monitor of SEGFAULT processes

Frank Ch. Eigler fche at redhat.com
Thu Mar 16 10:55:26 EDT 2017


levonshe wrote:

> [...]  Is it possible from kernel module or user space to monitor
> which processes were terminated abnormally ?  [...]

Depending on the version & configuration, there exist both kernel
tracepoints and kprobe/jprobe sites where the kernel side of these
events may be hooked.  You may be able to attach to each of those from
userspace via perf.

For comparison, systemtap chooses whatever facility is available in your
kernel, by internally mapping the abstract "signal.send" name into a
list of candidates.

# stap -e '
probe signal.send {
  if (sig_name == "SIGKILL")
    printf("%s was sent to %s (pid:%d) by %s uid:%d\n",
           sig_name, pid_name, sig_pid, execname(), uid())
}'


- FChE



More information about the Kernelnewbies mailing list