lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 30 Apr 2021 16:22:22 +0200
From:   Peter Enderborg <peter.enderborg@...y.com>
To:     <linux-kernel@...r.kernel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "Eric W . Biederman" <ebiederm@...ssion.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Davidlohr Bueso <dave@...olabs.net>,
        Michel Lespinasse <walken@...gle.com>,
        Jann Horn <jannh@...gle.com>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Christophe Leroy <christophe.leroy@....fr>,
        Minchan Kim <minchan@...nel.org>
CC:     Peter Enderborg <peter.enderborg@...y.com>
Subject: [PATCH 1/2] tracing: Add a trace for task_exit

This is the peer functions to task_rename and task_newtask.
With this we get hole "life-cycle" of task and can easily
see short livied task and their exit status.

Format might look like:
            bash-1144    [006] ....  1306.601707: task_newtask: pid=1181 comm=bash clone_flags=1200000 oom_score_adj=0
           <...>-1181    [007] ....  1306.602080: task_rename: pid=1181 oldcomm=bash newcomm=ls oom_score_adj=0
            bash-1144    [006] d...  1306.785960: task_exit: pid=1181 oom_score_adj=0 exit_signal=17 exit_code=0 exit_state=0x10 comm=ls

For a sequence when a bash shell runs the ls command.

Signed-off-by: Peter Enderborg <peter.enderborg@...y.com>
---
 include/trace/events/task.h | 32 ++++++++++++++++++++++++++++++++
 kernel/exit.c               |  3 +++
 2 files changed, 35 insertions(+)

diff --git a/include/trace/events/task.h b/include/trace/events/task.h
index 64d160930b0d..2e977d2935e1 100644
--- a/include/trace/events/task.h
+++ b/include/trace/events/task.h
@@ -56,6 +56,38 @@ TRACE_EVENT(task_rename,
 		__entry->newcomm, __entry->oom_score_adj)
 );
 
+TRACE_EVENT(task_exit,
+
+	TP_PROTO(struct task_struct *task),
+
+	TP_ARGS(task),
+
+	TP_STRUCT__entry(
+		__field(pid_t,	pid)
+		__field(short,	oom_score_adj)
+		__field(int,	exit_signal)
+		__field(int,	exit_code)
+		__field(int,	exit_state)
+		__string(comm, task->comm)
+
+	),
+
+	TP_fast_assign(
+		__entry->pid = task->pid;
+		__entry->oom_score_adj = task->signal->oom_score_adj;
+		__entry->exit_signal = task->exit_signal;
+		__entry->exit_code = task->exit_code;
+		__entry->exit_state = task->exit_state;
+		__assign_str(comm, task->comm);
+	),
+
+	TP_printk("pid=%d oom_score_adj=%hd exit_signal=%d exit_code=%d exit_state=0x%x comm=%s",
+		  __entry->pid,
+		  __entry->oom_score_adj, __entry->exit_signal,
+		  __entry->exit_code, __entry->exit_state,
+		  __get_str(comm))
+);
+
 #endif
 
 /* This part must be outside protection */
diff --git a/kernel/exit.c b/kernel/exit.c
index 04029e35e69a..3ab0944e5dfc 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -68,6 +68,7 @@
 #include <linux/uaccess.h>
 #include <asm/unistd.h>
 #include <asm/mmu_context.h>
+#include <trace/events/task.h>
 
 static void __unhash_process(struct task_struct *p, bool group_dead)
 {
@@ -107,6 +108,8 @@ static void __exit_signal(struct task_struct *tsk)
 		posix_cpu_timers_exit_group(tsk);
 #endif
 
+	trace_task_exit(tsk);
+
 	if (group_dead) {
 		tty = sig->tty;
 		sig->tty = NULL;
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