On 5/12/06, Arun Srinivasan <arunlkml@xxxxxxxxx> wrote:
On 5/11/06, Dang <linuxdang@xxxxxxxxx> wrote: > Hi, > I have an requirement of logging program's name with time stamp on > its exit. My preference would be to trap in kernel. Can't change > source code, I have to achieve it using modules. > -- > Regards, > Dang A newbie's suggestion, so please correct me. You can identify the process whos exit time you want to log, by passing the pid of the process to your kernel module. WIth pid you can obtain the task_struct of your process by find_task_by_pid(pid).
[Dang] First point is how to get which pid has terminated. For doing all this in user space we need to kind of keep track of what pids are currently in running state and poll for them at regular intervals.
1. do_exit() sets the PF_EXITING flag of a process in task_struct->flags, marking it as an exiting process. So, in case you have the liberty to change kernel source, you can change do_exit() to signal a wait_queue(on which your module is waiting) to denote the exit of the process .
[Dang] Don't have the liberty to change the kernel source code.
(else) 2. you can poll by reading if PF_EXITING is set in task_struct->flags field.
[Dang] This may or may not work and this is not very efficient. We need to poll at regular intervals and traverse the whole task_struct list. More over there can be cases in which a task_struct gets freed before our next poll interval and we miss those pids.
Will any of these work in your case. Please let me know.
[Dang] To me BSD accounting seems to be the best way.
rgds Arun -- "There are 10 people in the world - those who understand binary and those who dont !"
Hi Arun, Thanks a lot for your response. My response are inline with a tag [Dang] -- Regards, Dang -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
