How to Add a System Call via a Lkm

Adding a system call with a kernel module(LKM)

Generally, it's strongly recommended to not implement a whole new system call.

Rather, only implement a new ioctl and likely some new block or character devices.

For how to do that, it looks like there is another question/answer already: How do I use ioctl() to manipulate my kernel module?

Implementing Linux System Call using LKM

  1. Locate sys_call_table/ia32_sys_call_table
  2. Make a copy and modify it as you wish (let it be my_sys_call_table)
  3. Locate system_call entry (this one and others)
  4. Modify NR_syscalls compare instruction in case of table size has changed

  5. Modify sys_call_table reference at system_call to point to my_sys_call_table:

    500        call *sys_call_table(,%eax,4)
          ->
    500        call *my_sys_call_table(,%eax,4)
  6. Profit?

Have fun :)

How do I use a Linux System call from a Linux Kernel Module

You can directly call sys_mycall.

#include <linux/module.h>
#include <linux/unistd.h>

static int start_init(void)
{
   long value = sys_mycall (pass_arguments)
   printk("The value is %ld\n",value);

   return 0;
}

static void finish_exit(void)
{
      printk("Done!\n");
}

module_init(start_init);
module_exit(finish_exit);

Playing with syscall table from LKM

If you wish to unload the module that intercepts system calls aware of the situations when some process still in system call handler and your code (module's text segment) goes away from the memory. That leads to page fault as when the process returns from some kernel function (that sleeps) into your code the code doesn't exists anymore.

So, correct module unloading scheme must check for the processess that may sleeps in hooked system calls. Unloading possible only if there are no one process that sleeps in the syscall hook.

UPD

Please, see the patch that proves my theory. It adds the atomic counter that increments and decrements when the hooked_sys_read calls. So as I supposed there is a process that still waiting in read_sys_read while you module have been unloaded. This patch show that with the printk(read_counter) and it prints 1 for me which means that someone doesn't decrement the read_counter.

http://pastebin.com/1yLBuMDY

How to implement my own system call without recompiling the Linux kernel?

You can't.

Without recompiling the kernel, all you can do is build and load kernel modules, and kernel modules cannot add new system calls.


Related Topics

How to Start/Restart/Stop Apache Server on Linux as Non-Root User

Any Reason for Using "*/" in Command "Ls -D */" to List Directories

Imagemagick: Generate Raw Image Data for PDF Flate Embedding

R Package Installation in Linux

Why a Linux Redirect Truncates the File

Command to Store File on Hdfs

How to Switch to Root User Without Entering Password in Bash Script on Redhat

How to Automate Measuring of Bandwidth Usage Between Two Hosts

Find and Replace a Word with Another in All File Names of a Directory

Linux Command Ambiguous Redirect

Use Bash Variable Within Slurm Sbatch Script

Knowing If a Remote Port Forward Was Successful

Fail If a Script Expects Input or Entering Passwords

Unix How to Block Unix/Linux 'Wall' Messaging

Jupyter Lab - Suppress Console Output

Hard Time Installing Ia32-Lib on MAC Osx

Libreoffice Command Line Conversion - No Output File

Linux - Dependency Libmysqlclient.So.15 Not Found


Leave a reply



Submit