如何在 Linux 内核中查找信号处理程序定义?
我目前正在研究“在 Intel 架构上的 Linux 中创建事后数据记录器”
。 它只不过是核心实用程序的创建。 任何机构都可以分享有关各种信号(SIGSEGV、SIGABRT、SIGFPE 等
)的信号处理程序如何在 Linux 内核内部实现的应用程序崩溃时生成核心转储
的详细信息。我需要根据我自己的用户特定需求重新编写这些信号处理程序并重建内核。它使我的内核生成具有用户特定需求的核心文件(在应用程序崩溃时),例如显示寄存器、堆栈转储和回溯等。
有谁可以分享一下详细信息吗.... 提前感谢所有回复者:)
I am currrently working on "Creation of Postmortem data logger in Linux on Intel architecture"
.
Its nothing but core utility creation.
Can any body share the details about how the signal handlers for various signals(SIGSEGV,SIGABRT,SIGFPE etc
) which produce core dump
upon crashing an application internally implemented in Linux kernel. I need to re-write these signal handlers with my own user specific needs and rebuild the kernel. It makes my kernel producing the core file (upon crashing an application) with user specific needs like showing registers,stackdump and backtrace etc
.
Can anybody share the details about it....
Advance thanks to all the repliers:)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
发布评论
评论(3)
您可能根本不需要修改内核 - 内核支持在发生核心转储时调用用户空间应用程序。来自 core(5)手册页
:
从内核 2.6.19 开始,Linux 支持
的替代语法/proc/sys/kernel/core_pattern
文件。
如果该文件的第一个字符是
管道符号 (|
),然后
该行的其余部分被解释
作为要执行的程序。反而
被写入磁盘文件时,
核心转储作为标准输入给出
到程序。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
LXR,Linux 交叉引用,当您想了解 Linux 中的某些操作是如何完成时通常会很有帮助核心。它是一个内核源代码浏览和搜索工具。
搜索“core dump”会返回很多结果,但其中两个最有希望的结果位于
fs/exec.c
和fs/proc/kcore.c
(很有希望,因为文件名相当通用,特别是您不想以特定于架构的东西)。kcore.c
实际上是用于内核核心转储,但fs/exec.c
中的命中位于函数do_coredump
,这是转储进程核心的主要函数。从那里,您既可以阅读该函数以了解它的作用,也可以搜索以了解它的调用位置。do_coredump 中的大部分代码都是关于确定是否转储核心以及转储应该去哪里。要转储的内容在接近尾声时处理:
binfmt- >core_dump(&cprm)
,即这取决于可执行格式(ELF、a.out、...)。因此,您的下一个搜索是在core_dump
结构体字段上,特别是它的“usage”;然后选择对应的可执行格式。 ELF 可能是您想要的,所以您将到达elf_core_dump
函数。话虽如此,从您对目标的描述来看,我并不确信您真正想要的是更改核心转储格式,而不是编写一个分析现有转储的工具。
您可能对分析内核故障转储的现有工作感兴趣。其中一些工作也与进程转储相关,例如 gcore 扩展将进程转储包含在内核崩溃转储。
LXR, the Linux Cross-Reference, is usually helpful when you want to know how something is done in the Linux kernel. It's a browsing and searching tool for the kernel sources.
Searching “core dump” returns a lot of hits, but two of the most promising-looking are in
fs/exec.c
andfs/proc/kcore.c
(promising because the file names are fairly generic, in particular you don't want to start with architecture-specific stuff).kcore.c
is actually for a kernel core dump, but the hit infs/exec.c
is in the functiondo_coredump
, which is the main function for dumping a process's core. From there, you can both read the function to see what it does, and search to see where it's called.Most of the code in
do_coredump
is about determining whether to dump core and where the dump should go. What to dump is handled near the end:binfmt->core_dump(&cprm)
, i.e. this is dependent on the executable format (ELF, a.out, …). So your next search is on thecore_dump
struct field, specifically its “usage”; then select the hit corresponding to an executable format. ELF is probably the one you want, and so you get to theelf_core_dump
function.That being said, I'm not convinced from your description of your goals that what you want is really to change the core dump format, as opposed to writing a tool that analyses existing dumps.
You may be interested in existing work on analyzing kernel crash dumps. Some of that work is relevant to process dumps as well, for example the gcore extension to include process dumps in kernel crash dumps.