Hi,
I hope it's a right place for kernel module programming related
questions, in another case I'd be glad if you point me to the right
maillist.
So, my aim is to log every file opening in `/tmp' dir. I've wrote a simple
"syscall" module which replaces open(2) syscall. My new open(2) looks
like this:
>---cut 8<---
static int
new_open(struct proc *p, register struct open_args *uap)
{
char name[NAME_MAX];
size_t size;
if((const void*)copyinstr(uap->path, name,
NAME_MAX, &size) == (const void*)EFAULT)
return(EFAULT);
if (name[0] == '/' && name[1] == 't' && name[2] == 'm'
&& name[3] == 'p' && name[4] == '/') {
printf("open(2): %s pid: %i\n", name, (int)p->p_pid);
}
return (open(p, uap));
}
>---cut 9<---<
But instead of a real pid I see something strange in logs, something
like this:
Mar 16 19:15:44 nov kernel: open(2): /tmp/asfdasfsaf pid: -1002890624
What am I doing wrong?
-Roman Bogorodskiy
pgp00000.pgp
Description: PGP signature
