problem in intercepting sys_write system call

appas · 08-29-2004, 10:43 PM

Hi All,

I am intercepting sys_write system call and within my_sys_write i will call the original syswrite.
Before calling the original sys_write, i have to get the contents of the file which will be replaced
by the current write.
So i open a new file descriptor inside my_sys_write and read the current buffer before calling the
original sys_write.
I have a problem in reading the current buffer using sys_read which returns zero .
I am giving the relevant code below

Code:

ssize_t  my_sys_write(unsigned int fd, const char * buf, size_t count)
{
           // Get the name of absolute name from file descritpor
           // calling the sys_open to get a new handle for reading 
	 int openForRead = OriginalSysOpen(absoluteFileName,O_RDONLY,0777);
          // calling sys_read and storing the contents in the tmpBuf, bytesRead always return zero
	int bytesRead = OriginalSysRead(openForRead,tmpBuf, count );
	printk("  OPENFILEHANDLE %d BYTESREAD %d \n", openForRead,bytesRead);
	OriginalSysClose(openForRead);
	int returnValue = OriginalSysWrite(fd,buf,count);
	return returnValue;
}

After few hours of frustation, i am posting here to get some help.

infamous41md · 08-29-2004, 10:48 PM

kernel functions expect user space addresses as arguments, not kernel space. read this:
http://www.linux.it/kerneldocs/ksys/

appas · 08-29-2004, 11:08 PM

Thank u for the reply, Though i haven't yet gone through the document i have taken care of the user - kernel addr space using
the get_fs and set_fs. Code actually looks like below but still i am receiveing the number of bytes read as zero.

Code:

ssize_t  my_sys_write(unsigned int fd, const char * buf, size_t count)
{
           // Get the name of absolute name from file descritpor
           mm_segment_t tmpfs;
           tmpfs = get_fs();
	set_fs (get_ds());
         // calling the sys_open to get a new handle for reading 
         int openForRead = OriginalSysOpen(absoluteFileName,O_RDONLY,0777);
          // calling sys_read and storing the contents in the tmpBuf, bytesRead always return zero
         int bytesRead = OriginalSysRead(openForRead,tmpBuf, count );
         printk("  OPENFILEHANDLE %d BYTESREAD %d \n", openForRead,bytesRead);
         OriginalSysClose(openForRead);
         int returnValue = OriginalSysWrite(fd,buf,count);
         set_fs(tmpfs);
         return returnValue;
}

appas · 08-31-2004, 10:24 AM

I would like to add some more points that i noted while trying to fix the above mentioned error.
I wrote a simple c program which makes a call to write function. This write function was trapped by the kernel module (see above code) and successfully read the contents that are supposed to be replaced by the "OriginalSysWrite"
Instead if i open a file in vim editor and made some modifications and save the file. Here again the write was intercepted by "my_sys_write" but the "OriginalSysRead" inside "my_sys_read" returns zero.
If anyone can help me on this, please reply

infamous41md · 08-31-2004, 09:25 PM

don't get offended, but: these are things you need to figure out yourself. people can't and shouldn't hold your hand when you're kernel hacking. read the source for the functions giving you problem, do some simple tests, do w/e it takes to solve the problem. you can do it. i have faith.

appas · 08-31-2004, 10:28 PM

Really heartening to see your mail, thanks for your suggestions and i will do the same.
Thanks once again for the support and confidence you are giving.

appas · 09-03-2004, 08:16 AM

Its time to close the thread. At last i found out the where the problem lies. vi or any editors open the file in trunc mode before doing a write.Hence when i trapped
the sys_write system call, the file descriptor is pointer to a empty file. And i was trying to read from this empty file which was returning zero bytes.
Thanks for all your support.

infamous41md · 09-03-2004, 12:33 PM

good job