this is simple sys_call_table hooking code
#include <asm/unistd.h>
#include <linux/autoconf.h>
#include <linux/in.h>
#include <linux/init_task.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/kmod.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/skbuff.h>
#include <linux/stddef.h>
#include <linux/string.h>
#include <linux/syscalls.h>
#include <linux/tcp.h>
#include <linux/types.h>
#include <linux/unistd.h>
#include <linux/version.h>
#include <linux/workqueue.h>
ssize_t *sys_call_table = (ssize_t *)0xc0026e04;
asmlinkage ssize_t (*orig_open)(const char *pathname, int flags);
asmlinkage ssize_t hacked_open(const char *pathname, int flags)
{
printk(KERN_INFO "SYS_OPEN called : %s\n", pathname);
return orig_open(pathname, flags);
}
int init_module(void)
{
orig_open = sys_call_table[__NR_open]; /* line 33 */
sys_call_table[__NR_open] = hacked_open; /* line 34 */
return 0;
}
void cleanup_module(void)
{
sys_call_table[__NR_open] = orig_open; /* line 40 */
}
MODULE_LICENSE("GPL");
i got an warning like below
this code works fine but i want to delete warnings. how can i do?
/home/tester/tools/lkm/a.c: In function 'init_module':
/home/tester/tools/lkm/a.c:33: warning: assignment makes integer from pointer without a cast
/home/tester/tools/lkm/a.c:34: warning: assignment makes integer from pointer without a cast
/home/tester/tools/lkm/a.c: In function 'cleanup_module':
/home/tester/tools/lkm/a.c:40: warning: assignment makes integer from pointer without a cast
If you want to silence your compiler, you have to add typecasts (even if it is often a bad idea, this is how your compiler turns it).
ssize_t *sys_call_table = (ssize_t *)0xc0026e04;
typedef ssize_t (*ftype)(const char *, int);
ftype orig_open;
ssize_t hacked_open(const char *pathname, int flags)
{
printf("SYS_OPEN called : %s\n", pathname);
return orig_open(pathname, flags);
}
int init_module(void)
{
orig_open = (ftype)sys_call_table[__NR_open];
sys_call_table[__NR_open] = (ssize_t)hacked_open;
return 0;
}
When you look at line 33 you will see the problem:
orig_open = sys_call_table[__NR_open];
You have defined sys_call_table to be a pointer to integer. That's the reason for the warning.
Same problem with the other lines. If you define sys_call_table properly, the warnings will go away.
You should at least define it as an array of pointers or pointer to pointers, because if ssize_t is only 32 bit on 64 bit system, you might truncate the 64 bit addresses to a 32 bit integer.
Related
I'm exploring the getdents64 syscall. The resulting struct linux_dirent64 is not defined by the relevant headers. Both the related question and the example in man 2 getdirents64 are declaring their own structs. Although I'm aware of Linux syscall backwards compatibility, defining the struct locally like that looks like a hack. Is there another header I need to include that has this struct linux_dirent64 defined inside?
#define _GNU_SOURCE
#include <dirent.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
struct linux_dirent64 {
ino64_t d_ino;
off64_t d_off;
unsigned short d_reclen;
unsigned char d_type;
char d_name[];
};
void test() {
char buf[1024];
const int procfs = open("/proc", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
getdents64(procfs, buf, 1024);
printf("%lu\n", ((struct linux_dirent64 *) buf)->d_ino);
close(procfs);
}
Change struct linux_dirent64 to just struct dirent64. This works with glibc 2.36. It is not necessary to include another header as #include <dirent.h> provides it with #define _GNU_SOURCE. The original code would look like the following:
#define _GNU_SOURCE
#include <dirent.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
void test() {
char buf[1024];
const int procfs = open("/proc", O_RDONLY | O_DIRECTORY | O_CLOEXEC);
getdents64(procfs, buf, 1024);
printf("%lu\n", ((struct dirent64 *) buf)->d_ino);
close(procfs);
}
I build a ebpf demo in kernel source. demo code like this:
cgroup_kern.c
#include <uapi/linux/bpf.h>
#include <uapi/linux/if_ether.h>
#include <uapi/linux/if_packet.h>
#include <uapi/linux/ip.h>
#include "bpf_helpers.h"
#include <bpf_helpers.h>
#include <linux/bpf.h>
struct bpf_map_def SEC("maps") my_map = {
.type = BPF_MAP_TYPE_ARRAY,
.key_size = sizeof(u32),
.value_size = sizeof(long),
.max_entries = 256,
};
SEC("cgroupskb/ingress/stats")
int bpf_cgroup_ingress(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
return 0;
}
cgroup_user.c
#include <stdio.h>
#include <assert.h>
#include <linux/bpf.h>
#include "libbpf.h"
#include "bpf_load.h"
#include "sock_example.h"
#include <unistd.h>
#include <arpa/inet.h>
int main(int ac, char **argv)
{
char filename[256];
FILE *f;
int i, sock;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
if (load_bpf_file(filename)) {
printf("%s", bpf_log_buf);
return 1;
}
return 0;
}
Then , I add some Makefile for my cgroup ebpf demo.
when I make ,got a warning:
/usr/src/linux-source-4.15.0/linux-source-4.15.0/samples/bpf/cgroup_kern.c:20:22: warning: implicit declaration of function 'bpf_get_socket_uid' is invalid in C99 [-Wimplicit-function-declaration]
uint32_t sock_uid = bpf_get_socket_uid(skb);
when I want to attach my ebpf demo:
invalid relo for insn[0].code 0x85
Any suggestions would be greatly appreciated.
