From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 17 07:16:04 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8281416A4CE for ; Wed, 17 Mar 2004 07:16:04 -0800 (PST) Received: from mail4.speakeasy.net (mail4.speakeasy.net [216.254.0.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DA6043D1D for ; Wed, 17 Mar 2004 07:16:04 -0800 (PST) (envelope-from jhb@FreeBSD.org) Received: (qmail 6343 invoked from network); 17 Mar 2004 15:16:02 -0000 Received: from dsl027-160-063.atl1.dsl.speakeasy.net (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) encrypted SMTP for ; 17 Mar 2004 15:16:02 -0000 Received: from 10.50.40.205 (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.12.10/8.12.10) with ESMTP id i2HFFd28070845; Wed, 17 Mar 2004 10:15:41 -0500 (EST) (envelope-from jhb@FreeBSD.org) From: John Baldwin To: freebsd-hackers@FreeBSD.org Date: Wed, 17 Mar 2004 10:17:21 -0500 User-Agent: KMail/1.6 References: <20040316163956.GD638@lame.novel.ru> In-Reply-To: <20040316163956.GD638@lame.novel.ru> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403171017.21776.jhb@FreeBSD.org> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on server.baldwin.cx cc: Roman Bogorodskiy Subject: Re: kernel modules programming: struct proc question X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Mar 2004 15:16:04 -0000 On Tuesday 16 March 2004 11:39 am, Roman Bogorodskiy wrote: > Hi, > > I hope it's a right place for kernel module programming related > questions, in another case I'd be glad if you point me to the right > maillist. > > So, my aim is to log every file opening in `/tmp' dir. I've wrote a simple > "syscall" module which replaces open(2) syscall. My new open(2) looks > > like this: > >---cut 8<--- > > static int > new_open(struct proc *p, register struct open_args *uap) > { > char name[NAME_MAX]; > size_t size; > > if((const void*)copyinstr(uap->path, name, > NAME_MAX, &size) == (const void*)EFAULT) > return(EFAULT); > > if (name[0] == '/' && name[1] == 't' && name[2] == 'm' > && name[3] == 'p' && name[4] == '/') { > printf("open(2): %s pid: %i\n", name, (int)p->p_pid); > } > > return (open(p, uap)); > } > > >---cut 9<---< > > But instead of a real pid I see something strange in logs, something > like this: > > Mar 16 19:15:44 nov kernel: open(2): /tmp/asfdasfsaf pid: -1002890624 > > What am I doing wrong? If this is on current, then the first arg to your syscall should be 'struct thread *td', and you should try to printf td->td_proc->p_pid to get the pid. Also, you might consider using strncmp() to make the code a bit easier to read, i.e.: if (strncmp(name, "/tmp/", 5) == 0) printf("open(2): %s by pid %d (%s)\n", name, td->td_proc->p_pid, td->td_proc->p_comm); -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org