Using LD_PRELOAD on kernel level functions

Question

Is it possible to override one of the linux kernel functions using LD_PRELOAD?

For instance, I want to change the cookie_hash function in Linux/net/ipv4/syncookie.c for the listening socket for my program fooserver. Can I do it using LD_PRELOAD, or I need to recompile the kernel for that?

Are there any other options?

Thanks,

Answer 1

You can do something similar in Linux Kernel. It isn't a trivial operation but what you should do is the next:

1. Find the address of the function you want to be replaced. There are several ways to achieve the address. The simplest one is 'cat /proc/kallsyms | grep cookie_hash ".
2. From your module, you save the content of the address. It is the original 'cookie_hash' function.
3. Into this address, you place the address of your function 'my_cookie_hash'.
4. At the end of your function 'my_cookie_hash', you call the original function 'cookie_hash'.

There are many hidden traps and potential crashes, though. But generally, this approach works.

Answer 2

You have to use kprobes or systemtap to override kernel functions. It isn't necessary to recompile.

Answer 3

No, it is not possible to use LD_PRELOAD to replace a function in the kernel.

You will need to either recompile the kernel.

If the function is in a kernel module, then you may be able to unload, recompile and reload the module without needing to restart the kernel.

If this is something you will be doing frequently, then you will want to use a second computer, or a virtual machine, so you won't have to keep restarting the computer you're programming on.