Linux Block System Calls
Question
I am trying to implement functionality in a linux 2.6.32.60 x86 kernel that would allow me to block all system calls based on a field I added in the task struct. This would basically be of the form:
task_struct ts;
if(ts-> added_field == 0)
//do system call normally
else
//don't do system call
I was wondering if I should do this directly in entry_32.S or if I would be able to modify the way the syscall table is called elsewhere. The problem with directly modifying entry_32.S is that I don't know if I can access the task struct that is making the call.
Thanks for the help!
2 answers
solution1
2 2013-11-02 21:24:40
If I were to do this, I'd hook into __kernel_vsyscall() and just stop the dispatch if the task structure so indicated per your logic above.
Specifically, arch/i386/kernel/vsyscall-sysenter.S is shared among every process's address space and is the entry point through which all syscalls go. This is the spot just before the actual syscall is dispatched and, in my opinion, the place to put your hook. You are in the processes' address space, so you should have access to mm->current for your task structure. (See also arch/sh/kernel/vsyscall/vsyscall.c )
solution2
2 2013-11-03 00:22:58
The kernel already has a very similar feature, called seccomp ( LWN article ). You may want to consider basing your feature off of this, rather than implementing something new.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.