system call hook triggers kernel panic
Yi Li
adamliyi at msn.com
Thu Oct 17 21:33:35 AEDT 2019
> On Oct 17, 2019, at 12:29 PM, Oliver O'Halloran <oohall at gmail.com> wrote:
>
>
> The ABI (v1 and v2) uses r2 as a pointer to the "table of contents"
> which is used to look up the addresses of global symbols. TOCs are
> specific to the current unit of execution and the vmlinux and each
> module has its own TOC. From the dump it looks like the r2 is pointing
> into the vmalloc area where modules are loaded so odds are the crash
> is because the TOC isn't being restored when we return from the
> patched function. One of the many reasons why you really shouldn't
> hook the syscall table ;)
>
> The vmlinux's TOC is saved somewhere in the PACA (legacy ppc specific
> per-cpu thing) so you could restore it with some inline asm before
> returning from your hook. Have a look at what we to load r2 in the
> system call entry path.
>
Thanks for the insight!
I tried to restore 'r2' before return from the system call, there is no kernel panic:
"
static asmlinkage long umount_hook(char __user *name, int flags)
{
char *dir_name;
long ret;
dir_name = strndup_user(name, 512);
printk(KERN_NOTICE "umount %s 0x%x\n", dir_name, flags);
kfree(dir_name);
ret = orig_umount(name, flags);
printk("umount2 returned %ld\n", ret);
// PACATOC offsetof(struct paca_struct, kernel_toc)
// asm volatile("ld 2,PACATOC(13)");
asm volatile("ld 2, 16(13)");
return ret;
}
"
More information about the Linuxppc-dev
mailing list