LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   problem in intercepting sys_write system call (http://www.linuxquestions.org/questions/programming-9/problem-in-intercepting-sys_write-system-call-224139/)

appas 08-29-2004 10:43 PM

problem in intercepting sys_write system call
 
Hi All,

I am intercepting sys_write system call and within my_sys_write i will call the original syswrite.
Before calling the original sys_write, i have to get the contents of the file which will be replaced
by the current write.
So i open a new file descriptor inside my_sys_write and read the current buffer before calling the
original sys_write.
I have a problem in reading the current buffer using sys_read which returns zero .
I am giving the relevant code below

Code:

ssize_t  my_sys_write(unsigned int fd, const char * buf, size_t count)
{
          // Get the name of absolute name from file descritpor
          // calling the sys_open to get a new handle for reading
        int openForRead = OriginalSysOpen(absoluteFileName,O_RDONLY,0777);
          // calling sys_read and storing the contents in the tmpBuf, bytesRead always return zero
        int bytesRead = OriginalSysRead(openForRead,tmpBuf, count );
        printk("  OPENFILEHANDLE %d BYTESREAD %d \n", openForRead,bytesRead);
        OriginalSysClose(openForRead);
        int returnValue = OriginalSysWrite(fd,buf,count);
        return returnValue;
}

After few hours of frustation, i am posting here to get some help.

infamous41md 08-29-2004 10:48 PM

kernel functions expect user space addresses as arguments, not kernel space. read this:
http://www.linux.it/kerneldocs/ksys/

appas 08-29-2004 11:08 PM

Thank u for the reply, Though i haven't yet gone through the document i have taken care of the user - kernel addr space using
the get_fs and set_fs. Code actually looks like below but still i am receiveing the number of bytes read as zero.

Code:

ssize_t  my_sys_write(unsigned int fd, const char * buf, size_t count)
{
          // Get the name of absolute name from file descritpor
          mm_segment_t tmpfs;
          tmpfs = get_fs();
        set_fs (get_ds());
        // calling the sys_open to get a new handle for reading
        int openForRead = OriginalSysOpen(absoluteFileName,O_RDONLY,0777);
          // calling sys_read and storing the contents in the tmpBuf, bytesRead always return zero
        int bytesRead = OriginalSysRead(openForRead,tmpBuf, count );
        printk("  OPENFILEHANDLE %d BYTESREAD %d \n", openForRead,bytesRead);
        OriginalSysClose(openForRead);
        int returnValue = OriginalSysWrite(fd,buf,count);
        set_fs(tmpfs);
        return returnValue;
}


appas 08-31-2004 10:24 AM

I would like to add some more points that i noted while trying to fix the above mentioned error.
I wrote a simple c program which makes a call to write function. This write function was trapped by the kernel module (see above code) and successfully read the contents that are supposed to be replaced by the "OriginalSysWrite"
Instead if i open a file in vim editor and made some modifications and save the file. Here again the write was intercepted by "my_sys_write" but the "OriginalSysRead" inside "my_sys_read" returns zero.
If anyone can help me on this, please reply

infamous41md 08-31-2004 09:25 PM

don't get offended, but: these are things you need to figure out yourself. people can't and shouldn't hold your hand when you're kernel hacking. read the source for the functions giving you problem, do some simple tests, do w/e it takes to solve the problem. you can do it. i have faith.

appas 08-31-2004 10:28 PM

Really heartening to see your mail, thanks for your suggestions and i will do the same.
Thanks once again for the support and confidence you are giving.

appas 09-03-2004 08:16 AM

Its time to close the thread. At last i found out the where the problem lies. vi or any editors open the file in trunc mode before doing a write.Hence when i trapped
the sys_write system call, the file descriptor is pointer to a empty file. And i was trying to read from this empty file which was returning zero bytes.
Thanks for all your support.

infamous41md 09-03-2004 12:33 PM

good job :)


All times are GMT -5. The time now is 04:17 PM.