UP | HOME
../../ | NoSlides

Linux SysCalls: Add/ Del/ Freeze

Table of Contents

1 Lectures

  1. I typically plan to give a week of lectures on this topic.
  2. Lecture #1 ./syscall-intro.html; ./read-syscall.html
  3. Lecture #2 Section below: New Linux System Call Design
  4. Lecture #3 Section below: Linux SysCalls Add/ Del/ Freeze. Lab overview.
  5. Lecture #4 Example Kernels for NFS and FTP Servers

2 Prerequisites

  1. ./syscall-intro.html Often covered in CEG 4350 OS Internals and Design.
  2. ./read-syscall.html Anatomy of a System Call: read() SysCall Internals. As an example. From Linux source code tree.

3 Design of New Linux System Calls

  1. For reasons of compatibility with legacy, we cannot mess with the existing syscalls; but, we can (safely) add new ones.
  2. Adding or deleting system calls in production deployed systems is risky. But, like in other software systems, what an OS should provide also changes over the years. Particularly because of security. So we must also learn the design and implementation of new system calls.

3.1 Purpose of a SysCall

  1. The syscall should have exactly one coherant purpose. What will it do? What are its pre- and post-conditions? Write its man page before proceeding to design the code.
  2. What are the new system call's arguments, return value, and error codes? The system call should have a clean and simple interface with the smallest number of arguments possible. The semantics and behavior of a system call are important; they must not change, because existing applications will come to rely on them.

3.2 Example of What Not To Do

Multiplexing syscalls (a single system call that does wildly different things depending on a flag argument) is not a good thing. Look at ioctl() of Linux as an example of what not to do.

3.3 Design for Stability of Interface

  1. Designing the interface with an eye toward the future is important. Are you needlessly limiting the function? Design the system call to be as general as possible. Do not assume its use today will be the same as its use tomorrow. The purpose of the system call will remain constant but its uses may change. Is the system call portable? Do not make assumptions about an architecture's word size or endianness. Make sure you are not making poor assumptions that will break the system call in the future. Remember the Unix motto: "provide mechanism, not policy."

4 Linux SysCalls Add/ Del/ Freeze

4.1 SysCall Table Idea

  1. What is a Table of Pointers to Functions? If f(…) { …} is a C function, then f, without parentheses, is the address (pointer) of function f. Any address can be cast to void *.
  2. Invariant Assertion: All pointers in the SysCall Table are valid pointers to syscall functions. The index is known as the syscall number.
  3. All the syscall functions have the same prototype signatures.
  4. To add a syscall:
    1. Write the code for the new system call.
    2. Add the pointer to this function into the table.
  5. Delete: delete the pointer [set it to the address of no-op()]

4.2 Examples of New SysCalls

  1. Encrypt a file
  2. Decrypt a file
  3. Freeze a few syscalls.
  4. ./sysCallRedir Example with src code

4.3 Del/ Freeze

  1. Deleting SysCalls. In the syscall table, set the syscalltable[nrdel] = syscalltable[not-implemented];
  2. Freezing SysCalls. In the syscall table, save the syscalltable[nrdel] value, and then set the syscalltable[nrdel] = syscalltable[not-implemented];
  3. Unfreezing the syscall restores the saved value.

5 References

  1. http://en.wikipedia.org/wiki/System_call Required Reading.
  2. Robert Love, Linux Kernel Development, 3rd Edition, Addison Wesley, 2010, 460++ pp, http://www.makelinux.net/books/lkd2/ch05lev1sec4 Note the date. Reference.
  3. https://linux-kernel-labs.github.io/master/labs/kernel_api.html 2017? "Kernel API: Familiarize yourself with the basic Linux kernel API; Description of memory allocation mechanisms; Description of locking mechanisms." Recommended Reading.
  4. David Drysdale, Anatomy of a System Call. http://lwn.net/Articles/604406/ Appeared in three parts in 2014. Recommended Reading
  5. http://kernelnewbies.org/ Begin here if you wish to learn kernel devlopment beyond this class room article. Recommended Visit.

5.1 Further References

  1. Sowgandh S. Gadi, {\sl Security Hardened Kernels for Linux Servers}, WSU MS Thesis, April 2004. Advisor: Prabhaker Mateti. {Kernels aimed at NFS, FTP and other servers hardened with freezing syscalls.} Reference.
  2. Asish Sahadevan, "Security Improvements to the Android Kernel", MTech Thesis, 70pp, Amrita Vishwa Vidyapeetham, Ettimadai, TN, India, Advisor: Prabhaker Mateti, Jul 2015. Implements Add/ Delete/ Freeze of syscalls. Reference.
  3. https://linux-kernel-labs.github.io/master/ Linux Kernel Teaching, 201x. This is a collection of lectures and labs Linux kernel topics. Reference.
  4. http://learnlinuxconcepts.blogspot.com/2014/03/memory-layout-of-userspace-c-program.html Memory Layout of Kernel and UserSpace in Linux. Reference.

6 References

  1. Prabhaker Mateti, Lecture Notes and Videos on System Call Setup in Linux, 2018.
  2. Asish Sahadevan, "Security Improvements to the Android Kernel", MTech Thesis, 70pp, Jul 2015, Amrita Vishwa Vidyapeetham, Ettimadai, TN, India, Advisor: Prabhaker Mateti, WSU. Implements Add/ Delete/ Freeze of syscalls. Reference.
  3. https://pdos.csail.mit.edu/6.828/2017/labs/lab3/ "In this lab you will implement the basic kernel facilities required to get a protected user-mode environment (i.e., "process") running." Recommended Reading.
  4. https://compas.cs.stonybrook.edu/~nhonarmand/courses/sp17/cse506/labs.html Spring 2017 :: CSE 506 - Operating Systems. "A crucial component of the course is the labs." Recommended Reading.
  5. https://github.com/auca/com.341/tree/master/Practice 2 AUCA == American University of Central Asia; "In this task you need to add implementation of two system calls to the Linux kernel. This will allow a small task information utility to run in the user space querying information directly from the kernel without parsing output from the proc file system." Recommended Reading.
  6. http://www.quora.com/How-can-I-hook-system-calls-in-Linux The syscall table is Read-Only from kernel 2.6.24 onward. Enable RW using set_memory_rw() (and then enabling it RO before exiting using set_memory_ro()). https://elixir.bootlin.com/linux/latest/ident/set_memory_rw Recommended Reading

7 End


Copyright © 2018 www.wright.edu/~pmateti • 2018-11-05