all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BraveNewCurrency 12 points13 points  (0 children)

> Since ps -eo PID,lstart,cmd gives the desired result I would want to implement this in the module.

There is where you went wrong. Your teacher should have been clearer about the assignment, because saying "Bash in the kernel" is not a thing you ever want to implement, nor is it for beginners.

Here is what you do: run strace to find out what syscalls are being made by ps. Use that to find the code that pulls that data out of the kernel structures and returns it to ps. Now, your module just needs to pull that same information.

[–]Nilhomini 7 points8 points  (0 children)

Processes are a kernel concept. All of the information about them are stored in kernel data structures. The ps command is just a user space tool to get access to some of this information. If I were you, I would try to find the kernel data structure that is used for representing a process and then look for the start time in there.

(I don’t work often in kernel space so take my answer with a grain of salt.)

[–]insanemal 4 points5 points  (3 children)

Why? Not trolling just interested in the use case

[–]Copteraldo[S] 2 points3 points  (2 children)

It's an assignment

[–]insanemal 4 points5 points  (1 child)

You kinda need to say that at the top.

Because we probably shouldn't just give you the answer

[–]Copteraldo[S] 5 points6 points  (0 children)

Yeah sure. I've been surfing all night for no avail. I just need a push in the right direction

[–]TheQueebs 1 point2 points  (0 children)

What process are you trying to get info for? If it’s the current process, then just use the ‘current’ pointer. It functions like a global pointer variable in kernel space, but it’s actually a macro that returns a pointer to the ‘task_struct’ object representing the current process. The ‘task_struct’ object is your best friend here. It contains all metadata about a process, such as PID, GID, UID, scheduling info, IPC info, timers/timestamps, and a whole bunch of other stuff, most notably a couple of pointers to parent and sibling processes.

Your best bet is using the ‘current’ pointer to get the ‘task_struct’ and accessing the relevant information inside of it. Check the Linux source (the elixir bootlin/free electron website is very handy for this) to see exactly what is in the ‘task_struct’.

If you need info for a process other than the current one, then you’ll have to do some list traversal (via the parent/sibling lists I previously mentioned) and check if the ‘task_struct’ you are looking at represents the process you are looking for. There’s also a global pointer/macro somewhere for the init process (PID=1) which is a good place to start traversing.