Re: kernel module function arguments

Ciur Eugen <ciur.eugen@xxxxxxxxx> wrote in news:1189063418.190704.118680
@g4g2000hsf.googlegroups.com:

int vsyscall(int sno, int n, ...)
{
va_list va;
long args[6];
int i;

va_start(va, n);
for(i=0; i<n; i++)
args[i]=va_arg(va, long);
va_end(va);
return msyscall(sno, args);
}

int main(int argc, char** argv)
{
vsyscall(MY_SYSCALL_NO, 3, 4, 5, 90);
return 0;
}

As a result my kernel module intercept vsyscall call (calling
my_syscall), and it's
(my_syscall's argument ) regs.eax is 0 --- showing that system call
with number 0 was intercepted.
BUT HERE IS THE PROBLEM: the other registers (regs.ebx,regs.ecx)
aren't they supposed to be equal to
3,4,5, 90 -- because un client space I pushed them on the stack ?
OK -- if not, how then I can find out arguments passed to
my_systemcall ?

Looks to me that "3" is the number of syscall arguments. It's not
actually being passed in to the kernel. It just tells vsyscall how many
arguments to load into the "args" array.

Some other comments:
It is not typical for kernel system call handlers to take the type
"struct pt_reg" as an argument. They generally just declare the
individual argument values they expect and nothing more complex is
needed. Hence they already "know" how many arguments they're getting.
And they don't need to know the architecture-specific details of a
particular machine whereas you have to know the individual register names
as well as which argument goes into edx, which into ecx, etc.

However, it does seem like this can be made to work as long as you don't
care that it only works on one specific architecture. One thing you
could do is to modify vsyscall so that it actually loads the number of
additional arguments (the "int n" parameter) into the first slot in the
"args" array. Then, in the kernel, the first argument (ebx value) would
be the count of remaining arguments.

Another idea -- slightly better IMO -- is simply to declare my_syscall to
take a single argument which again would be the number of remaining
arguments. Then you can implement a va_arg mechanism in kernel space to
get to the remaining argument values.

BTW, you do realize that system call # 0 is actually used on i386?
(sys_restart_syscall) I'm not really clear on exactly how it's used, but
it appears to be some magic that is used in restarting interrupt
syscalls. Since it takes no arguments, I don't know how you can
distinguish when it's being called from yours -- i.e. you wouldn't even
know when to pass the call on to "orig_syscall". Furthermore, were you
to try to pass it on, I'm guessing you'd have to jump to it without
modifying the stack layout. If you must plug in to the system call
table, you would be better off grabbing one that is not used (look for
"sys_ni_syscall" entries in the table).

GH
.

Relevant Pages