Hi Abel,
1. John Levon already told you that if the syscalls sleep and your module
is unloaded then they will return nowhere. Just put MOD_INC_USE_COUNT and
MOD_DEC_USE_COUNT in my_kill/my_exit/my_execve as he suggested.
2. your module won't work on mips architecture but you probably know this
(or don't care)
3. getname allocates a "name object" from names_cachep SLAB cache and
copies a filename from userspace into it. putname frees this object
4. just trapping when processes do exit(2) system call may not be enough
-- depends on what you want to achieve. For example, a process may be
"forced to exit" if he/she invokes a bdflush(2) system call, see
sys_bdflush() in fs/buffer.c. So you may need a hook in do_exit() (see
kernel/exit.c).
Regards,
Tigran
On Wed, 4
Oct 2000, Abel Muñoz Alcaraz wrote:
> I need that somebody says to my module when a user application has started
> or finished, and what is its name and pid.
>
> I have rewritten my function and it seems that it works well.
>
> Remember; it is only an example:
> =========================================================================
>
> extern void *sys_call_table[];
>
> asmlinkage int (*system_execve)(struct pt_regs);
> asmlinkage int (*system_kill)(pid_t, int);
> asmlinkage void (*system_exit)(int);
>
> asmlinkage int my_kill(pid_t pid, int sign)
> {
> printk("\nPROCMON: Killing process %d.\n", pid);
>
> return system_kill(pid, sign);
> }
>
> asmlinkage void my_exit(int status)
> {
> printk("\nPROCMON: Exiting process %d.\n", current->pid);
>
> return system_exit(status);
> }
>
> asmlinkage int my_execve(struct pt_regs regs)
> {
> int error;
> char * filename;
>
> lock_kernel();
>
> filename = getname((char *) regs.ebx); //What does getname() do?
> error = PTR_ERR(filename);
> if (IS_ERR(filename))
> {
> unlock_kernel();
>
> return error;
> }
>
> error = do_execve(filename, (char **) regs.ecx, (char **) regs.edx, ®s);
> if (error == 0)
> {
> current->flags &= ~PF_DTRACE; // ?????
>
> printk("\nPROCMON: Executing process (%d) %s\n", current->pid,
>filename);
> }
>
> putname(filename); //What does putname() do?
>
> unlock_kernel();
>
> return error;
> }
>
> int init_module()
> {
> system_execve = sys_call_table[__NR_execve];
> system_kill = sys_call_table[__NR_kill];
> system_exit = sys_call_table[__NR_exit];
>
> sys_call_table[__NR_execve] = my_execve;
> sys_call_table[__NR_kill] = my_kill;
> sys_call_table[__NR_exit] = my_exit;
>
> return 0;
> }
>
> void cleanup_module()
> {
> if (sys_call_table[__NR_execve] != my_execve)
> {
> printk(KERN_INFO "\nThe system has been left in a unpredictable
> state.\nPlease, reboot it.\n");
> }
>
> sys_call_table[__NR_exit] = system_exit;
> sys_call_table[__NR_kill] = system_kill;
> sys_call_table[__NR_execve] = system_execve;
> }
>
> If you know a better way, please say me.
>
> -Abel.
>
> -----Original Message-----
> From: John Levon [mailto:[EMAIL PROTECTED]]
> Sent: miércoles, 04 de octubre de 2000 16:21
> To: Abel Muñoz Alcaraz
> Subject: RE: execve replacement.
>
>
> On Wed, 4 Oct 2000, [iso-8859-1] Abel Muñoz Alcaraz wrote:
>
> > I need to create a processes hook.
> > Do you know an other way?
> >
> > -Abel.
>
> what do you mean by a hook ? what exact info do you need and when ? than
>
> john
>
> --
> "The Internet is a shallow and unreliable electronic repository of dirty
> pictures, inaccurate rumors,
> bad spelling and worse grammar, inhabited largely by people with no
> demonstrable social skills."
> - Chronicle of Higher Education
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [EMAIL PROTECTED]
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
