Personally, to learn any specific topic, sometimes I lookup patches, for example this one: http://groups.google.com/group/linux.kernel/browse_thread/thread/1a34eb77be08def2?hl=en The above patches is attempting to add system call notification - through self-ptracing. Several key files are involved in the ptrace mechanism: include/linux/ptrace.h kernel/ptrace.c arch/x86/kernel/ptrace.c include/asm-x86/ptrace-abi.h include/asm-x86/ptrace.h and patches normally allow you to focus exactly on the pertaining functions inside the file affected. and check this out: for some side-reading....on ptrace..... http://www.kernel.org/doc/ols/2007/ols2007v1-pages-215-224.pdf http://www.scs.cs.nyu.edu/aos/notes/l24.pdf http://people.redhat.com/roland/utrace/lpc-slides.pdf and read this: http://lwn.net/Articles/291091/ where it mentioned that utrace is going to replace ptrace...the start of patch is here: http://lkml.org/lkml/2008/8/26/340 (later Roland attempt to coexists the two). Hm....Linux Kernel is fun.....full of innovation. On Tue, Nov 4, 2008 at 1:51 AM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote: > Hi... > > On Mon, Nov 3, 2008 at 11:24 PM, Steven Zhou <lullaby2005@xxxxxxxxx> wrote: >> Dear all, >> >> Recently, I studied the process structure "task_struct", and there's a >> member "ptrace" confused me. >> I have studied how to use ptrace system call first, and I have done. >> >> But I'm also confused with the principle of system call sys_ptrace() >> implementation. I tried google it, >> but I'm not satisfied with the result. A good article "playing with ptrace" >> is fit for using ptrace, but it does >> not explain how the ptrace() was implemented by kernel. >> >> Is there any one have the article about the implementation of ptrace()? >> Can you share it ? > > I think better to grab book like Understanding the Linux kernel 3rd > edition...because ptrace implementation covers signals handling, > return from syscall, sometimes single stepping and so on. > > But in essence, there aren several modes of ptracing: > 1. single stepping. this is done by enabling debug flag (if I remember > correctly) or replacing next instruction with INT 0x3h > > 2. trapping syscall. this is done by setting a flag so that everytime > there is a transition into kernel space(by calling syscall) or > returning from syscall (ret_from_syscall...see entry.S), a > notification is sent to ptracer. This also mean rescheduling is > done...mean while the traced process is temporarily "halted" so its > state can be analyzed by the tracer. > > regards, > > Mulyadi. > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
