchaigno Mar 14 '22 at 09:55
  • I used the first and I get this error: `/tmp/ccQD2dnt.s: Assembler messages:` `/tmp/ccQD2dnt.s:43: Error: selected processor does not support requested special purpose register -- mrs r4,cntvct_el0'` `/tmp/ccQD2dnt.s:394: Error: selected processor does not support requested special purpose register -- mrs r0,cntvct_el0'` – peterbrown Mar 14 '22 at 18:42
  • Did you try the second? – pchaigno Mar 15 '22 at 11:43
  • @pchaigno yes I did. It says no member named ctx. – peterbrown Mar 16 '22 at 03:26
  • Oh, sorry. I meant `regs->regs[0]` since you named your context argument `regs`. – pchaigno Mar 16 '22 at 09:13
  • This is the error when I used regs->regs[0] : `‘struct pt_regs’ has no member named ‘regs’; did you mean ‘uregs’?` It gives me an assembler error when I use regs->uregs[0] as mentioned above. – peterbrown Mar 16 '22 at 20:01
  • @pchaigno Any Leads? – peterbrown Mar 19 '22 at 06:23

0 Answers0