如何在 Linux 内核中查找信号处理程序定义?

发布于 10-31 10:48 字数 308 浏览 3 评论 0原文

我目前正在研究“在 Intel 架构上的 Linux 中创建事后数据记录器”。 它只不过是核心实用程序的创建。 任何机构都可以分享有关各种信号(SIGSEGV、SIGABRT、SIGFPE 等)的信号处理程序如何在 Linux 内核内部实现的应用程序崩溃时生成核心转储的详细信息。我需要根据我自己的用户特定需求重新编写这些信号处理程序并重建内核。它使我的内核生成具有用户特定需求的核心文件(在应用程序崩溃时),例如显示寄存器、堆栈转储和回溯等。

有谁可以分享一下详细信息吗.... 提前感谢所有回复者:)

I am currrently working on "Creation of Postmortem data logger in Linux on Intel architecture".
Its nothing but core utility creation.
Can any body share the details about how the signal handlers for various signals(SIGSEGV,SIGABRT,SIGFPE etc) which produce core dump upon crashing an application internally implemented in Linux kernel. I need to re-write these signal handlers with my own user specific needs and rebuild the kernel. It makes my kernel producing the core file (upon crashing an application) with user specific needs like showing registers,stackdump and backtrace etc.

Can anybody share the details about it....
Advance thanks to all the repliers:)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

陈年往事2024-11-07 10:48:33

LXR,Linux 交叉引用,当您想了解 Linux 中的某些操作是如何完成时通常会很有帮助核心。它是一个内核源代码浏览和搜索工具。

搜索“core dump”会返回很多结果,但其中两个最有希望的结果位于 fs/exec.cfs/proc/kcore.c (很有希望,因为文件名相当通用,特别是您不想以特定于架构的东西)。 kcore.c 实际上是用于内核核心转储,但 fs/exec.c 中的命中位于函数 do_coredump,这是转储进程核心的主要函数。从那里,您既可以阅读该函数以了解它的作用,也可以搜索以了解它的调用位置。

do_coredump 中的大部分代码都是关于确定是否转储核心以及转储应该去哪里。要转储的内容在接近尾声时处理: binfmt- >core_dump(&cprm),即这取决于可执行格式(ELF、a.out、...)。因此,您的下一个搜索是在 core_dump 结构体字段上,特别是它的“usage”;然后选择对应的可执行格式。 ELF 可能是您想要的,所以您将到达 elf_core_dump 函数。

话虽如此,从您对目标的描述来看,我并不确信您真正想要的是更改核心转储格式,而不是编写一个分析现有转储的工具。

您可能对分析内核故障转储的现有工作感兴趣。其中一些工作也与进程转储相关,例如 gcore 扩展将进程转储包含在内核崩溃转储

LXR, the Linux Cross-Reference, is usually helpful when you want to know how something is done in the Linux kernel. It's a browsing and searching tool for the kernel sources.

Searching “core dump” returns a lot of hits, but two of the most promising-looking are in fs/exec.c and fs/proc/kcore.c (promising because the file names are fairly generic, in particular you don't want to start with architecture-specific stuff). kcore.c is actually for a kernel core dump, but the hit in fs/exec.c is in the function do_coredump, which is the main function for dumping a process's core. From there, you can both read the function to see what it does, and search to see where it's called.

Most of the code in do_coredump is about determining whether to dump core and where the dump should go. What to dump is handled near the end: binfmt->core_dump(&cprm), i.e. this is dependent on the executable format (ELF, a.out, …). So your next search is on the core_dump struct field, specifically its “usage”; then select the hit corresponding to an executable format. ELF is probably the one you want, and so you get to the elf_core_dump function.

That being said, I'm not convinced from your description of your goals that what you want is really to change the core dump format, as opposed to writing a tool that analyses existing dumps.

You may be interested in existing work on analyzing kernel crash dumps. Some of that work is relevant to process dumps as well, for example the gcore extension to include process dumps in kernel crash dumps.

孤云独去闲2024-11-07 10:48:32

您可能根本不需要修改内核 - 内核支持在发生核心转储时调用用户空间应用程序。来自 core(5)手册页

从内核 2.6.19 开始,Linux 支持
的替代语法
/proc/sys/kernel/core_pattern 文件。
如果该文件的第一个字符是
管道符号 (|),然后
该行的其余部分被解释
作为要执行的程序。反而
被写入磁盘文件时,
核心转储作为标准输入给出
到程序。

You may not need to modify the kernel at all - the kernel supports invoking a userspace application when a core dump occurs. From the core(5) man page:

Since kernel 2.6.19, Linux supports an
alternate syntax for the
/proc/sys/kernel/core_pattern file.
If the first character of this file is
a pipe symbol (|), then the
remainder of the line is interpreted
as a program to be executed. Instead
of being written to a disk file, the
core dump is given as standard input
to the program.

梦情居士2024-11-07 10:48:32

实际的转储代码取决于转储的格式。对于 ELF 格式,请查看 fs/binfmt_elf.c 文件。我有一个elf_dump_core函数。 (与其他格式相同。)

这是由 kernel/signal.c 中的 get_signal_to_deliver 触发的,它会调用 fs/ 中的 do_coredump exec.c,它调用处理程序。

The actual dumping code depends on the format of the dump. For ELF format, look at the fs/binfmt_elf.c file. I has an elf_dump_core function. (Same with other formats.)

This is triggered by get_signal_to_deliver in kernel/signal.c, which calls into do_coredump in fs/exec.c, which calls the handler.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文