site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... On Nov 25, 2007, at 12:30 AM, Damir Dezeljin <mac@dezo.org> wrote: Terry, Michael: thanks, your posts were really helpful even if my mail was hard to understand -> was writing just before going to bed :) Anyway I'll try to clarify my use case a bit better: Lets say I'm implementing a virus scanner and I want performing some actions only when (before) the file data is being accessed. So, ideally I would skip all directory listing or chmod-s, renames and other operations not requiring file data. As I understood it is not possible to distinguish between all such operations, but I have to deal with VNODE action bit mask and do my decision depending on results (well, first I have to check if the VNODE is a file ...). As far as good -> I'm going to do some more testing and I guess I'll return with additional questions later on. BTW: I don't really care about the path I get from the VNODE. The only important thing is I will be able to open the resolved path in user space and scan the file. I've been considering a "open vnode vp in process q" function for a while now. There are a number of uses for something like this. If you could file an enhancement request and link it to a real performance issue for you, It'd help considerably. Make sure you indicate that it's a "kernel KPI enhancement request" in the first sentence, as that will get it routed faster. Depending on results, I'll block the file access. I'm concerned about performance and results of my approach for cases Michael described: ---- there isn't an operation actually in progress, but someone wants to know whether it would be permitted. You may want to ignore operations with this bit set for performance reasons, but be aware that it may give odd results. ---- I some not directly related questions to the subject: - I have just one MAC available right now. I'm using it for developing and testing too. This makes it hard tracking down kernel (my KEXT) deadlocks as I had to reset it lot of times already :) I'm wondering if it is possible to debug the kernel remotely using a Linux / Windows box? Possible, but there are no cookboos for it. We generally expect you to have a bunch of macs. 8-). Or is it possible to run Darwin on a normal PC (not MAC) - I'm pretty sure it is, but I don't know if it is possible compiling or just loading KEXT-s on such installations. This works. You have to have all your symbol files etc. over there, but gdb is pretty much gdb, and you don't need GUI code for it. - I'm still confused by means for obtaining certain functions documentations. E.g. I used sources as well, list posts and a PDF to understand what msleep() actually do. Is there anything I could install to get 'man msleep' working Not really, no. We don't have a man(9) section for KPIs. We do have developer documentation at <http://developer.apple.com> as well as tech notes. I did a huge amount of documenting in block comments in the source code for Leopard (think Amit got early access to at least the UBC documentation for his book, since the only thing that really changed there was the per thread creds), but obviously, didn't get to everything. It's likely to be an iterative process. That should help some, particulary for credentials, kauth, and the like. This email sent to site_archiver@lists.apple.com