monitor of SEGFAULT processes

monitor of SEGFAULT processes

[Lev Olshvang]

Thank you Greg and others  advising on my first question.
 

I am writing monitor sybsytem, abd here the question :

Is it possible from kernel module or user space to monitor which processes were terminated
abnormally ?
I understand that trap gates are initialized to handle it , fill  trap_info, then sig_info and send signal to faulting process.
Is it correct to place a hook in these chain? probably in signal.c : next_signal()?
If so what is the proper method, ex  jprobe?

ThanX

monitor of SEGFAULT processes

[Frank Ch. Eigler]

levonshe wrote:

> [...]  Is it possible from kernel module or user space to monitor
> which processes were terminated abnormally ?  [...]

Depending on the version & configuration, there exist both kernel
tracepoints and kprobe/jprobe sites where the kernel side of these
events may be hooked.  You may be able to attach to each of those from
userspace via perf.

For comparison, systemtap chooses whatever facility is available in your
kernel, by internally mapping the abstract "signal.send" name into a
list of candidates.

# stap -e '
probe signal.send {
  if (sig_name == "SIGKILL")
    printf("%s was sent to %s (pid:%d) by %s uid:%d\n",
           sig_name, pid_name, sig_pid, execname(), uid())
}'


- FChE