First doubt here: memcpy freezes
Hi everyone,
I am a Linux noob and have only recently started playing around with it. So I apologize if this sounds too immature.
I am trying to "hijack" some syscalls by modifying their function pointers in the syscall table to redirect access to my own functions where I preprocess the arguments before calling the original functions with possibly modified arguments. I am doing this by loading an LKM in a user-mode linux running off kernel version 2.6.39.1 runnning in x86_64 mode. To get to the heart of the problem, I'll give an example of what happens for 2 syscalls - open and lstat.
All versions of sys_lstat accept two userland pointers - file-name and a struct where stat information is to be stored. What my function does is it checks the file-name and for some match, passes a different file-name (which is a kernel pointer) to the original sys_lstat version. A simplified version of the code is (ignore syntactic mistakes, if any):
struct __old_kernel_stat __user *statbuf)
{
int err;
struct path path;
bool modify_fs = false;
char* filename_param_to_orig = userland_filename;
mm_segment_t old_fs;
err = user_path_at(AT_FDCWD, userland_filename, 0, &path);
if (err) return err;
if (file_match(path)) { //compare inodes
// Modify DS before calling the original function with a kernel pointer
// as a param
modify_fs = true;
old_fs = = get_fs();
set_fs(KERNEL_DS);
filename_param_to_orig = my_mod_filename;
}
err = orig_sys_lstat(filename_param_to_orig, statbuf); // doesn't return if file matches
if (modify_fs)
set_fs(old_fs);
return err;
}
On a file match, it all goes fine until control reaches memcpy called from copy_to_user method (eventually called from sys_lstat), where the kernel tries to copy into the userland struct from its own struct which is filled with (hopefully) the right info. In memcpy (arch/x86/lib/memcpy_64.S) the kernel completely freezes. If gdb is to be trusted, this freeze happens on line 70 in the instruction:movq 0*8(%rsi), %r8
Unfortunately I am not very well versed with x86 architecture either, and I have not been able to figure why this freeze happens.
A similar implementation for sys_open is working for me (passing a kernel pointer to the original function after changing the data segment).
Could anybody point out what's going wrong here or at least point me in a direction where I could look for it myself? Any help is much appreciated. Thanks a lot!
Categories
- All Categories
- 64 LFX Mentorship
- 117 LFX Mentorship: Linux Kernel
- 618 Linux Foundation IT Professional Programs
- 322 Cloud Engineer IT Professional Program
- 141 Advanced Cloud Engineer IT Professional Program
- 56 DevOps Engineer IT Professional Program
- 67 Cloud Native Developer IT Professional Program
- 6 Express Training Courses
- 6 Express Courses - Discussion Forum
- 2.4K Training Courses
- 19 LFC110 Class Forum - Discontinued
- 9 LFC131 Class Forum
- 31 LFD102 Class Forum
- 178 LFD103 Class Forum
- LFD110 Class Forum
- 24 LFD121 Class Forum
- LFD133 Class Forum
- 2 LFD137 Class Forum
- 62 LFD201 Class Forum
- 2 LFD210 Class Forum
- 1 LFD210-CN Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- LFD233 Class Forum
- LFD237 Class Forum
- 23 LFD254 Class Forum
- 660 LFD259 Class Forum
- 108 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 4 LFD273 Class Forum
- 1 LFS101 Class Forum
- LFS116 Class Forum
- 2 LFS145 Class Forum
- LFS151 Class Forum
- LFS158 Class Forum
- LFS167 Class Forum
- 28 LFS200 Class Forum
- 740 LFS201 Class Forum - Discontinued
- 1 LFS201-JP クラス フォーラム
- 13 LFS203 Class Forum
- 98 LFS207 Class Forum
- 301 LFS211 Class Forum
- 54 LFS216 Class Forum
- 47 LFS241 Class Forum
- 41 LFS242 Class Forum
- 38 LFS243 Class Forum
- 12 LFS244 Class Forum
- LFS245 Class Forum
- 41 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 143 LFS253 Class Forum
- LFS254 Class Forum
- LFS255 Class Forum
- 2 LFS256 Class Forum
- LFS257 Class Forum
- 1.2K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 109 LFS260 Class Forum
- 147 LFS261 Class Forum
- 39 LFS262 Class Forum
- 83 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 21 LFS267 Class Forum
- 18 LFS268 Class Forum
- 26 LFS269 Class Forum
- 204 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS274 Class Forum
- 3 LFS281 Class Forum
- 258 LFW211 Class Forum
- 179 LFW212 Class Forum
- 9 SKF100 Class Forum
- SKF200 Class Forum
- 908 Hardware
- 221 Drivers
- 74 I/O Devices
- 44 Monitors
- 116 Multimedia
- 210 Networking
- 102 Printers & Scanners
- 86 Storage
- 765 Linux Distributions
- 88 Debian
- 66 Fedora
- 15 Linux Mint
- 13 Mageia
- 24 openSUSE
- 144 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 357 Ubuntu
- 484 Linux System Administration
- 40 Cloud Computing
- 71 Command Line/Scripting
- Github systems admin projects
- 95 Linux Security
- 80 Network Management
- 108 System Management
- 52 Web Management
- 75 Mobile Computing
- 25 Android
- 35 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 544 Off Topic
- 131 Introductions
- 223 Small Talk
- 22 Study Material
- 836 Programming and Development
- 285 Kernel Development
- 517 Software Development
- 975 Software
- 261 Applications
- 185 Command Line
- 3 Compiling/Installing
- 119 Games
- 318 Installation
- 65 All In Program
- 65 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)