[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: kprobes & task_struct

To: kernelnewbies@xxxxxxxxxxxx
Subject: Re: Re: kprobes & task_struct
From: Frank Beckmann <rootman@xxxxxx>
Date: Mon, 09 Jan 2006 08:27:59 +0100
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Organization: http://freemail.web.de/
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

Hi Mulyadi

the problem with the freezed kernel is solved in kernel 2.6.15.
at home i have a bookmark, someone fix it in release candidate.

my kprobe runs fine, the parent is in the log and the command (uid too).

i hope i found time to wrote some code... but my free time is limited :-(
(evening school.. business economist)

relayfs... is it in the kernel or a patch ? 

my idea with the proc, has the proc system a ring-buffer ?

if nobody read from proc, the module can overwrite the old data...

Frank


mulyadi.santosa@xxxxxxxxx schrieb am 01.01.06 09:22:23:
> 
> Hi Frank...
> 
> > bash-> do_fork-> bash(available the environment for ls) -> execve ->
> > ls
> >
> > #strace -aef ls
> > execve("/bin/ls", ["ls"], [/* 22 vars */]) = 0
> >
> > I set the Return Probes  with do_execve as trigger
> >
> > Dec 31 22:39:11 fedorasys kernel: fc_pid = 3151 fc_command = rmmod 
> > parent_pid = 3040  parent_command = bash Dec 31 22:39:11 fedorasys
> > kernel:
> 
> 
> Ahh...:) Maybe something during do_fork() hasn't set the 
> task_struct->comm properly according the new ELF binary loaded.
> 
> But anyway, as you know, putting kprobe's hook on do_execve only catch 
> new binary invocation, is it really what you want? Previously I thought 
> you wanted to catch general fork scenario...CMIIW
> 
> Maybe what you need is putting the probe into multiple place e.g 
> sys_fork and sys_execve and so on.
> 
> > Now i search a way to export the data into the user pace. over the
> > standard syslog it goes account of system performance.
> > My module runs under 2.6.15-rc7 in older kernel versions my module
> > freeze the system
> 
> Try relayfs? Anyway, you said "freeze", during which event?
> 
> regards
> 
> Mulyadi
> 
> 
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 


______________________________________________________________________
XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!		
Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

Prev by Date: Devices, IRQs and handlers
Next by Date: Re: Devices, IRQs and handlers
Previous by thread: Re: Re: kprobes & task_struct
Next by thread: USB device query
Index(es):
- Date
- Thread