When I run the command lsof from a terminal, it will show a detail list of all file descriptor with a header is FD. And FD column numbers like 1u is actual file descriptor and followed by u,r,w of it’s mode as:
My question is how to print out these types of access from a linux kernel module? I am able to print the files_path (See the attracted picture). And I see in here that has f_mode in the file struct and tried to print it out and received big numbers, like 1208647709 or 917507
The results after running dmesg
Here is my code
struct task_struct *task_list;
struct fdtable * fdt = NULL;
unsigned int process_count = 0;
int fd_i;
char tmpbuf[256];
char * process_path = "";
struct path files_path;
unsigned int mode_path;
char *cwd;
for_each_process(task_list) {
pr_info("Process: %s\t PID:[%d]\t State:%s\n",
task_list->comm, task_list->pid,
get_task_state(task_list->state));
if (task_list->files == NULL) continue;
fdt = files_fdtable(task_list->files);
int i=0;
while(fdt->fd[i] != NULL) {
files_path = fdt->fd[i]->f_path;
mode_path = fdt->fd[i]->f_mode;
cwd = d_path(&files_path,buf,100*sizeof(char));
printk(KERN_INFO "Open file with fd %d %s **mode: %d**", i,cwd, mode_path);
i++;
}
}
Could someone review and support me about this problem?
Solution from Tsyvarev:
extract both flags using f_mode & (FMODE_READ | FMODE_WRITE)
. Then switch for the result of that expression:
FMODE_READ
means "r".FMODE_WRITE
means "w".FMODE_READ | FMODE_WRITE
means "u".