Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

execmon is unable to run on kernels >= 4.6 #2

Open
u-riaz opened this issue Nov 1, 2017 · 1 comment
Open

execmon is unable to run on kernels >= 4.6 #2

u-riaz opened this issue Nov 1, 2017 · 1 comment

Comments

@u-riaz
Copy link

u-riaz commented Nov 1, 2017

Hi Kfir, thanks for this awesome utility. It helped me a lot.

Your utility, execmon, works well on kernels up till 4.5. I'd tested it on Ubuntu 16.04 with kernel 4.4.
Till kernel 4.5, assembly stubs had been used to call sys_execve and by patching call sys_execve in stub_execve did the job. Awesome !
But starting from 4.6 these stubs had been changed and now ptregs_sys_execve is a replace of stub_execve. But it's highly different than older stubs. Now registers are being used to store the real syscall address and there are two way calls 'slow_path' and 'fast_path'.
I'd tried hard but failing to make some logic that how to patch execve calls in this new scheme. Could you please spare some time to have a look and find some clues to upgrading execmon to work for kernels greater than 4.5.

thanks
@QGB
Copy link

QGB commented Dec 17, 2022

any update for now @u-riaz @kfiros @fizwit

how about https://github.com/ColinIanKing/forkstat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@QGB @u-riaz