Re: Re: kprobes & task_struct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Mulyadi

the problem with the freezed kernel is solved in kernel 2.6.15.
at home i have a bookmark, someone fix it in release candidate.

my kprobe runs fine, the parent is in the log and the command (uid too).

i hope i found time to wrote some code... but my free time is limited :-(
(evening school.. business economist)

relayfs... is it in the kernel or a patch ? 

my idea with the proc, has the proc system a ring-buffer ?

if nobody read from proc, the module can overwrite the old data...

Frank


mulyadi.santosa@xxxxxxxxx schrieb am 01.01.06 09:22:23:
> 
> Hi Frank...
> 
> > bash-> do_fork-> bash(available the environment for ls) -> execve ->
> > ls
> >
> > #strace -aef ls
> > execve("/bin/ls", ["ls"], [/* 22 vars */]) = 0
> >
> > I set the Return Probes  with do_execve as trigger
> >
> > Dec 31 22:39:11 fedorasys kernel: fc_pid = 3151 fc_command = rmmod 
> > parent_pid = 3040  parent_command = bash Dec 31 22:39:11 fedorasys
> > kernel:
> 
> 
> Ahh...:) Maybe something during do_fork() hasn't set the 
> task_struct->comm properly according the new ELF binary loaded.
> 
> But anyway, as you know, putting kprobe's hook on do_execve only catch 
> new binary invocation, is it really what you want? Previously I thought 
> you wanted to catch general fork scenario...CMIIW
> 
> Maybe what you need is putting the probe into multiple place e.g 
> sys_fork and sys_execve and so on.
> 
> > Now i search a way to export the data into the user pace. over the
> > standard syslog it goes account of system performance.
> > My module runs under 2.6.15-rc7 in older kernel versions my module
> > freeze the system
> 
> Try relayfs? Anyway, you said "freeze", during which event?
> 
> regards
> 
> Mulyadi
> 
> 
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 


______________________________________________________________________
XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!		
Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux