tmp

 

vm_area_struct是slab内存

vm_area_struct是slab内存，在/proc/slabinfo里的名字是vm_area_struct

添加kernel config并设定默认值

在Kconfig里添加一个config并设定默认值，其它地方不需要再改，即可使用此config：

config TEST_CONFIG
bool "TEST_CONFIG"
default y

kernel里退出一个线程、进程（user space的？）

退出一个线程

do_exit(SIGSYS);

退出一个进程

do_group_exit(SIGSYS);

kernel audit

    audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL,
        "state=initialized audit_enabled=%u res=1",
         audit_enabled);

  

void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
           const char *fmt, ...)
{
    struct audit_buffer *ab;
    va_list args;

    ab = audit_log_start(ctx, gfp_mask, type);
    if (ab) {
        va_start(args, fmt);
        audit_log_vformat(ab, fmt, args);
        va_end(args);
        audit_log_end(ab);
    }
}

可以使用audit的模块有很多，比如下面这些，完整的列表见include/uapi/linux/audit.h

比如kernel seccomp使用audit参考audit_seccomp()

#define AUDIT_INTEGRITY_HASH        1803 /* Integrity HASH type */
#define AUDIT_INTEGRITY_PCR        1804 /* PCR invalidation msgs */
#define AUDIT_INTEGRITY_RULE        1805 /* policy rule */
#define AUDIT_INTEGRITY_EVM_XATTR   1806 /* New EVM-covered xattr */
#define AUDIT_INTEGRITY_POLICY_RULE 1807 /* IMA policy rules */

#define AUDIT_KERNEL        2000    /* Asynchronous audit record. NOT A REQUEST. */

audit的log会发给user space audit线程，log会打印到logcat

/proc/sys/kernel/seccomp

console:/proc/sys/kernel/seccomp # cat actions_avail actions_logged
kill_process kill_thread trap errno user_notif trace log allow    #actions_avail
kill_process kill_thread trap errno user_notif trace log     #actions_logged

actions_avail是read only；actions_logged是read、write的，这个表示seccomp的return value是kill_process kill_thread trap errno user_notif trace log这些时，将会被audit log记录下来，参考seccomp_log()

 

kernel free ramdisk(free_initrd_mem)

[    0.128631][    T1] Trying to unpack rootfs image as initramfs...
[    0.150774][    T1]    memblock_free: [0x0000000025f1f000-0x0000000025ffffff] free_initrd_mem+0x98/0xc0
[    0.151008][    T1] Freeing initrd memory: 896K