Date: Thu, 24 Oct 2002 10:15:06 +0300 From: Maxim Sobolev <sobomax@FreeBSD.org> To: jlemon@FreeBSD.org, hackers@FreeBSD.org, audit@FreeBSD.org Subject: New kevent types: NOTE_STARTEXEC and NOTE_STOPEXEC Message-ID: <3DB79DFA.FA719B8F@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------36514A812340C7D968179FC5 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Folks, Please review the patch, which adds two new types of events - NOTE_STARTEXEC and NOTE_STOPEXEC, that could be used to get notification when the image starts or stops executing. For example, it could be used to monitor that a daemon is up and running and notify administrator when for some reason in exits. I am running this code for more than a year now without any problems. Any comments and suggestions are welcome. Thanks! -Maxim --------------36514A812340C7D968179FC5 Content-Type: text/plain; charset=koi8-r; name="kqueue.startstopexec.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="kqueue.startstopexec.diff" Index: src/lib/libc/sys/kqueue.2 =================================================================== RCS file: /home/ncvs/src/lib/libc/sys/kqueue.2,v retrieving revision 1.28 diff -d -u -r1.28 kqueue.2 --- src/lib/libc/sys/kqueue.2 2 Jul 2002 21:04:00 -0000 1.28 +++ src/lib/libc/sys/kqueue.2 24 Oct 2002 06:57:41 -0000 @@ -292,7 +292,7 @@ .Va fflags , and returns when one or more of the requested events occurs on the descriptor. The events to monitor are: -.Bl -tag -width XXNOTE_RENAME +.Bl -tag -width XXNOTE_STARTEXEC .It NOTE_DELETE .Fn unlink was called on the file referenced by the descriptor. @@ -310,6 +310,19 @@ Access to the file was revoked via .Xr revoke 2 or the underlying fileystem was unmounted. +.It NOTE_STARTEXEC +The file referenced by the descriptor has been executed via +.Xr execve 2 , +.Xr fork 2 +or similar call. The PID of the process is returned in +.Va data . +.It NOTE_STOPEXEC +Execution of the file referenced by the descriptor ended. Triggered when +the process associated with the file exited or was replaced with anoter +image using +.Xr execve 2 +or simial syscall. The PID of the process is returned in +.Va data . .El .Pp On return, Index: src/sys/sys/event.h =================================================================== RCS file: /home/ncvs/src/sys/sys/event.h,v retrieving revision 1.21 diff -d -u -r1.21 event.h --- src/sys/sys/event.h 29 Jun 2002 19:14:52 -0000 1.21 +++ src/sys/sys/event.h 24 Oct 2002 06:57:41 -0000 @@ -83,13 +83,15 @@ /* * data/hint flags for EVFILT_VNODE, shared with userspace */ -#define NOTE_DELETE 0x0001 /* vnode was removed */ -#define NOTE_WRITE 0x0002 /* data contents changed */ -#define NOTE_EXTEND 0x0004 /* size increased */ -#define NOTE_ATTRIB 0x0008 /* attributes changed */ -#define NOTE_LINK 0x0010 /* link count changed */ -#define NOTE_RENAME 0x0020 /* vnode was renamed */ -#define NOTE_REVOKE 0x0040 /* vnode access was revoked */ +#define NOTE_DELETE 0x00100000 /* vnode was removed */ +#define NOTE_WRITE 0x00200000 /* data contents changed */ +#define NOTE_EXTEND 0x00400000 /* size increased */ +#define NOTE_ATTRIB 0x00800000 /* attributes changed */ +#define NOTE_LINK 0x01000000 /* link count changed */ +#define NOTE_RENAME 0x02000000 /* vnode was renamed */ +#define NOTE_REVOKE 0x04000000 /* vnode access was revoked */ +#define NOTE_STARTEXEC 0x08000000 /* vnode was executed */ +#define NOTE_STOPEXEC 0x10000000 /* vnode execution stopped */ /* * data/hint flags for EVFILT_PROC, shared with userspace @@ -98,6 +100,7 @@ #define NOTE_FORK 0x40000000 /* process forked */ #define NOTE_EXEC 0x20000000 /* process exec'd */ #define NOTE_PCTRLMASK 0xf0000000 /* mask for hint bits */ +/* Applies both to EVFILT_VNODE and EVFILT_PROC */ #define NOTE_PDATAMASK 0x000fffff /* mask for pid */ /* additional flags for EVFILT_PROC */ Index: src/sys/kern/kern_exec.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v retrieving revision 1.193 diff -d -u -r1.193 kern_exec.c --- src/sys/kern/kern_exec.c 11 Oct 2002 21:04:01 -0000 1.193 +++ src/sys/kern/kern_exec.c 24 Oct 2002 06:57:41 -0000 @@ -518,6 +518,8 @@ * to locking the proc lock. */ textvp = p->p_textvp; + if (textvp) + VN_KNOTE(textvp, NOTE_STOPEXEC | p->p_pid); p->p_textvp = ndp->ni_vp; /* @@ -525,6 +527,7 @@ * as we're now a bona fide freshly-execed process. */ KNOTE(&p->p_klist, NOTE_EXEC); + VN_KNOTE(p->p_textvp, NOTE_STARTEXEC | p->p_pid); p->p_flag &= ~P_INEXEC; /* Index: src/sys/kern/kern_exit.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_exit.c,v retrieving revision 1.184 diff -d -u -r1.184 kern_exit.c --- src/sys/kern/kern_exit.c 15 Oct 2002 00:14:32 -0000 1.184 +++ src/sys/kern/kern_exit.c 24 Oct 2002 06:58:03 -0000 @@ -440,6 +440,8 @@ * Notify interested parties of our demise. */ KNOTE(&p->p_klist, NOTE_EXIT); + if (p->p_textvp != NULL) + VN_KNOTE(p->p_textvp, NOTE_STOPEXEC | p->p_pid); /* * Notify parent that we're gone. If parent has the PS_NOCLDWAIT Index: src/sys/kern/kern_fork.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v retrieving revision 1.172 diff -d -u -r1.172 kern_fork.c --- src/sys/kern/kern_fork.c 18 Oct 2002 17:45:41 -0000 1.172 +++ src/sys/kern/kern_fork.c 24 Oct 2002 06:58:03 -0000 @@ -724,6 +724,8 @@ * tell any interested parties about the new process */ KNOTE(&p1->p_klist, NOTE_FORK | p2->p_pid); + if (p2->p_textvp != NULL) + VN_KNOTE(p2->p_textvp, NOTE_STARTEXEC | p2->p_pid); PROC_UNLOCK(p1); /* --------------36514A812340C7D968179FC5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DB79DFA.FA719B8F>