Reputation: 21
Linux Block System Calls
I am trying to implement functionality in a linux 2.6.32.60 x86 kernel that would allow me to block all system calls based on a field I added in the task struct. This would basically be of the form:
task_struct ts;
if(ts-> added_field == 0)
//do system call normally
else
//don't do system call
I was wondering if I should do this directly in entry_32.S or if I would be able to modify the way the syscall table is called elsewhere. The problem with directly modifying entry_32.S is that I don't know if I can access the task struct that is making the call.
Thanks for the help!
Upvotes: 2
Views: 2838
Answers (2)
Reputation: 39414
If I were to do this, I'd hook into __kernel_vsyscall() and just stop the dispatch if the task structure so indicated per your logic above.
Specifically, arch/i386/kernel/vsyscall-sysenter.S is shared among every process's address space and is the entry point through which all syscalls go. This is the spot just before the actual syscall is dispatched and, in my opinion, the place to put your hook. You are in the processes' address space, so you should have access to mm->current for your task structure. (See also arch/sh/kernel/vsyscall/vsyscall.c)
Upvotes: 2
Reputation:
The kernel already has a very similar feature, called seccomp (LWN article). You may want to consider basing your feature off of this, rather than implementing something new.
Upvotes: 2
Related Questions
- What is meant by "blocking system call"?
- System calls - functions used by kernel
- Implementation of system calls / traps within Linux kernel source
- linux system call implementation
- Looking for system calls implementation on linux kernel
- Hijacking sys calls
- Linux System Calls
- System calls Implementation
- Tracing a C blocking system call
- System call in process