I am running an Embedded Linux OS with systemd as init. Sometimes I see systemd manager does a log dump during early bootup upon receiving SIGUSR2 signal. I found the sender PID using signalfd() but by the time I try to print using cat /proc/pid/cmdline there seems to be no trace of it.
I added a small piece of code in kill() system call in kernel/signal.c to execute a script to get more details about the sender process (cmdline, its parent, etc.,)
Code in kill() system call:
// We are concerned only about SIGUSR2 to init
if (17 == sig && 1 == pid)
{
printk("PID %d sent SIGUSR2 to systemd\n", info.si_pid, pid);
char *envp[] = { "HOME=/", NULL };
char *argv[] = { "/bin/sh", "-c", "/etc/getSenderInfo.sh", NULL };
call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
}
/etc/getSenderInfo.sh
#!/bin/sh
pid=$(dmesg | grep -w "sent SIGUSR2 to systemd" | awk '{print $2}')
while [ $pid -ne 0 ]
do
echo "ps -o ppid= -o cmd= -p $pid"
ppid=$(ps -o ppid= -o cmd= -p $pid)
echo $ppid
pid=$(echo $ppid | awk '{print $1}')
done
I am not sure if this is the most right way but this did the trick for me