For x86 architecture, the system call table cannot be used to invoke
a system call after commit 1e3ad78 since v6.9. This commit has been
backported to long term stable kernels, like v5.15.154+, v6.1.85+,
v6.6.26+ and v6.8.5+[1]. In this case, thanks to Kprobes, a hook can be
used instead on the system call entry to intercept the system call.
[1] https://stackoverflow.com/a/78607015
Co-authored-by: Hao Dong <hao.dong.work@outlook.com>
Add sudo to commands in Chapter 8 for example module interaction.
The "myvariables" in the module are set with 0660 permissions
via __ATTR(), preventing direct user access.
Options to fix this:
1. Instruct users to use 'sudo' to read/write files.
2. Relax the permission settings to 0666.
This commit adopts the sudo method to maintain security constraints.
7.4 The seq_file is missing the behavior that occurs when it
directly returns NULL after the start step.
Also, in the flowchart, the first decision where `return is NULL`
is `Yes` points to nothing, which is not defined in ISO 5807.
ISO 5807 section 10.3.1.2 states logic path of a decision,
"Each exit from a symbol be accompanied by the appropriate
condition values to show the logic path which it represents,
so that the conditions and the associated references are identified."
The behavior of pointing to nothing does not have associated
references and does not indicate the relation of this logic path.
Refs:
1. The Liunx Kernel Module Programming Guide
7.4 Manage /proc file with seq_file
2. ISO-5807-1985
Aquiring a spinlock makes the holder enter atomic context. Extra
attention is needed in atomic context. In particular, functions
that may sleep must not be used. Add this detail to the spinlock
section.
The past content in the crypto section lacks informative descriptions,
and there should be a proper procedure to demonstrate how Linux
cryptography works. Due to poor maintenance, let's drop the section.
The SA_xxx flags has been removed for years. Nowadays the kernel uses
the IRQF_xxx flags to specify IRQ behaviors. Adjust the descriptions
in the book accordingly.
In Debian, the name syscall conflicts with this patch:
in debian kernel source tree:
debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
mailing list url:
https://lore.kernel.org/lkml/1415245982.3398.53.camel@decadent.org.uk/T/#u
which introduces a parameter named syscall.x32. So change our name.
The word 'defator' is unable to be found in a lexicon. Change the word
'defator' with 'drawbacks' which should imply the negative meaning intended
in the sentence.
Two struct completion(s) are encapsulated within another 'struct machine'.
Simplify the code by removing the outer struct and let the struct
completion(s) be self-standing.
Update description in tex to match code.
This patch introduces static key technique and adds a kernel module
to demostrate how to use static key to optimize an almost unlikely
branch, the module can interact with userspace thru a character device.
Signed-off-by: Peter Lin <peterlin@qilai.dev>
Since the commit b8780c363d80 ("sched: remove sleep_on() and friends
"), the description about sleep_on is incorrect and the example code has
been fixed by replacing it with wait_event family. Let's also fix the
description to match the corrected code.
Since sys_open is deprecated and some architectures don't support it.
We switch the implementation to sys_openat.
Moreover, in some architectures like x86-64, the prototype of syscall,
for example, openat(), might have been changed to struct pt_regs [1]
but we cannot promise that so support the two types
(sys_openat and pt_regs).
Also, to prevent other untraced tasks print out the information, add
the uid checking in our_sys_openat().
[1] https://lore.kernel.org/lkml/20180405095307.3730-1-linux@dominikbrodowski.net/Close#159
It failed silently when crypto_alloc_tfm() failed, so add an error
message to inform the developer to enable sha256 algorithm support.
Signed-off-by: Yu Chien Peter Lin <peterlin.tw@pm.me>
