如何在Linux内核空间中打印用户空间堆栈跟踪 [英] How to print the userspace stack trace in linux kernelspace

问题描述

说，我迷上了sys_ *(例如sys_open)处理程序；当我发现从用户空间传递的参数是恶意的时，我将打印用户空间的堆栈跟踪.我该怎么做?

Say, I hook in a sys_* (e.g. sys_open) handler; when I find the argument passed from the userspace is malicious, I print the stack trace of the userspace. How can I do it?

(dump_stack()仅显示内核堆栈)

(dump_stack() only prints the kernel stack)

推荐答案

oprofile支持用户空间堆栈跟踪，这些跟踪是在内核中通过遍历用户空间堆栈来计算的. (但请注意:它不能解析符号；这是由用户空间中的报表工具完成的.)

oprofile has support for user space stack traces, and these are computed in the kernel by walking the user space stacks. (But note: it doesn't resolve the symbols; that's done by the reporting tools in user space.)

如果必须解决此问题，我将再次开始查看oprofile代码，然后使用/适应其中的内容.

If I had to solve this problem, I would start looking (again) at the oprofile code and just use/adapt what is there.

也许可以将这种恶意"事件简单地建模为一种待记录的不真实事件，嗯.

Maybe this kind of "malicious" occurrence could simply just be modeled as a kind of oprofile event to be recorded, hmm.

这篇关于如何在Linux内核空间中打印用户空间堆栈跟踪的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！