I am guessing you retrieved bpf_helpers.h from the same kernel sources (4.15). Unfortunately, that file is missing several helper declarations in 4.15. This was fixed in 5.1 with commit f2bb538:
commit f2bb53887eb3e8f859ac7cfc09d1a3801492c009
Author: Willem de Bruijn <willemb#google.com>
Date: Wed Feb 27 11:08:06 2019 -0500
bpf: add missing entries to bpf_helpers.h
This header defines the BPF functions enumerated in uapi/linux.bpf.h
in a callable format. Expand to include all registered functions.
Signed-off-by: Willem de Bruijn <willemb#google.com>
Acked-by: Song Liu <songliubraving#fb.com>
Signed-off-by: Daniel Borkmann <daniel#iogearbox.net>
You should be able to fix the error simply by adding the proper definition to bpf_helpers.h:
static unsigned int (*bpf_get_socket_uid)(void *ctx) =
(void *) BPF_FUNC_get_socket_uid;
I am checking socket options and I got this error when I compile. I tried to google it and it looks like no one has encountered this problem before.
#include <netinet/tcp.h>
#include <stdio.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdlib.h>
static char *sock_str_flag(union val *, int);
struct sock_opts {
const char *opt_str;
int opt_level;
int opt_name;
char *(*opt_val_str)(union val *, int);
}sock_opts[] = {
{ "SO_USELOOPBACK", SOL_SOCKET, SO_USELOOPBACK, sock_str_flag } //this is the error
};
The socket option SO_USELOOPBACK is not a POSIX standard. The man page setsockopt() describes the nature of SO_USELOOPBACK in detail.
The SO_USELOOPBACK is a [Digital] standard. Text paragraphs preceded by [Digital] document features that are included in the DIGITAL UNIX software but are not currently specified by any standard that applies to the interface being described. Use these features when source code portability across multiple UNIX platforms is less important than the capabilities that the features provide.
For portability, you need to have ifdef checks.
struct sock_opts {
const char *opt_str;
int opt_level;
int opt_name;
char *(*opt_val_str)(union val *, int);
}sock_opts[] = {
/* .... */
#ifdef SO_USELOOPBACK
{"SO_USELOOPBACK", SOL_SOCKET, SO_USELOOPBACK, sock_str_flag }
#endif
/* .... */
};
Currently I'm running Ubuntu 16.04 with linux kernel version to be 4.16. I wrote a dummy program that changes its scheduler to SCHED_DEADLINE. But when I tried to compile it, it cannot find definition of structs and macros needed for SCHED_DEADLINE. Most of the code snippet was taken from here (page 24). Below is the test program:
#define _GNU_SOURCE
#include <pthread.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sched.h>
int main(int argc, char* argv[]) {
struct sched_attr attr;
attr.size = sizeof(attr);
attr.sched_policy = SCHED_DEADLINE;
attr.sched_runtime = 30000000;
attr.sched_period = 100000000;
attr.sched_deadline = attr.sched_period;
if (sched_setattr(gettid(), &attr, 0))
perror("sched_setattr()");
return 0;
}
Here's the output of the compilation:
sched_deadline.c: In function ‘main’:
sched_deadline.c:11:20: error: storage size of ‘attr’ isn’t known
struct sched_attr attr;
^
sched_deadline.c:12:21: error: invalid application of ‘sizeof’ to incomplete type ‘struct attr’
attr.size = sizeof(struct attr);
^
sched_deadline.c:13:22: error: ‘SCHED_DEADLINE’ undeclared (first use in this function)
attr.sched_policy = SCHED_DEADLINE;
My gcc version:
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)
However, the sample code posted in the official website works for me, but the sample code manually defines all the needed macros and system calls in the program. My goal was to compile the application without adding those definitions, which should already be included in the newest kernel version. I have seen various places saying that SCHED_DEADLINE is officially supported after Linux 3.14.10, and upgrading the kernel would automatically solve this issue.
Things I've tried:
Recompiling 4.16 kernel. Previously I thought I need to turn on a switch in config file, but I was not able to find it.
Look into /usr/include/linux/sched.h. Clearly the macros are defined in this header file, but somehow my compiler cannot find it.
I also looked into other posts in the community, but all those questions are for older linux (pre 3.14.10).
