<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.5296.0" name=GENERATOR><BASE href=HEAD>
<BODY>
<DIV id=idOWAReplyText14380 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature28149 dir=ltr><FONT face=Arial color=#000000 size=2>
<DIV></FONT><FONT face=Arial color=#000000 size=2>Hello </FONT></DIV></DIV>
<DIV dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I am attempting to run some user code with kernel space permission. I am using the ppc64 kernel version 2.6.16-rc4-3-ppc64 for IBM Power5 processors. </FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2>In this kernel module I am trying to implement a function that can be called from user space. </FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2></FONT></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2>I have found through various posts that using unused system calls and replacing them temporarily can acheive this objective. </FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2></FONT></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000>This is what I am doing, but its not working, please bear with the slightly long code that follows: </FONT></FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000></FONT></FONT></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000>1) since the 2.6 kernel does not export sys_call_table, I grep it from the boot image</FONT></FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000></FONT></FONT></FONT><FONT face=Arial><FONT size=2><FONT color=#000000></FONT></FONT></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000>2) Next I write the kernel module as : </FONT></FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial><FONT size=2><FONT color=#000000>#include <linux/kernel.h><BR>#include <linux/module.h><BR>#include <linux/sched.h><BR>#include <linux/syscalls.h><BR>unsigned long **sctable;<BR>void *org_func; /***** Copy of the original calls address ********/<BR></FONT></FONT></FONT></DIV>
<DIV dir=ltr>asmlinkage int mitesh_func(void) <BR>{ <BR> printk(KERN_ALERT "Executing mitesh_func...\n"); <BR> return 2;<BR>} <BR></DIV>
<DIV dir=ltr>int init_module(void)<BR>{<BR> unsigned long ptr;<BR> unsigned long *p;<BR> ptr = 0x23203404; /*** some hard coded addresses from grepping for sys_call_table *****/</DIV>
<DIV dir=ltr> p = (unsigned long *)ptr;<BR> sctable = (unsigned long **)p;<BR> printk("The address of the system call table is: 0x%x\n",&sctable[0]);<BR> printk("The address of syscall #137 is: 0x%x\n",sctable[137]);<BR></DIV>
<DIV dir=ltr>org_func = (void *) (sctable[137]); /**** Store the original sys call ****/<BR> printk("Original func address 0x%x stored \n",org_func);</DIV>
<DIV dir=ltr><PRE dir=ltr> sctable[137] = (void *) mitesh_func; /**** replace with mitesh_func ****/<BR></PRE></DIV>
<DIV dir=ltr>printk("The new sys call address is 0x%x and stored as : 0x%x\n",mitesh_func, sctable[137]);<BR><BR> return 0; <BR>}</DIV>
<DIV dir=ltr>void cleanup_module(void)<BR></DIV>
<DIV dir=ltr>{<BR> sctable[137] = (void *) org_func; </DIV>
<DIV dir=ltr> printk("Upon module unload the sctable #137 address is :0x%x\n",sctable[137]);<BR> printk("Module is unloaded!\n");<BR>}<BR></DIV>
<DIV dir=ltr>3) My user app looks like this:</DIV>
<DIV dir=ltr>#include <stdio.h> <BR>#include <errno.h> <BR>#include <asm-ppc64/unistd.h> <BR>#define __NR_mitesh_func 137 <BR> <BR>_syscall0(int, mitesh_func); </DIV>
<DIV dir=ltr>void main() <BR>{<BR> int x=0; <BR> x=mitesh_func(); </DIV>
<DIV dir=ltr> printf("mitesh_func returned %d\n",x);</DIV>
<DIV dir=ltr>} <BR></DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>4) I verify from the system logs that when I insmod the kernel module I get all the print statements. I verified from the logs that the address of the sys_call_table is correctly passed and from /proc/kallsysms I can see that my function mitesh_func has been defined and has the address as indicated in the logs. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>The problem is that when I execute my user app I expect to see two things: </DIV>
<DIV dir=ltr> a) I should see a message in the log "Executing mitesh_func..." and </DIV>
<DIV dir=ltr> b) A return value of 2 </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>However I get an error value <FONT color=#ff0000>-1</FONT> returned. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Any help and ideas are highly appreciated. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Thank you in advance, </DIV>
<DIV dir=ltr>Mitesh </DIV>
<DIV dir=ltr> </DIV></DIV></BODY></HTML>