RE: Which structure does sysctl fill when KERN_FILE parameter is given as input on Mac Os X 10.4.7?
RE: Which structure does sysctl fill when KERN_FILE parameter is given as input on Mac Os X 10.4.7?
- Subject: RE: Which structure does sysctl fill when KERN_FILE parameter is given as input on Mac Os X 10.4.7?
- From: "Manish Chaturvedi" <email@hidden>
- Date: Tue, 22 Apr 2008 21:37:33 +0530
Thanks Terry this was really helpful :)
I am ok to patch my code for every SU and now looking for the lsof source
code and after looking into the xnu code of lsof, I am still getting some
structures in code of lsof that are using structures like proc, vnode .
Since we don't have the definition of these structures available as the part
of SDK we cannot use it in my code.
We have a member variable (struct proc *e_paddr) declared in structure
eproc , which seems to have a valid address when we query kernel using
sysctl() for process info. I am not sure if this address is useful for us to
get the structure proc. I think that there should be some use of keeping
pointer of structure proc in kinfo_proc
For this I searched for an alternate definition of proc ( got it from
FreeBSD ).
struct proc {
LIST_ENTRY(proc) p_list; /* (d) List of all processes. */
TAILQ_HEAD(, thread) p_threads; /* (c) all threads. */
struct mtx p_slock; /* process spin lock */
struct ucred *p_ucred; /* (c) Process owner's identity. */
struct filedesc *p_fd; /* (b) Open files. */
struct filedesc_to_leader *p_fdtol; /* (b) Tracking node */
struct pstats *p_stats; /* (b) Accounting/statistics (CPU).
*/
struct plimit *p_limit; /* (c) Process limits. */
struct callout p_limco; /* (c) Limit callout handle */
struct sigacts *p_sigacts; /* (x) Signal actions, state (CPU).
*/
/*
* The following don't make too much sense.
* See the td_ or ke_ versions of the same flags.
*/
int p_flag; /* (c) P_* flags. */
enum {
PRS_NEW = 0, /* In creation */
PRS_NORMAL, /* threads can be run. */
PRS_ZOMBIE
} p_state; /* (j/c) S* process status. */
pid_t p_pid; /* (b) Process identifier. */
LIST_ENTRY(proc) p_hash; /* (d) Hash chain. */
LIST_ENTRY(proc) p_pglist; /* (g + e) List of processes in
pgrp. */
struct proc *p_pptr; /* (c + e) Pointer to parent
process. */
LIST_ENTRY(proc) p_sibling; /* (e) List of sibling processes.
*/
LIST_HEAD(, proc) p_children; /* (e) Pointer to list of children.
*/
struct mtx p_mtx; /* (n) Lock for this struct. */
struct ksiginfo *p_ksi; /* Locked by parent proc lock */
sigqueue_t p_sigqueue; /* (c) Sigs not delivered to a td.
*/
#define p_siglist p_sigqueue.sq_signals
/* The following fields are all zeroed upon creation in fork. */
#define p_startzero p_oppid
pid_t p_oppid; /* (c + e) Save ppid in ptrace. XXX
*/
struct vmspace *p_vmspace; /* (b) Address space. */
u_int p_swtick; /* (c) Tick when swapped in or out.
*/
struct itimerval p_realtimer; /* (c) Alarm timer. */
struct rusage p_ru; /* (a) Exit information. */
struct rusage_ext p_rux; /* (cj) Internal resource usage. */
struct rusage_ext p_crux; /* (c) Internal child resource
usage. */
int p_profthreads; /* (c) Num threads in addupc_task.
*/
volatile int p_exitthreads; /* (j) Number of threads exiting */
int p_traceflag; /* (o) Kernel trace points. */
struct vnode *p_tracevp; /* (c + o) Trace to vnode. */
struct ucred *p_tracecred; /* (o) Credentials to trace with.
*/
struct vnode *p_textvp; /* (b) Vnode of executable. */
char p_lock; /* (c) Proclock (prevent swap)
count. */
struct sigiolst p_sigiolst; /* (c) List of sigio sources. */
int p_sigparent; /* (c) Signal to parent on exit. */
int p_sig; /* (n) For core dump/debugger XXX.
*/
u_long p_code; /* (n) For core dump/debugger XXX.
*/
u_int p_stops; /* (c) Stop event bitmask. */
u_int p_stype; /* (c) Stop event type. */
char p_step; /* (c) Process is stopped. */
u_char p_pfsflags; /* (c) Procfs flags. */
struct nlminfo *p_nlminfo; /* (?) Only used by/for lockd. */
struct kaioinfo *p_aioinfo; /* (c) ASYNC I/O info. */
struct thread *p_singlethread;/* (c + j) If single threading this
is it */
int p_suspcount; /* (j) Num threads in suspended
mode. */
struct thread *p_xthread; /* (c) Trap thread */
int p_boundary_count;/* (c) Num threads at user
boundary */
int p_pendingcnt; /* how many signals are pending */
struct itimers *p_itimers; /* (c) POSIX interval timers. */
/* End area that is zeroed on creation. */
#define p_endzero p_magic
/* The following fields are all copied upon creation in fork. */
#define p_startcopy p_endzero
u_int p_magic; /* (b) Magic number. */
int p_osrel; /* (x) osreldate for the
binary (from ELF note, if
any) */
char p_comm[MAXCOMLEN + 1]; /* (b) Process name. */
struct pgrp *p_pgrp; /* (c + e) Pointer to process
group. */
struct sysentvec *p_sysent; /* (b) Syscall dispatch info. */
struct pargs *p_args; /* (c) Process arguments. */
rlim_t p_cpulimit; /* (c) Current CPU limit in
seconds. */
signed char p_nice; /* (c) Process "nice" value. */
/* End area that is copied on creation. */
#define p_endcopy p_xstat
u_short p_xstat; /* (c) Exit status; also stop sig.
