Hello,

I am working on a project and have added some system calls to the linux kernel. A few of these system calls allow a process to hide itself from top or ps, some other calls allow a parent process to see if a child is abusing the hide system calls.

Here is what I am stuck on. Once the parent forks a child it must wait() for the child. In my case I want the parent to check on the child using a check_child_hide system call. Once the parent suspects abuse of the system call, check_child_hide unhides the child, sets a flag in the child's task_struct forbidding it from hiding so the child will exit.

What I am running into is that the child will exit but is a zombie so it still lives in the tasklist. Is there a wait or something else that allows the parent to continue execution in this manner? I tried the waitpid with the WNHANG option but this doesn't appear to work.

Any thoughts?