opet syscally

Tomas Pluskal plusik at pohoda.cz
Wed May 5 23:15:58 CEST 2004

Previous message: CPU statistika
Next message: opet syscally
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mel bych opet dotaz ohledne vnitrnosti kernelu (doufam ze zase nebudu
odsouzen ze delam cunarny :)

Jedna se mi o to, ze bych chtel ve svem modulu napichnout vsechny
syscally, abych mohl sledovat jak je procesy volaji. Nechal jsem se trochu
inspirovat systemem CerbNG (http://cerber.sourceforge.net/)

Nejdrive si ulozim vsechny stavajici handlery syscallu a nasmeruji je na
vlastni obsluhu:

-----------------------------------------------------------------------
sy_call_t *syscall_handlers[SYS_MAXSYSCALL];

for (i = 0; i < SYS_MAXSYSCALL; i++) {
   syscall_handlers[i] = sysent[i].sy_call;
   sysent[i].sy_call=&my_syscall;
}
-----------------------------------------------------------------------


Obsluha vypada prozatim takhle:


-----------------------------------------------------------------------
int my_syscall(struct thread *thr, void *arg) {

    int syscall = thr->td_frame->tf_eax;

    if ((syscall == SYS_syscall) || (syscall == SYS___syscall)) {
        caddr_t params = (caddr_t) thr->td_frame->tf_esp + sizeof(int);
        syscall = fuword(params);
    }

    return (syscall_handlers[syscall])(thr, arg);

}
-----------------------------------------------------------------------

Vsechno funguje krasne az do chvile, kdy se pokusim modul odstranit - pri
tom nastavuji puvodni obsluhy:

-----------------------------------------------------------------------
for (i = 0; i < SYS_MAXSYSCALL; i++) {
  sysent[i].sy_call=syscall_handlers[i];
}
-----------------------------------------------------------------------

a system spadne.

Ve zdrojacich CerbNG jsem se na jednom miste docetl:
/*
 * There are problems (kernel panic) when catching those syscalls:
 * select(), wait4(), mmap(), lseek(), sigsuspend()
 */

a na jinem miste zase neco jineho:

/*
 * There are problems with stablility when those syscalls are catched.
 */
static u_int invalid_scalls[] = {
        SYS_exit,
        SYS_flock,
        SYS_read,
        SYS_write,
        SYS_wait4
};


Me dotazy jsou proto nasledujici
- proc neni mozne nektere syscally odchytavat
- proc system spadne prave pri unloadu modulu
- jestli se da nejak zjistit ktere syscally muzu bezpecne chytat, resp.
ktere jsou problematicke

diky predem za rady,

Tomas Pluskal

Previous message: CPU statistika
Next message: opet syscally
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list