*/
struct knlist p_klist; /* (c) Knotes attached to this proc.
*/
int p_numthreads; /* (c) Number of threads. */
struct mdproc p_md; /* Any machine-dependent fields. */
struct callout p_itcallout; /* (h + c) Interval timer callout.
*/
u_short p_acflag; /* (c) Accounting flags. */
struct proc *p_peers; /* (r) */
struct proc *p_leader; /* (b) */
void *p_emuldata; /* (c) Emulator state data. */
struct label *p_label; /* (*) Proc (not subject) MAC
label. */
struct p_sched *p_sched; /* (*) Scheduler-specific data. */
STAILQ_HEAD(, ktr_request) p_ktr; /* (o) KTR event queue. */
LIST_HEAD(, mqueue_notifier) p_mqnotifier; /* (c) mqueue
notifiers.*/
};
Is it possible to cast the address stored in e_paddr to this structure that
I am having ? should I rely on the definition of proc that I am getting in
FreeBSD?
Why these structures like proc, vnode and filelist are private to kernel and
not for the use of third party ?
Thanks,
Manish
-----Original Message-----
From: Terry Lambert [mailto:email@hidden]
Sent: Wednesday, April 02, 2008 8:30 AM
To: Manish Chaturvedi
Cc: email@hidden
Subject: Re: Which structure does sysctl fill when KERN_FILE parameter is
given as input on Mac Os X 10.4.7?
It's defined in file_internal.h, which is part of the published xnu
sources, but which is not published as part of the SDK because we do
not support you using sysctl() to do what you are trying to do.
Which is why I suggested you popen() lsof instead, and parse its output.
-- Terry
On Mar 30, 2008, at 11:00 PM, Manish Chaturvedi wrote:
> I cannot see the definition of struct filelist on Mac 10.4.7.
> Is it one of the private structure that we cannot use ?
>
> Regards,
> Manish
> -----Original Message-----
> From:
> darwin-kernel-bounces+manish_chaturvedi=email@hidden
>
[mailto:darwin-kernel-bounces+manish_chaturvedi=email@hidden
> .com] On Behalf Of Terry Lambert
> Sent: Saturday, March 29, 2008 3:58 AM
> To: anukriti_shrimal
> Cc: email@hidden
> Subject: Re: Which structure does sysctl fill when KERN_FILE
> parameter is
> given as input on Mac Os X 10.4.7?
>
> On Mar 27, 2008, at 11:38 PM, anukriti_shrimal wrote:
>> Hi All,
>>
>> I am currently working on Mac Os X 10.4.7.
>> I m trying to retrieve the list of files opened by a process using
>> sysctl(). The code snippet that I've written is :
>>
>> void* pBuff = NULL ;
>> mib[0] = CTL_KERN;
>> mib[1] = KERN_FILE;
>>
>> size = sizeof(struct filedesc) ; // This is what I
>> tried. This struct is defined in file sys/filedesc.h
>> pBuff = malloc(size) ;
>> while (sysctl((int *)mib, 2, pBuff, &size, NULL, 0) <
>> 0)
>> {
>> if (errno == ENOMEM)
>> {
>> printf("Not sufficient memory
>> allocated\n");
>> }
>> size *= 2 ;
>> if ((arguments = realloc(pBuff, size)) ==
>> NULL)
>> {
>> printf("Realloc error\n");
>> }
>> printf("Error in getting file struct %s\n
>> and error no is %d\n", strerror(errno),errno) ;
>> }
>>
>> This code compiles and fills the buffer pBuff.
>> Now my question is that the buffer pBuff should to mapped to which
>> structure on Mac 10.4.7??
>> I have found that it fills struct file or struct xfile on Free BSD.
>> But on Mac Os, I've tried it with struct extern_file and struct
>> filedesc, but both didn't work. Why are the two structs 'file' and
>> 'xfile' not exposed on Mac 10.4.7?
>> If none of the above, then which struct is getting filled by the
>> above sysctl call?
>>
>> I know that there is an alternative way to do the same task, i.e.,
>> through lsof. But my project constraints don't let me use that.
>> Also, when I saw the ktrace dump of lsof, I found that it also uses
>> sysctl.
>>
>> Is there some other way to do the same task?
>
> Not portably, if you are unwilling to use lsof. We will probably
> break you every release and potentially every SU. Hope you are OK
> with that, since you are using undocumented and unsupported SPI by
> using that sysctl.
>
> If you need to know what it packs in the buffer by default on 10.4.7,
> it's a struct filelist followed by N struct extern_file's.
>
> Your best bet when you have questions like these is to look at the xnu
> sources for the OS version you are interested in, since, as I implied,
> this can change from version to version of the OS.
>
> Unless your constraint is specifically "don't popen lsof", I would
> recommend using lsof.
>
> -- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden