[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: kprobes & task_struct

To: Frank Beckmann <rootman@xxxxxx>, kernelnewbies@xxxxxxxxxxxx
Subject: Re: Re: kprobes & task_struct
From: Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx>
Date: Sun, 1 Jan 2006 14:49:15 +0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=qgPlwQ66QUFRlvWIdVM/rYXuhUEPQAHzTbSQkkmC2EQDqpGBWfP67JMB49fvhYMdy5AXFvbBRX+7jDexfskjRkvegaEpmVPVcRJF0Vy1HUii5HMqkxC1s/17X2gVDYtoBBCazZTVZlU09g/d6VmSb4zXX/gcjrRbks37DhowOfc=
In-reply-to: <57012364@web.de>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <57012364@web.de>
Reply-to: mulyadi.santosa@xxxxxxxxx
Sender: kernelnewbies-bounce@xxxxxxxxxxxx
User-agent: KMail/1.5

Hi Frank...

> bash-> do_fork-> bash(available the environment for ls) -> execve ->
> ls
>
> #strace -aef ls
> execve("/bin/ls", ["ls"], [/* 22 vars */]) = 0
>
> I set the Return Probes  with do_execve as trigger
>
> Dec 31 22:39:11 fedorasys kernel: fc_pid = 3151 fc_command = rmmod 
> parent_pid = 3040  parent_command = bash Dec 31 22:39:11 fedorasys
> kernel:


Ahh...:) Maybe something during do_fork() hasn't set the 
task_struct->comm properly according the new ELF binary loaded.

But anyway, as you know, putting kprobe's hook on do_execve only catch 
new binary invocation, is it really what you want? Previously I thought 
you wanted to catch general fork scenario...CMIIW

Maybe what you need is putting the probe into multiple place e.g 
sys_fork and sys_execve and so on.

> Now i search a way to export the data into the user pace. over the
> standard syslog it goes account of system performance.
> My module runs under 2.6.15-rc7 in older kernel versions my module
> freeze the system

Try relayfs? Anyway, you said "freeze", during which event?

regards

Mulyadi


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

Prev by Date: Re: __bread freezes for physical device.
Next by Date: USB device query
Previous by thread: Re: __bread freezes for physical device.
Next by thread: Re: Re: kprobes & task_struct
Index(es):
- Date
- Thread