How to detect the launching of programs on Linux?
I don't know if there exists a better way, but you could periodically scan the /proc filesystem.
For example, /proc/<pid>/exe is a symlink to the process's executable.
On my systems (Ubuntu/RedHat), /proc/loadavg contains the number of running processes (the number after the forward slash) as well as the pid of the most recently started process. If your daemon polls the file, any change to either of the two numbers will tell it when it needs to re-scan /proc looking for new processes.
This is by no means bullet-proof, but is the most suitable mechanism I can think of.
Server running in linux kernel. Should listen happen in a thread or not?
I'm not sure whether you need a raw socket at all in the kernel. Inside the kernel you can add a netfilter hook, or register something else (???) which will receive all packets; this might be what you want.
If you DID use a raw socket inside the kernel, then you'd probably need to have a kernel thread (i.e. started by kernel_thread) to call read() on it. But it need not be a kernel thread, it could be a userspace thread which just made a special syscall or device call to call the desired kernel-mode routine.
If you have a hook registered, the context it's called in is probably something which should not do too much processing; I don't know exactly what that is likely to be, it may be a "bottom half handler" or "tasklet", whatever the are (these types of control structures keep changing from one version to another). I hope it's not actually an interrupt service routine.
In answer to your original question:
- Yes, sys_read will block the calling thread, whether it's a kernel thread or a userspace one. The system will not hang. However, if the calling thread is not in a state where blocking makes sense, the kernel will panic (scheduling in interrupt or something)
Yes you will need to do this in a separate thread, no it won't hang the system. However, making system calls in kernel mode is very iffy, although it does work (sort of).
But if you installed some kind of hook instead, you wouldn't need to do any of that.
How does the kernel track which processes receive data from an interrupt?
The events that processes wait on are abstract software events, such as a particular queue is not empty, rather than concrete hardware events, such as a interrupt 4635 occurring.
Some configuration ( perhaps guided by a hardware description like device tree ) identifies interrupt 4635 as being a signal from a given serial device with a given address. The serial device driver configures itself so it can access the device registers of this serial port, and attaches its interrupt handler to the given interrupt identifier (4635).
Once configured, when an interrupt from the serial device is raised, the lowest level of the kernel invokes this serial device's interrupt handler. In turn, when the handler sees a new character arriving, it places it in the input queue of that device. As it enqueues the character, it may notice that some process(es) are waiting for that queue to be non-empty, and cause them to be run.
That approximately describes the situation using condition variables as the signalling mechanism between interrupts and processes, as was established in UNIX-y kernels 44 years ago. Other approaches involve releasing a semaphore on each character in the queue; or replying with messages for each character. There are many forms of synchronization that can be used.
Common to all such mechanisms, is that the caller chooses to suspend itself to wait for io to complete; and does so by associating its suspension with the instance of the object which it is expecting input from.
What happens next can vary; typically the waiting process, which is now running, reattempts to remove a character from the input queue. It is possible some other process got to it first, in which case, it merely goes back to waiting for the queue to become non empty.
So, the OS doesn't explicitly route the character from the device to the application; a series of implicit and indirect steps does.
Related Topics
In Linux, Do There Exist Functions Similar to _Clearfp() and _Statusfp()
Home Directory Is Not Created with Adding User Resource with Chef
Go Memory Leak When Doing Concurrent Os/Exec.Command.Wait()
Error While Running Parallel Make
When Is The System Call Set_Tid_Address Used
Configuring Tomat's Server.Xml File with Auto Generating Mod_Jk.Conf
Lkm: Last Block Written to Device
Curl Error "No Alternative Certificate.."
Lapack/Blas/Openblas Proper Installation from Source - Replace System Libraries with New Ones
Making Pairs of Words Based on One Column
Why Sigint Can Stop Bash in Terminal But Not via Kill -Int
Make for Compiling - All *.C Files in Folders & Subfolders in Project
Remove Strings by a Specific Delimiter
Prevent Git Checkout from Overwriting a File
How to Couple Xargs with Pdftotext Converter to Search Inside Multiple PDF Files
Trying to Install Docker Gpg Key Recieving Error: Curl: Option '-' Is Unknown
Init Script '/Dev/Tty: No Such Device or Address' Error on Redirect