Re: ptrace and friends

Roger Espel Llima (espel@llaic.u-clermont1.fr)
Wed, 20 Jan 1999 14:23:12 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Elizabeth Chastain: "Re: Adding checkpointing API to Linux kernel"
Previous message: Alexander Kjeldaas: "Re: Adding checkpointing API to Linux kernel"

xervavi Molnar Ingo lio ro mailing-list man ro kernel se Linux:
> On Tue, 19 Jan 1999, Andy Glew wrote:
>
> > So, back to where we started: is there a kernel syscall interposition
> > driver for LINUX? Another respondent implied that there might be.
>
> yes, it's called ptrace(), debugging tools like gdb or strace use it
> extensively.

It can be slow-ish for generic usage though. When a program ptrace's
another, every system call the victim program makes must go through the
tracer, which must do further system calls to access the parameters.
That's a lot of extra context switches.

I'd say that, in many (but not all!) cases, interposition at the library
level (with LD_LIBRARY_PATH or LD_PRELOAD) is faster and more convenient
than ptrace.

> There is another solution that is used by the iBCS2
> kernel-module, a separate system call entry. So you can 'proxy' a system
> call in an arbitrary way.

More generally, the module API has a generic way to hook system calls.

-- Roger Espel Llima, espel@llaic.u-clermont1.fr http://www.eleves.ens.fr:8080/home/espel/index.html

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Elizabeth Chastain: "Re: Adding checkpointing API to Linux kernel"
Previous message: Alexander Kjeldaas: "Re: Adding checkpointing API to Linux kernel"