System call interposition/unprotecting the table

From: hinoue
Date: Mon Aug 13 2007 - 18:58:55 EST


I have a question about changing the page attributes of the
system call table.

I am writing a kernel module that does some system call interposition.
This works fine on my debian system, but apparently the stock Fedora
kernel (2.6.22) has the system call table write protected. So I would like
the module to add write permissions to the system call table before
it modifies it.

This is the code in my init_module that is problematic:

// Storing the original call
orig_kill = sys_call_table[__NR_kill];

// Change to write
pg = virt_to_page(sys_call_table);
change_page_attr(pg, 1, PAGE_KERNEL);
global_flush_tlb();

// Test write, should change nothing, but oopses instead
sys_call_table[__NR_kill] = (void*)orig_kill;

I imagine that I'm doing something obviously wrong; I've only been looking
at kernel code for a couple weeks. Can someone please explain what my
error is?

-Hajime Inoue
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/