Hello,
I learnt that the sys_call_table is no longer is exportable in 2.6+. I'm
using 2.6.35.4 and trying to implement it in a LKM. I read the virtual addr
of sys_call_table from the system map and made its physical page writable
and added my syscall in place of Andrew Filesystem syscall and then made the
page readonly again. But when I call my system call it is still calling AFS
syscall and hence getting back ENOSYS error. I printed the sys_call_table
at AFS syscall index after making the change and it seems to have the addr
of my syscall. I'm not understanding where did it go wrong. Any help on
figuring this out would be appreciated. Below is my code...
I haven't yet implemented the sytem call. Its about encrypting and
decrypting user specified files. I would do that later once have this
infrastructure set. Now I'm just printing that "I was here!".
And is there a better way of implementing this? Like creating a system call
stub in the kernel that calls my function which would be part of an LKM? I
would really want a generic solution to this.
[root]# grep sys_call_table System.map
c12ba180 R sys_call_table
-----------------------------------------------------------------------------------------
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/unistd.h>
#include <linux/mman.h>
#include <linux/sched.h>
#include <asm/uaccess.h>
#include <asm/pgtable.h>
#include <asm/processor.h>
#include <asm/atomic.h>
#include <asm/mman.h>
#include <linux/init.h>
#include <linux/mm.h>
#include <linux/syscalls.h>
#include <asm/cacheflush.h>
#include <asm/page.h>
#include <linux/linkage.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("shetty");
MODULE_DESCRIPTION("sys_crypt implementation");
unsigned long *sys_call_table = (unsigned long *)0xc12ba180;
static asmlinkage int (*original_call) ();
#define __NR_afs_syscall 137
SYSCALL_DEFINE5(crypt,const char __user *, infile, const char __user *,
outfile,
const char __user *, keybuf, int, keylen, char,
flags)
{
printk(KERN_ALERT "I was here!\n");
return keylen;
}
EXPORT_SYMBOL(sys_crypt);
static int __init sys_crypt_init(void)
{
unsigned long addr;
struct page *page;
printk(KERN_ALERT "Inserting hw1-module...\n");
page_sys_call_table = virt_to_page(sys_call_table);
addr = (unsigned long)page_address(page);
set_memory_rw(addr, 1);
original_call = sys_call_table[__NR_afs_syscall];
sys_call_table[__NR_afs_syscall] = sys_crypt;
printk(KERN_ALERT "sys_crypt = %X\n", sys_crypt);
printk(KERN_ALERT "sys_call_table:sys_crypt =
%X",sys_call_table[__NR_new_syscall]);
printk(KERN_ALERT "sys_call_table = %X\n", sys_call_table);
printk(KERN_ALERT "&sys_call_table:sys_crypt =
%X",&sys_call_table[__NR_new_syscall]);
set_memory_ro(addr, 1);
printk(KERN_ALERT "sys_call_table is exported\n");
return 0;
}
static void __exit sys_crypt_exit(void)
{
unsigned long addr;
struct page *page;
page_sys_call_table = virt_to_page(sys_call_table);
addr = (unsigned long)page_address(page);
set_memory_rw(addr, 1);
sys_call_table[__NR_afs_syscall] = original_call;
set_memory_ro(addr, 1);
printk(KERN_ALERT "Removing hw1-module\n");
}
module_init(sys_crypt_init);
module_exit(sys_crypt_exit);
EXPORT_SYMBOL(sys_call_table);
-----------------------------------------------------------------------------------
/var/log/messages:
Sep 13 19:11:11 d136 kernel: Inserting hw1-module...
Sep 13 19:11:11 d136 kernel: sys_crypt = D084B000
<<<<<
Sep 13 19:11:11 d136 kernel: sys_call_table:sys_crypt = D084B000 <<<<<
Sep 13 19:11:11 d136 kernel: original_call = X
Sep 13 19:11:11 d136 kernel: sys_call_table = C12BA180
Sep 13 19:11:11 d136 kernel: &sys_call_table:sys_crypt = C12BA38C
Sep 13 19:11:11 d136 kernel: sys_call_table is exported
***************From strace*****************************
afs_syscall(0x8049708, 0xbf8a5828, 0x8048462, 0x9d0ff4, 0x9cf208) = -1
ENOSYS (Function not implemented)
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7813000
write(1, "-1Error: 38, Function not implem"..., 38) = 38
exit_group(36)
***********************************************************
Thanks..
-Pradeep
