Re: Suggestions based on my experiences so far
On Thu, 27 Jan 2005 19:04:26 EST, Avishay Traeger said:
2. The name of the process (or command) which invoked the system call
is
not logged (tsk->comm). I think it would not only be good to know
exactly what invoked it, but to know if the process associated with a
particular PID changes (if process P1 has PID N, invokes some system
calls, exits, and then process P2 gets PID N, invokes other system
calls, then P1 and P2 will be indistinguishable).
You need to keep track of process exit()s. Logging tsk->comm doesn't buy
you anything - if I'm having a hard time getting a clean compile of a self-patched
kernel (and thus end up doing rm -r/untar/patch/make oldconfig/make several times),
there's actually a *good* chance that if process 23948 was 'cc1' last time,
that after the 5th or 6th build I'll hit 23948 again and it will be 'cc1'
again.
(I'm showing a kernel build as doing a *lot* of 'gcc -c' calls, and those
seem
to only generate 3 processes - a 'gcc', a 'cc1', and an 'as' - so
you're really
looking at close to 1-in-3 odds)...
Attachments:
- attachment.sig (application/pgp-signature — 226 bytes)