我正在尝试使用ftrace_hook在linux内核模块中挂接系统调用sys_open(),但是sys_open()无效。 insmod没有给出任何错误,但是甚至没有调用函数fh_sys_open()
其他系统调用工作规范(sys_execve(),sys_copy()...)。
内核版本4.19.0-6-amd64
在其他内核版本中,此代码有效
这是一段代码
static asmlinkage long (*real_sys_open)(const char __user *filename, int flags,
umode_t mode);
static asmlinkage long fh_sys_open(const char __user *filename, int flags,
umode_t mode)
{
long ret;
char *kernel_filename;
/* Copy buffer to kernel space from user space */
kernel_filename = duplicate_filename(filename);
/* Add new event to list */
add_event(kernel_filename, &events_f);
kfree(kernel_filename);
/* Call original function */
ret = real_sys_open(filename, flags, mode);
return ret;
}
/*
* x86_64 kernels have a special naming convention for syscall entry points in newer kernels.
* That's what you end up with if an architecture has 3 (three) ABIs for system calls.
*/
#ifdef PTREGS_SYSCALL_STUBS
#define SYSCALL_NAME(name) ("__x64_" name)
#else
#define SYSCALL_NAME(name) (name)
#endif
#define HOOK(_name, _function, _original) \
{ \
.name = SYSCALL_NAME(_name), \
.function = (_function), \
.original = (_original), \
}
static struct ftrace_hook demo_hooks[] = {
HOOK("sys_open", fh_sys_open, &real_sys_open)
};