Re: kprobes & task_struct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Mulyadi

i have solved the it !

a shell command like ls 

bash-> do_fork-> bash(available the environment for ls) -> execve -> ls

#strace -aef ls
execve("/bin/ls", ["ls"], [/* 22 vars */]) = 0

I set the Return Probes  with do_execve as trigger 

Dec 31 22:39:11 fedorasys kernel: fc_pid = 3151 fc_command = rmmod  parent_pid = 3040  parent_command = bash
Dec 31 22:39:11 fedorasys kernel: ----------------------------------------------------------------------------------

now i search a way to export the data into the user pace. over the standard syslog it goes account of system performance

my module runs under 2.6.15-rc7 in older kernel versions my module freeze the system

Greetings 

Frank



mulyadi.santosa@xxxxxxxxx schrieb am 30.12.05 05:53:25:
> 
> Hi Frank....
> 
> > in the appended code you see that i get the information from (child)
> > task->comm
> >
> > where is the right command saved ?
> 
> I never tried it by myself, but looking at the kernel source, especially 
> fs/proc/base.c (btw, i am checking it on 2.4.20), you can see that 
> /proc/<pid>/cmdline is retrieved by using proc_pid_cmdline() function. 
> Seems like it is accessing the target process' stack to get the 
> executable name along with the parameter....
> 
> Another possibility is using task_name() (declared in fs/proc/array.c), 
> this function is used when you "cat" on /proc/<pid>/status (on "Name" 
> part)
> 
>  I don't know if it really differs from simply using 
> printk("%s\n",task->comm) but it worth to check IMHO.
> 
> >         if ((ret = register_kretprobe(&my_kretprobe)) < 0) {
> >                 printk("register_kretprobe failed, returned %d\n",
> > ret); return -1;
> 
> Just for confirmation, does that mean you're planting the kprobe's hook 
> on the return (ret) of do_fork() ? If yes, I think you already do the 
> whole correctly, just a matter of interpreting task->comm only
> 
> regards
> 
> Mulyadi
> 
> 
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 


__________________________________________________________________
Nur bis 31.12.: 1&1 DSL mit WEB.DE Preisvorteil! Jetzt einsteigen 
und die Vorteile sichern! http://1und1dsl.web.de/?mc=021130


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux