Abel Muņoz Alcaraz wrote:
> I have replaced the execve() kernel [syscall]
> with my own implementation but it doesn't work well.
In Linux, hooking into sys_call_table[] is a pretty painful way
to interpose on system calls. Unfortunately, there's no other
way to do it (in Linux) that I know of...
Your problem at the moment is that sys_execve() is implemented
with an ugly hack.
Usual C call-by-value semantics would give you a private copy of
the struct argument. However, sys_execve() is declared with the
"asmlinkage" keyword, so in this case you get passed a struct
_which is aliased to the argument the caller passed_, and the
implementation of sys_execve() relies on this fact.
This optimization makes it really painful to wrap sys_execve() in
the natural way. The solution is to cut-and-paste code ... but
don't expect it to be architecture-independent (argh!).
I think the sigreturn() and rt_sigsuspend() system calls have
similar issues.
Probably the next few things you'll run into are:
- If you want to install a hook (a function) that gets called
when a process dies, it's very difficult.
- If you want to keep extra per-process state reliably,
it's difficult.
- If you want to examine system call arguments, it's difficult.
- If you want to interpose on sys_socketcall(), you may have
to cut-and-paste code from the implementation of sys_socketcall().
Oh, how I wish Linux provided a cleaner, architecture-independent
interface for system call interposition...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Oct 07 2000 - 21:00:15 EST