Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263475AbUACPaW (ORCPT ); Sat, 3 Jan 2004 10:30:22 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263478AbUACPaW (ORCPT ); Sat, 3 Jan 2004 10:30:22 -0500 Received: from hermine.idb.hist.no ([158.38.50.15]:42762 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id S263475AbUACPaT (ORCPT ); Sat, 3 Jan 2004 10:30:19 -0500 Date: Sat, 3 Jan 2004 16:41:58 +0100 To: Libor Vanek Cc: Anton Blanchard , linux-kernel@vger.kernel.org Subject: Re: Syscall table AKA hijacking syscalls Message-ID: <20040103154158.GB5531@hh.idb.hist.no> References: <3FF56B1C.1040308@conet.cz> <20040102233542.GW28023@krispykreme> <3FF602C9.4080100@conet.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FF602C9.4080100@conet.cz> User-Agent: Mutt/1.5.4i From: Helge Hafting Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1676 Lines: 43 On Sat, Jan 03, 2004 at 12:46:17AM +0100, Libor Vanek wrote: > >>I'm writing some project which needs to hijack some syscalls in VFS > >>layer. AFAIK in 2.6 is this "not-wanted" solution (even that there are > >>some very nasty ways of doing it - see > >>http://mail.nl.linux.org/kernelnewbies/2002-12/msg00266.html ) > > > > > >And it will fail miserably on many non x86 architectures for > >various reasons: > > > >1. ppc64 and ia64 use function descriptors > >2. sparc64 uses a 32bit call out table > > > >In short its not only an awful hack, its horribly non portable :) > > But in short you always get some syscall from userspace and have some table > with function vectors assigned to each syscall, don't you? > > So you can have something like > "append_this_function_before_syscall_sys_open" and > "append_this_function_after_syscall_sys_open" which would be platform > independent but will have platform dependent implementation. Why bother overriding syscalls? If you want a different sys_open, just modify/rewrite it. Then you get a kernel that works your way without touching the syscall table (or other implementation of it) at all. Of course this sort of rewrite cannot be acitvated/deactivated by loading/unloading a module. But that isn't necessary, use a writeable flag in /proc instead. i.e.: sys_open(...) { if (activated_in_proc) my_sys_open(...); else standard_sys_open(...); } Helge Hafting - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/