Re: stack unwinding in linux 2.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 02, 2005 at 16:56:11 +0530, Saumender Dash wrote:
> I'm writing a KLM where I want to detect from where a system call is 
> invoked and report the  program  counter(PC). So I want to unwind the user 
> stack from the kernel, and go above the libc and find the PC, if it  lies 
> in a program text.

Well, you can freely access the userland memory (ok, you have to use
copy_from_user and such to handle page faults for you) and you have the
stack pointer available in the task struct, which you obtain from
current. The rest is making sense out of that stack.

That being said, I don't really think you should do this from kernel.

For programs that don't use libc (they DON'T have to), you can't really
tell which stack frame to report. And for those that do, you can simply
preload, via LD_PRELOAD, a library that will wrap the syscalls in some
reporting mechanism -- which will have a lot easier work, because it
will simply log it's return address. Simply create a library, that will
provide the syscalls. For the simple syscalls, you will then have to
invoke them manually via the __syscallN thing, for the more complex
ones, libc does provide them under alternate names to call to.

Or you could use yet another way - inspect the process using ptrace from
another process. That will give you the same possibilities that you
would have from kernel, but you will have all the good userland stuff
available.

-- 
						 Jan 'Bulb' Hudec <bulb@xxxxxx>

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux