Chapter 4. Kernel Internals
Prev   Next

Chapter 4. Kernel Internals

Table of Contents

Core Calls In
Architecture Calls Out
<asm/ptrace.h>
<asm/syscall.h>
<linux/tracehook.h>

This chapter covers the interface to the tracing infrastructure from the core of the kernel and the architecture-specific code. This is for maintainers of the kernel and arch code, and not relevant to using the tracing facilities described in preceding chapters.

Core Calls In

tracehook_expect_breakpoints — guess if task memory might be touched
tracehook_report_syscall_entry — task is about to attempt a system call
tracehook_report_syscall_exit — task has just finished a system call
tracehook_unsafe_exec — check for exec declared unsafe due to tracing
tracehook_tracer_task — return the task that is tracing the given task
tracehook_report_exec — a successful exec was completed
tracehook_report_exit — task has begun to exit
tracehook_init_task — task_struct has just been copied
tracehook_free_task — task_struct is being freed
tracehook_prepare_clone — prepare for new child to be cloned
tracehook_finish_clone — new child created and being attached
tracehook_report_clone — in parent, new child is about to start running
tracehook_report_clone_complete — new child is running
tracehook_report_vfork_done — vfork parent's child has exited or exec'd
tracehook_prepare_release_task — task is being reaped, clean up tracing
tracehook_finish_release_task — final tracing clean-up
tracehook_signal_handler — signal handler setup is complete
tracehook_consider_ignored_signal — suppress short-circuit of ignored signal
tracehook_consider_fatal_signal — suppress special handling of fatal signal
tracehook_force_sigpending — let tracing force signal_pending(current) on
tracehook_get_signal — deliver synthetic signal to traced task
tracehook_notify_jctl — report about job control stop/continue
tracehook_finish_jctl — report about return from job control stop
tracehook_notify_death — task is dead, ready to notify parent
tracehook_report_death — task is dead and ready to be reaped
set_notify_resume — cause tracehook_notify_resume to be called
tracehook_notify_resume — report when about to return to user mode

These calls are declared in <linux/tracehook.h>. The core kernel calls these functions at various important places.

Prev   Next
syscall_set_arguments Home tracehook_expect_breakpoints