Say, I hook in a sys_* (e.g. sys_open) handler; when I find the argument passed from the userspace is malicious, I print the stack trace of the userspace. How can I do it?
(dump_stack() only prints the kernel stack)
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Say, I hook in a sys_* (e.g. sys_open) handler; when I find the argument passed from the userspace is malicious, I print the stack trace of the userspace. How can I do it?
(dump_stack() only prints the kernel stack)
oprofilehas support for user space stack traces, and these are computed in the kernel by walking the user space stacks. (But note: it doesn’t resolve the symbols; that’s done by the reporting tools in user space.)If I had to solve this problem, I would start looking (again) at the oprofile code and just use/adapt what is there.
Maybe this kind of “malicious” occurrence could simply just be modeled as a kind of oprofile event to be recorded, hmm.