Overriding functionality with modules in Linux kernel

 

Without getting into the details of why, I'm looking for a clean (as possible) way to replace kernel functions and system calls from a loadable module. My initial idea was to write some code to override some functions, which would take the original function (perhaps, if possible, call the function), and then add some of my own code. The key is that the function that I write has to have the name of the original function, so other code, upon trying to access it, will access mine instead.

I can easily (comparatively) do this directly in the kernel by just throwing my code into the appropriate functions, but I was wondering if anyone knew a little C magic that isn't necessarily horrible kernel (or C) coding practice that could achieve the same result.

Thoughts of #defines and typedefs come to mind, but I can't quite hack it out in my head.

In short: does anyone know a way to effectively override functions in the Linux kernel (from a module)?

EDIT: Since it's been asked, I essentially want to log certain functions (creating/deleting directories, etc.) from within the kernel, but for sanity's sake, a loadable module seems to make sense, rather than having to write a big patch to the kernel code and recompile on every change. A minimal amount of added code to the kernel is okay, but I want to offload most of the work to a module.

我意识到这个问题已经有三年了,但是为了其他人试图做这种事情的好处,内核有一个名为kprobes的接口来完成你所需要的。

You probably want to hook the system calls (PDF link), which would effectively let you log user-processes calling kernel functions. If you really want to log the kernel use of kernel functions, you want to look into kernel function trace.

I'm not entirely sure I understand what you want to do, but I think that ksplice may be a good solution. It's still under development, so I don't know if it's in any sort of usable condition right now.

链接地址: http://www.djcxy.com/p/87876.html

上一篇: 在linux中退出内核线程

下一篇: 用Linux内核中的模块覆盖功能