kernel-module | 易学教程

System call interception in linux-kernel module (kernel 3.5)

阅读更多关于 System call interception in linux-kernel module (kernel 3.5)

问题 I need to replace a standard system call (e.g. SYS_mkdir) with my own implementation. As I read in some sources, including this question on Stackoverflow, the sys_call_table is not exported symbol since kernel version 2.6 . I tried the following code: #include <linux/module.h> #include <linux/kernel.h> #include <linux/unistd.h> #include <asm/syscall.h> int (*orig_mkdir)(const char *path); .... int init_module(void) { orig_mkdir=sys_call_table[__NR_mkdir]; sys_call_table[__NR_mkdir]=own_mkdir;

perf cannot find external module symbols

阅读更多关于 perf cannot find external module symbols

When running perf it finds the kernel symbols and symbols of my program but it does not find external module symbols. I have written a kernel module which I load using insmod how can I tell perf to find its symbols as well? I am running a 2.6.37.6 kernel (can't upgrade), my perf does not yet support the dwarf option but I think its a symbol issue. I have compiled everything with -g -fno-omit-frame-pointer I had to make it a kernel module, then perf could find its symbols: IN_TREE_DIR=/lib/modules/`uname -r`/kernel/modulename mkdir -p $IN_TREE_DIR cp modulename.ko $IN_TREE_DIR depmod -a 来源：

How to create proc entry under /proc/driver?

阅读更多关于 How to create proc entry under /proc/driver?

I want to create a file under a /proc/driver directory. I would like to use a macro like proc_root_driver (or something else provided) rather than use "driver/MODULE_NAME" explicitly. I use create_proc_entry : struct proc_dir_entry *simpleproc_fops_entry; simpleproc_fops_entry = create_proc_entry(MODULE_NAME, 0400, NULL /* proc_root_dir */); After googling, I found suggestion to use proc_root_driver , but when I use it, I get the error proc_root_driver undeclared in this function And also, proc_root_driver is not available in linux/proc_fs.h. I have tried to declare structure like this: struct

modinfo() equivalent INSIDE kernel?

阅读更多关于 modinfo() equivalent INSIDE kernel?

问题 I have two modules A, B. A has a function f() that is globally acessible, i.e. the f() symbol is exported. B may want to call f() occasionally. But B should only call f() if module A is loaded. What is the best way for B to tell if A is loaded? Part b to this question is there is a way to check if f() is exported? I'm not sure which method is more effecient. 回答1: I assume you load module B first, then optionally module A. My strategy would be to have A register a set of functions with B when

kernel driver reading ok from user space, but writing back is always 0

阅读更多关于 kernel driver reading ok from user space, but writing back is always 0

So I'm working my way through kernel driver programming, and currently I'm trying to build a simple data transfer between application and kernel driver. I am using simple character device as a link between these two, and I have succeeded to transfer data to driver, but I can't get meaningful data back to user space. Kernel driver looks like this: #include <linux/init.h> #include <linux/module.h> #include <linux/kernel.h> /* printk() */ #include <linux/errno.h> /* error codes */ #include <linux/types.h> /* size_t */ #include <linux/proc_fs.h> #include <asm/uaccess.h> /* copy_from/to_user */

Intercept ELF loader in linux kernel: fs/binfmt_elf.c file via loadable kernel module

阅读更多关于 Intercept ELF loader in linux kernel: fs/binfmt_elf.c file via loadable kernel module

问题 I am new to kernel coding and at present I am working with ELF files which have been modified a little bit for the security purposes for which I need to look at some of it's custom section headers and extract the unique code encryption key from it for the CPU to decrypt the contents of the modified ELF. At present the above logic has been implemented within the load_elf_binary function in the fs/binfmt_elf.c file in the kernel source tree, however it is only about 250 lines of code change for

Is it possible to add a system call via a LKM?

阅读更多关于 Is it possible to add a system call via a LKM?

问题 I'd like to add a new system call via an LKM, but I'm not sure how to do this. That is, I know that if I want to add a completely new system call, I can look through the sys_call_table and find a sys_ni_syscall and just replace it, but I was curious if it was possible to actually add to the sys_call_table . I realize it's probably not possible, given that it's a fixed size array, but I was wondering if there were any other clever ways to add system calls without overriding an unused system

How to access a process's kernel stack in linux kernel?

阅读更多关于 How to access a process's kernel stack in linux kernel?

问题 I am trying to monitor which functions are being called up by a process during its course of execution. My aim is to know how much time a process spends in every function. The functions are pushed over a stack and popped when function call returns. I would like to know where in the kernel code this push and pop actually happens. I found a void *stack field in task_struct . I am not sure if this is the field I am looking for. If it is, then what is the way to know how it is updated? I have to

module compiling : asm/linkage.h file not found

阅读更多关于 module compiling : asm/linkage.h file not found

I am trying to compile an example of "hello world" Kernel Module, problems found on ubuntu 11.04, kernel 3.2.6, gcc 4.5.2 and fedora 16, kernel 3.2.7, gcc 4.6.7. code: #include <linux/module.h> #include <linux/init.h> MODULE_LICENSE("GPL"); static int __init hello_init (void) { printk("Hello module init\n"); return 0; } static void __exit hello_exit (void) { printk("Hello module exit\n"); } module_init(hello_init); module_exit(hello_exit); compiled with: gcc -D__KERNEL__ -I /usr/src/linux/include/ -DMODULE -Wall -O2 -c hello.c -o hello.o error: In file included from /usr/src/linux/include

How to write kernel space memory (physical address) to a file using O_DIRECT?

阅读更多关于 How to write kernel space memory (physical address) to a file using O_DIRECT?

I want to write a physical memory to a file. The memory itself will not be touched again, thus I want to use O_DIRECT to gain the best write performance. My first idea was to open /dev/mem and mmap the memory and write everything to a file, which is opened with O_DIRECT . The write call fails ( EFAULT ) on the memory-address returned by mmap. If I do not use O_DIRECT , it results in a memcpy . #include <cstdint> #include <iostream> #include <unistd.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <errno.h> #include <malloc.h> #include <sys/mman.h>