[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: life span of file descriptors?

To: Torsten Fink <tnfink@inf.fu-berlin.de>
Subject: Re: life span of file descriptors?
From: Erik Mouw <J.A.K.Mouw@ITS.TUDelft.NL>
Date: Sat, 5 May 2001 14:15:18 +0200
Cc: kernelnewbies@nl.linux.org
In-Reply-To: <3AF3E471.F81A3C7E@inf.fu-berlin.de>; from tnfink@inf.fu-berlin.de on Sat, May 05, 2001 at 01:30:57PM +0200
Organization: Eric Conspiracy Secret Labs
References: <3AF3E471.F81A3C7E@inf.fu-berlin.de>
Sender: owner-kernelnewbies@nl.linux.org
User-Agent: Mutt/1.2.5i

On Sat, May 05, 2001 at 01:30:57PM +0200, Torsten Fink wrote:
> to learn a little bit about system calls I tried to hack some
> kind of monitoring system. Each system call of a user should
> be logged in some log file.
> 
> I added a system call to activate monitoring of a specific user.
> In the correspending service routine I opened a file (mode
> O_CREAT | O_APPEND) and store the file descriptor in some table.
> 
> Now, every time a system call is executed a log message is
> appended to this file. To do this I hacked the 
>  execute_syscall()
> function.

Not that I would like to discourage your investigations, but there
already is such a monitoring system that works in the same way as you
just described:

  erik@arthur:~ >strace -o /tmp/ls.out ls /tmp
  ide-smart-1.3  mutt-arthur-6288-86  orbit-erik ssh-GYIw3546

  erik@arthur:~ >head /tmp/ls.out
  execve("/bin/ls", ["ls", "/tmp"], [/* 41 vars */]) = 0
  brk(0)                                  = 0x8052d88
  open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
  open("/etc/ld.so.cache", O_RDONLY)      = 4
  fstat(4, {st_mode=S_IFREG|0644, st_size=22350, ...}) = 0
  old_mmap(NULL, 22350, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40014000
  close(4)                                = 0
  open("/lib/libc.so.6", O_RDONLY)        = 4
  fstat(4, {st_mode=S_IFREG|0755, st_size=887712, ...}) = 0
  read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\244\213"..., 4096) = 4096

See strace and ptrace manpages.

> This works now fine for the first time a system call is executed.
> But after the 2nd time the stored file descriptor seems
> to be invalid. A write request (with sys_write()) always returns 
> the errorcode -9 (i.e. EBADF).

[snip]

> So the question is: Why can't I write more than once to the
> same file descriptor in the kernel from different system calls?

Are you sure you are still tracing the same process? A file descriptor
is only valid within the context of a single process.


Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/
-
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/
IRC Channel:   irc.openprojects.net / #kernelnewbies
Web Page:      http://www.kernelnewbies.org/

Follow-Ups:
- Solved: life span of file descriptors?
  - From: Torsten Fink <tnfink@inf.fu-berlin.de>

References:
- life span of file descriptors?
  - From: Torsten Fink <tnfink@inf.fu-berlin.de>
- life span of file descriptors?
  - From: Torsten Fink <tnfink@inf.fu-berlin.de>

Prev by Date: life span of file descriptors?
Next by Date: Solved: life span of file descriptors?
Prev by thread: life span of file descriptors?
Next by thread: Solved: life span of file descriptors?
Index(es):
- Date
- Thread