Linux 块系统调用
[英]Linux Block System Calls
问题描述
I am trying to implement functionality in a linux 2.6.32.60 x86 kernel that would allow me to block all system calls based on a field I added in the task struct.
我正在尝试在 linux 2.6.32.60 x86 内核中实现功能,该功能允许我根据我在任务结构中添加的字段阻止所有系统调用。 This would basically be of the form:这基本上是以下形式:
task_struct ts;
if(ts-> added_field == 0)
//do system call normally
else
//don't do system call
I was wondering if I should do this directly in entry_32.S or if I would be able to modify the way the syscall table is called elsewhere.我想知道我是否应该直接在 entry_32.S 中执行此操作,或者我是否能够修改在其他地方调用 syscall 表的方式。 The problem with directly modifying entry_32.S is that I don't know if I can access the task struct that is making the call.直接修改 entry_32.S 的问题是我不知道我是否可以访问正在调用的任务结构。
Thanks for the help!谢谢您的帮助!
2 个解决方案
解决方案1
2 2013-11-02 21:24:40
If I were to do this, I'd hook into __kernel_vsyscall() and just stop the dispatch if the task structure so indicated per your logic above.如果我要这样做,我会挂接到__kernel_vsyscall()并且如果任务结构按照上面的逻辑如此指示就停止调度。
Specifically, arch/i386/kernel/vsyscall-sysenter.S is shared among every process's address space and is the entry point through which all syscalls go.具体来说, arch/i386/kernel/vsyscall-sysenter.S在每个进程的地址空间之间共享,并且是所有系统调用通过的入口点。 This is the spot just before the actual syscall is dispatched and, in my opinion, the place to put your hook.这是在调度实际系统调用之前的位置,在我看来,这是放置钩子的地方。 You are in the processes' address space, so you should have access to mm->current for your task structure.您位于进程的地址空间中,因此您应该可以访问任务结构的mm->current 。 (See also arch/sh/kernel/vsyscall/vsyscall.c ) (另见arch/sh/kernel/vsyscall/vsyscall.c )
解决方案2
2 2013-11-03 00:22:58
The kernel already has a very similar feature, called seccomp ( LWN article ).内核已经有一个非常相似的特性,称为seccomp ( LWN 文章)。 You may want to consider basing your feature off of this, rather than implementing something new.您可能需要考虑将您的功能建立在此基础上,而不是实施新的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.