如何在Linux内核空间中打印用户空间堆栈跟踪 [英] How to print the userspace stack trace in linux kernelspace
问题描述
说,我迷上了sys_ *(例如sys_open)处理程序;当我发现从用户空间传递的参数是恶意的时,我将打印用户空间的堆栈跟踪.我该怎么做?
Say, I hook in a sys_* (e.g. sys_open) handler; when I find the argument passed from the userspace is malicious, I print the stack trace of the userspace. How can I do it?
(dump_stack()仅显示内核堆栈)
(dump_stack() only prints the kernel stack)
推荐答案
oprofile
支持用户空间堆栈跟踪,这些跟踪是在内核中通过遍历用户空间堆栈来计算的. (但请注意:它不能解析符号;这是由用户空间中的报表工具完成的.)
oprofile
has support for user space stack traces, and these are computed in the kernel by walking the user space stacks. (But note: it doesn't resolve the symbols; that's done by the reporting tools in user space.)
如果必须解决此问题,我将再次开始查看oprofile代码,然后使用/适应其中的内容.
If I had to solve this problem, I would start looking (again) at the oprofile code and just use/adapt what is there.
也许可以将这种恶意"事件简单地建模为一种待记录的不真实事件,嗯.
Maybe this kind of "malicious" occurrence could simply just be modeled as a kind of oprofile event to be recorded, hmm.
这篇关于如何在Linux内核空间中打印用户空间堆栈跟踪的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!