(ftrace_hook) Removed kallsyms_lookup_name

[zTehRyaN]

kallsyms_lookup_name is no more exported since Linux kernel v5.7. Here I make use of kprobes to gain the exact same functionality, without the need of patching the kernel. Indeed, from kernels v5.7 on, I would need to explicitely patch kernel/kallsyms.c with an EXPORT_SYMBOL_GPL().

It is only required the CONFIG_KPROBES=y flag inside the kernel configs. But we have it by default inside Ubuntu 20.04 LTS.

[ilammy]

Heh, nice hack ;) Well, it's only a matter of time when kprobes will be limited as well.

For reference, here's the patch set which removed kallsyms_lookup_name() and friends: https://lore.kernel.org/lkml/20200221114404.14641-1-will@kernel.org/ It has an express goal of making it harder for out-of-tree modules to circumvent export restrictions.

Given that the whole repo is more of an example, I'd like to preserve the historical approach with kallsyms_lookup_name(), indicating that this was the way before 5.7, and since then things need to be done differently.

#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,7,0)
static unsigned long lookup_name(const char *name)
{
    struct kprobe kp = {
        .symbol_name = name
    };
    unsigned long retval;

    if (register_kprobe(&kp) < 0) return 0;
    retval = (unsigned long) kp.addr;
    unregister_kprobe(&kp);
    return retval;
}
#else
static unsigned long lookup_name(const char *name)
{
    return kallsyms_lookup_name(name);
}
#endif

[zTehRyaN]

Yay! I like it! Indeed, I found very interesting the way in which you handled the whole LKM.