On Thu, 27 Jan 2005 19:04:26 EST, Avishay Traeger said: > 2. The name of the process (or command) which invoked the system call is > not logged (tsk->comm). I think it would not only be good to know > exactly what invoked it, but to know if the process associated with a > particular PID changes (if process P1 has PID N, invokes some system > calls, exits, and then process P2 gets PID N, invokes other system > calls, then P1 and P2 will be indistinguishable). You need to keep track of process exit()s. Logging tsk->comm doesn't buy you anything - if I'm having a hard time getting a clean compile of a self-patched kernel (and thus end up doing rm -r/untar/patch/make oldconfig/make several times), there's actually a *good* chance that if process 23948 was 'cc1' last time, that after the 5th or 6th build I'll hit 23948 again and it will be 'cc1' again. (I'm showing a kernel build as doing a *lot* of 'gcc -c' calls, and those seem to only generate 3 processes - a 'gcc', a 'cc1', and an 'as' - so you're really looking at close to 1-in-3 odds)...
Description: PGP signature