Demo of patching syscalls from a module

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: ralf@uni-koblenz.de: "Re: test_and_set_bit() not atomic forever? [cli/sti in char/vt.c [patch]]"
• Previous message: Meelis Roos: "Re: Some more data-points for "crashme""
• Next in thread: David S. Miller: "Re: Demo of patching syscalls from a module"
• Maybe reply: David S. Miller: "Re: Demo of patching syscalls from a module"

Thanks for your replies about how to implement syscalls in a module.
Below is a simple module that patches time(2) on loading and restores
it back on unloading. It is of minimal usefullness, apart from purely
learning value.

The only thing I am still not sure is whether declaring my_time() as
static asmlinkage is the right thing to do. I mean the core kernel declares
syscalls as just asmlinkage and they do not get exported, while if the module
does the same they are automatically exported, which is not desirable.

So, is static asmlinkage ok or is there another way of preventing non-static symbol
from being exported? (I thought that symbols to be exported by a module have to be
explicitly EXPORT_SYMBOL'd but looks like it's not the case in 2.1.104pre1 that I
use).

/*
* time.c - Simple module illustrating 'dynamical patching' of
* time(2) system call.
* Logs all processes that call time(2) together with the argument
* passed and restores normal time(2) behaviour to the original at
* module unload.
*/

#include <linux/module.h>
#include <linux/unistd.h>
#include <linux/sched.h>

MODULE_DESCRIPTION("time: demo of patching sys_call_table[]");
MODULE_AUTHOR("Tigran A. Aivazian");

static int (*sys_time_save)(int *);

static asmlinkage int my_time(int *tloc)
{
printk(KERN_INFO "time: my_time(%p) by <%s>\n", tloc, current->comm);
return sys_time_save(tloc);
}

int init_module(void)
{
extern long sys_call_table[];

sys_time_save = (int (*)(int *))(sys_call_table[__NR_time]);
printk(KERN_INFO "time: init_module(): sys_time=%p saved\n",
(char *)sys_call_table[__NR_time]);
sys_call_table[__NR_time] = (long)my_time;
return 0;
}

void cleanup_module(void)
{
extern long sys_call_table[];

sys_call_table[__NR_time] = (long)sys_time_save;
printk(KERN_INFO "time: cleanup_module() sys_time() restored\n");
}

#
# Simple Makefile for time kernel module.
#
# Makefile used to build time module.
#

INCLUDEDIR = /usr/include
CC = gcc

CFLAGS = -D__KERNEL__ -I$(INCLUDEDIR) -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -pipe -fno-strength-reduce -m486 -malign-loops=2
-malign-jumps=2 -malign-functions=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/include/linux/modversions.h

VER = $(shell awk -F\" '/REL/ {print $$2}' $(INCLUDEDIR)/linux/version.h)

OBJS = time.o

all: $(OBJS)

install:
install -d /lib/modules/$(VER)/misc
install -c time.o /lib/modules/$(VER)/misc

clean:
rm -f *.o *~ core
------
Tigran A. Aivazian | http://www.sco.com/
Escalations Research Group | Email: tigran@sco.com
Santa Cruz Operation Ltd |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: ralf@uni-koblenz.de: "Re: test_and_set_bit() not atomic forever? [cli/sti in char/vt.c [patch]]"
• Previous message: Meelis Roos: "Re: Some more data-points for "crashme""
• Next in thread: David S. Miller: "Re: Demo of patching syscalls from a module"
• Maybe reply: David S. Miller: "Re: Demo of patching syscalls from a module"