stackoom
  简体   繁体   中英

Storing Per-Process Data in Kernel Module / Passing Data Between sys_enter and sys_exit Probe

 原文  2023-01-27 01:28:30       linux-kernel/ kernel-module

Question

Familiarity with how Linux Kernel Tracepoints work is not necessarily required to help with this question, it is just what is motivating this problem. In essence, I am looking for a way to store per-process data for a kernel module, without modifying the Linux source (eg struct task_struct ), and ideally without using locks. Here is my specific question:

I have a kernel module that hooks into the sys_enter (defined here for x86_64 , aarch64 ) and sys_exit ( x86_64 , aarch64 ) tracepoints. For each system call issued, I need to pass some data between the enter probe and the exit probe.

Some things I have considered: I could...

  • ...use one global variable -- but that will be shared between concurrently executing system calls on different CPUs, creating a race.
  • ...use one global map from PID (of the process issuing the system call) to my data, together with locks -- but that will unnecessarily require synchronization between all CPUs on each system call . I would like to avoid this, since the data is "local" to each issued system call, so I feel like there should be a way to keep it local and not add costly synchronization.
  • ...use a per-CPU global variable -- but (it is my understanding that) a process may move to another CPU during the system call execution, making this approach incorrect.
  • ... kmalloc ing some memory for my custom data upon each system call entry, then pass the address to that memory by clobbering one of the registers in struct pt_regs (both the entry and exit probe receive a pointer to said struct) -- but then I will have a memory leak for system calls that do not trigger the exit probe (such as sys_exit , which never returns).

I am open to any suggestions how these ideas could be refined to address the problems I listed, or any completely different ideas that I am not thinking of.

1 answers

solution1
 1  2023-01-29 08:48:57

I'd use an RCU enabled hashtable, for safety.

The first option isn't actually doable, as you stated.

The third one requires you to track which process is using which CPU, which seems unnecessary.

The leaking problem of the fourth option can probably be solved somehow, but allocating memory on each system call can introduce a serious delay. Of course that accessing the hashtable will also slow down the system, but It won't trigger a memory allocation for each system call, so I assume it'll be less harmful.

Also, I may be wrong here, but if you assume that only process creation/destruction will introduce changes to table itself (not to the data within each entry, but the location and hash value of each row) than maybe you won't even have to synchronize on each system call, but only on ones that will cause process creation/destruction.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Does closing, say, vim, trigger sys_exit? In a Linux system call, are system call parameters preserved in registers after the syscall finished (at the sys_exit tracepoint)? sys v shared memory from kernel module to user space process Obtaining the per-process CPU-time clock of another process in Linux kernel kernel module parameters changes (using /sys/module) How to make a process unable to exit by hook sys_exit_group and sys_kill Kernel module interacting with sys_call linux-kernel {{ adding sys-calls : testing from user space : data/printk issue }} How to choose between “sys' and ”proc" files in linux kernel Replacement for sys/socket.h in linux kernel module?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM