Kernel Side Implementation

As expected, the handler function for the ptrace system call is called sys_ptrace. The architecture-independent part of the implementation that is used for all except a handful of architectures can be found in kernel/ptrace.c. The architecture-dependent part, that is, the function arch_ptrace, is located in arch/arch/kernel/ptrace.c. Figure 13-2 shows the code flow diagram.

Figure 13-2: Code flow diagram for sys_ptrace.

The ptrace system call is dominated by its request parameter — this is immediately apparent in the structure of its code. Preliminary work is carried out, primarily to determine the task_struct instance of the passed PID using ptrace_get_task_struct. This basically uses find_task_by_vpid to find the required instance of task_struct, but also prevents tracing of the init process — the ptrace operation is aborted if a value of 1 is passed for pid.

Continue reading here: Starting Tracing

Was this article helpful?

0 0