trace open syscall
trace open syscall
$ git diff fs/open.c
diff --git a/source/fs/open.c b/source/fs/open.c
index 65fc76706..128426bfc 100644
--- a/source/fs/open.c
+++ b/source/fs/open.c
@@ -1084,6 +1084,9 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
int fd = build_open_flags(flags, mode, &op);
struct filename *tmp;
+ printk("~~~ %s() cmd:%s, pid:%d, file:%s\n", __func__, \
+ current->comm, current->pid, getname(filename)->name);
+
if (fd)
return fd;
wyk@ubuntu:~/linux-4.14/$
remove file:
git diff fs/namei.c
diff --git a/source/fs/namei.c b/source/fs/namei.c
index 9525c74bf..aeeb07ec0 100644
--- a/source/fs/namei.c
+++ b/source/fs/namei.c
@@ -4113,6 +4113,10 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
unsigned int lookup_flags = 0;
+
+ printk("~~~ %s() cmd:%s, pid:%d, file:%s\n", __func__, \
+ current->comm, current->pid, getname(pathname)->name);
+
retry:
name = filename_parentat(dfd, getname(pathname), lookup_flags,
&path, &last, &type);
wyk@ubuntu:~/linux-4.14/$
trace exec
wyk@ubuntu:~/linux-5.4/$
static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr argv,
struct user_arg_ptr envp,
int flags)
{
int ret;
int i = 0;
char name[128] = {0};
char ag[9][128] = {{0}};
snprintf(name, sizeof(name), "%s", filename->name);
if (argv.ptr.native != NULL) {
for (;;) {
const char __user *p = get_user_arg_ptr(argv, i);
if (!p)
break;
if (IS_ERR(p))
break ;
if (i >= MAX_ARG_STRINGS)
break ;
if (i < 9)
snprintf(&ag[i][0], sizeof(ag[0]), "%s", p);
++i;
}
}
ret = __do_execve_file(fd, filename, argv, envp, flags, NULL);
#if 0
printk("~~~ %s() pid:%d filename:%s, arg %d:%s %s %s %s %s %s %s %s %s, parent:%d %s\n",
__func__, current->pid, name,
i, ag[0], ag[1], ag[2], ag[3], ag[4], ag[5], ag[6], ag[7], ag[8],
current->parent->pid, current->parent->comm);
#endif
return ret;
}
trace exit
wyk@ubuntu:~/linux-5.4/$
diff --git a/kernel/exit.c b/kernel/exit.c
old mode 100644
new mode 100755
index ece64771a..4eab8459e
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -858,7 +858,11 @@ void __noreturn do_exit(long code)
__this_cpu_add(dirty_throttle_leaks, tsk->nr_dirtied);
exit_rcu();
exit_tasks_rcu_finish();
-
+#if 0
+ printk("~~ %s() pid:%d comm:%s, code:%d, parent:%d %s", __func__,
+ current->pid, current->comm, code,
+ current->parent->pid, current->parent->comm);
+#endif
lockdep_free_task(tsk);
do_task_dead();
}
trace insmod
diff --git a/kernel/module.c b/kernel/module.c
old mode 100644
new mode 100644
index xx..xx
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3818,6 +3818,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
struct module *mod;
long err = 0;
char *after_dashes;
+ /* struct task_struct *task; */
+ int ret;
err = elf_header_check(info);
if (err)
@@ -3826,7 +3828,11 @@ static int load_module(struct load_info *info, const char __user *uargs,
err = setup_load_info(info, flags);
if (err)
goto free_copy;
-
+#if 0
+ printk("~~ %s() info_name:%s pid:%d comm:%s, parent:%d %s", __func__,
+ info->name, current->pid, current->comm,
+ current->parent->pid, current->parent->comm);
+#endif
if (blacklisted(info->name)) {
err = -EPERM;
goto free_copy;
@@ -3960,7 +3966,25 @@ static int load_module(struct load_info *info, const char __user *uargs,
/* Done! */
trace_module_load(mod);
- return do_init_module(mod);
+ ret = do_init_module(mod);
+#if 0
+ printk("~~ %s() mod_name:%s ret:%d pid:%d comm:%s, parent:%d %s", __func__,
+ mod->name, ret, current->pid, current->comm,
+ current->parent->pid, current->parent->comm);
+#endif
+/*
+ task = current->parent;
+ while (task != NULL) {
+ printk("< %d:%s ", task->pid, task->comm);
+ if (task->pid == 0 || task->pid == 1)
+ break ;
+
+ task = task->parent;
+ }
+ printk("\n");
+*/
+
+ return ret;
sysfs_cleanup:
mod_sysfs_teardown(mod);
wyk@ubuntu:~/linux-5.4/$
浙公网安备 33010602011771号