kernel-module

I'm writing a kernel module that uses a netfilter hook to filter TCP packets and need to find out the path to the executable that is sending the packets. So far I have used the following approach but it prints names that are seemingly unrelated to the executables used ( /usr/lib/firefox/firefox , usr/bin/telnet.netkit and /usr/bin/wget ). pid_t pid = current->pid; struct path path; char buff[BUFF_LEN]; snprintf (buff, BUFF_LEN, "/proc/%d/exe", pid); if(!kern_path(buff, LOOKUP_FOLLOW, &path)) { struct dentry* procEntry = path.dentry; printk("Process: %s\n", procEntry->d_name.name); printk(

I'm writing a linux kernel module that makes use of the exported symbol open_exec struct file *open_exec(const char *name) It returns a pointer, and I can check for an error with the IS_ERR macro: if (IS_ERR(file)) return file; During compile time, I get this warning: warning: return makes integer from pointer without a cast This is because my function here returns an integer. If I try to cast it: return (int) file; I don't get a warning on my 32bit machine, but I do on my 64bit machine: warning: cast from pointer to integer of different size This is because the sizeof of an int and a pointer

I'm trying to read and write to and PCI-device from a loadable kernel module. Therefore I follow this post : pci_enable_device(dev); pci_request_regions(dev, "expdev"); bar1 = pci_iomap(dev, 1, 0); // void iowrite32(u32 val, void __iomem *addr) iowrite32( 0xaaaaaaaa, bar1 + 0x060000); /* offset from device spec */ But at the end the device doesn't do his work as expected. Then I look to the address behind bar1 and found a very big value ffffbaaaaa004500 . At this point I don't really understand what was happen there and what was right. Can I interpret bar1 as an address inside my kernel

I'm working on a small firewall, i had to retrieve the datas from each tcp packet from port 80 (http) for parsing them. This code works well on a debian 32 bits virtual machine, i'm able to print the headers of each web page, but when i try to load my kernel module and to transfer some datas through the http port, it prints no datas. When i compile, it shows those warnings only on my 64bits computer : /home/dev3/C/FIREWALL/firewall.c: In function ‘hook_func’: /home/dev3/C/FIREWALL/firewall.c:179: warning: cast from pointer to integer of different size /home/dev3/C/FIREWALL/firewall.c:179:

I try to mmap a file in a linux kernel module. I have tried to use the function do_mmap_pgoff . But the address returned is memory virtual address in current process' user space, i.e., below the kernel boundary. Instead, I want to map the file in the kernel space and get the kernel virtual address of the mapped region. Is there any kernel API in Linux support this operation? Thanks 来源： https://stackoverflow.com/questions/13465095/how-to-mmap-a-file-in-linux-kernel-space

I need to rename a kernel module (the name that get displayed with lsmod) of an already existing driver without changing the name of the source file. e.g. # insmod xxx.ko <<module loads successfully>> # lsmod Module Size Used by Tainted: P xxx 191527 0 # I want to rename xxx to yyy . Now I know that changing the name of the driver source file (when it involves a single file) changes the name of the module. But I don't want to change the name of a source file. Rename your obj-m in Makefile and set dependency of obj-m to original module. For example, I have file hello.c that contain all of my

I am in the process of writing a Linux Kernel Module (LKM) serving as a pseudo-driver - I am unable to figure out how to make IOCTL calls between the LKM ( wait.c ) and the user-level program ( user.c ). The magic number for the device driver is 0xBF - the LKM does not communicate with a physical block/char device, it is simply an exercise. From what I can tell, the IOCTL call to KERN_IOCTL_CREATE_EVENT is not formatted properly & the magic number is incorrect. The IOCTL call that I am attempting to use is: #include <sys/ioctl.h> #define KERN_IOCTL_CREATE_EVENT _IOWR(WAIT_DEVICE_MAGIC, 1, int)

I am writing a C daemon, which depends on the existence of two kernel modules in order to do its job. The program does not directly use these (or any other) modules. It only needs them to exist. Therefore, I would like to programmatically check whether these modules are already loaded or not, in order to warn the user at runtime. Before I start to do things like parsing /proc/modules or lsmod output, does a utility function already exist somewhere? Something like is_module_loaded(const char* name) ; I am pretty sure this has been asked before. However, I think I am missing the correct terms to

In a kernel module, how to list all the kernel symbols with their addresses? The kernel should not be re-compiled. I know "cat /proc/kallsyms" in an interface, but how to get them directly from kernel data structures, using functions like kallsyms_lookup_name . Example Working module code: #include <linux/module.h> #include <linux/kallsyms.h> static int prsyms_print_symbol(void *data, const char *namebuf, struct module *module, unsigned long address) { pr_info("### %lx\t%s\n", address, namebuf); return 0; } static int __init prsyms_init(void) { kallsyms_on_each_symbol(prsyms_print_symbol, NULL