You need to include #include <linux/sched.h>
But for the definition of sched_setattr() and gettid(), see the link posted by #CraigEstey
The reason about that, it that glibc will not add function wrappers of linux specific syscall.
For example for gettid(), in the manual we can read this:
Note: There is no glibc wrapper for this system call; see NOTES.
Glibc does not provide a wrapper for this system call; call it using
syscall(2).
The thread ID returned by this call is not the same thing as a POSIX thread ID
Have a look at this article: https://lwn.net/Articles/711058/
#define _GNU_SOURCE
#include <stdint.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sched.h>
#include <linux/sched.h>
#include <sys/types.h>
struct sched_attr {
uint32_t size;
uint32_t sched_policy;
uint64_t sched_flags;
/* SCHED_NORMAL, SCHED_BATCH */
int32_t sched_nice;
/* SCHED_FIFO, SCHED_RR */
uint32_t sched_priority;
/* SCHED_DEADLINE (nsec) */
uint64_t sched_runtime;
uint64_t sched_deadline;
uint64_t sched_period;
};
int sched_setattr(pid_t pid, const struct sched_attr *attr, unsigned int flags)
{
return syscall(__NR_sched_setattr, pid, attr, flags);
}
int main(int argc, char* argv[]) {
struct sched_attr attr = {
.size = sizeof(attr),
.sched_policy = SCHED_DEADLINE,
.sched_runtime = 30000000,
.sched_period = 100000000,
.sched_deadline = 100000000
};
pid_t tid = syscall(SYS_gettid);
if (sched_setattr(tid, &attr, 0))
perror("sched_setattr()");
return 0;
}
Or a more shorter code, without the redefinition of struct sched_attr
#define _GNU_SOURCE
#include <stdint.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/sched/types.h>
#include <linux/sched.h>
#include <sys/types.h>
int sched_setattr(pid_t pid, const struct sched_attr *attr, unsigned int flags)
{
return syscall(__NR_sched_setattr, pid, attr, flags);
}
int main(int argc, char* argv[]) {
struct sched_attr attr = {
.size = sizeof(attr),
.sched_policy = SCHED_DEADLINE,
.sched_runtime = 30000000,
.sched_period = 100000000,
.sched_deadline = 100000000
};
pid_t tid = syscall(SYS_gettid);
if (sched_setattr(tid, &attr, 0))
perror("sched_setattr()");
return 0;
}
But this needs to be executed as root, otherwise I got sched_setattr(): Operation not permitted
Or the application needs to have the right linux capabilities.
Hi there i am having problem with psched_time_t defined in the struct below it gives the identifier expected error of which I thought that error happens when the corresponding header file is not included and I did include it which is #include and in this file psched_time_t is declared. so what am I doing wrong? please help
#ifndef __NET_SCHED_GENERIC_H
#define __NET_SCHED_GENERIC_H
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/module.h>
#include <linux/pkt_sched.h>
#include <linux/pkt_cls.h>
#include <net/gen_stats.h>
#include <net/rtnetlink.h>
struct agg_queue {
__be32 dest;
__u32 currSize;
__u32 maxSize;
psched_time_t timestamp; //this is where the error is
struct agg_queue *next;
struct sk_buff_head skb_head;
};
The file below is net/pkt_sched.h which is where psched_time_t is defined:
#ifndef __NET_PKT_SCHED_H
#define __NET_PKT_SCHED_H
#include <linux/jiffies.h>
#include <linux/ktime.h>
#include <net/sch_generic.h>
struct qdisc_walker {
int stop;
int skip;
int count;
int (*fn)(struct Qdisc *, unsigned long cl, struct qdisc_walker *);
};
#define QDISC_ALIGNTO 64
#define QDISC_ALIGN(len) (((len) + QDISC_ALIGNTO-1) & ~(QDISC_ALIGNTO-1))
static inline void *qdisc_priv(struct Qdisc *q)
{
return (char *) q + QDISC_ALIGN(sizeof(struct Qdisc));
}
typedef u64 psched_time_t;
typedef long psched_tdiff_t;
/* Avoid doing 64 bit divide */
#define PSCHED_SHIFT 6
#define PSCHED_TICKS2NS(x) ((s64)(x) << PSCHED_SHIFT)
#define PSCHED_NS2TICKS(x) ((x) >> PSCHED_SHIFT)
#define PSCHED_TICKS_PER_SEC PSCHED_NS2TICKS(NSEC_PER_SEC)
#define PSCHED_PASTPERFECT 0
static inline psched_time_t psched_get_time(void)
{
return PSCHED_NS2TICKS(ktime_to_ns(ktime_get()));
}
I see a few #ifdefs/#ifndefs but no #endif anywhere. As you know, each of the former requires one of the latter. Add #endifs where they are needed and you'll get further along.
EDIT: The problem is not psched_time_t but, as the error message says, something before that line. So where is maxSize defined?