How to find signal handlers definitions in Linux kernel?
I am currrently working on "Creation of Postmortem data logger in Linux on Intel architecture"
.
Its nothing but core utility creation.
Can any body share the details about how the signal handlers for various signals(SIGSEGV,SIGABRT,SIGFPE etc
) which produce core dump
upon crashing an application internally implemented in Linux kernel. I need to re-write these signal handlers with my own user specific needs and rebuild the kernel. It makes my kernel producing the core file (upon crashing an appli开发者_Python百科cation) with user specific needs like showing registers,stackdump and backtrace etc
.
Can anybody share the details about it.... Advance thanks to all the repliers:)
You may not need to modify the kernel at all - the kernel supports invoking a userspace application when a core dump occurs. From the core(5)
man page:
Since kernel 2.6.19, Linux supports an alternate syntax for the
/proc/sys/kernel/core_pattern
file. If the first character of this file is a pipe symbol (|
), then the remainder of the line is interpreted as a program to be executed. Instead of being written to a disk file, the core dump is given as standard input to the program.
The actual dumping code depends on the format of the dump. For ELF format, look at the fs/binfmt_elf.c
file. I has an elf_dump_core
function. (Same with other formats.)
This is triggered by get_signal_to_deliver
in kernel/signal.c
, which calls into do_coredump
in fs/exec.c
, which calls the handler.
LXR, the Linux Cross-Reference, is usually helpful when you want to know how something is done in the Linux kernel. It's a browsing and searching tool for the kernel sources.
Searching “core dump” returns a lot of hits, but two of the most promising-looking are in fs/exec.c
and fs/proc/kcore.c
(promising because the file names are fairly generic, in particular you don't want to start with architecture-specific stuff). kcore.c
is actually for a kernel core dump, but the hit in fs/exec.c
is in the function do_coredump
, which is the main function for dumping a process's core. From there, you can both read the function to see what it does, and search to see where it's called.
Most of the code in do_coredump
is about determining whether to dump core and where the dump should go. What to dump is handled near the end: binfmt->core_dump(&cprm)
, i.e. this is dependent on the executable format (ELF, a.out, …). So your next search is on the core_dump
struct field, specifically its “usage”; then select the hit corresponding to an executable format. ELF is probably the one you want, and so you get to the elf_core_dump
function.
That being said, I'm not convinced from your description of your goals that what you want is really to change the core dump format, as opposed to writing a tool that analyses existing dumps.
You may be interested in existing work on analyzing kernel crash dumps. Some of that work is relevant to process dumps as well, for example the gcore extension to include process dumps in kernel crash dumps.
精彩评论