[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: [LI] Hiding LKM's -- Beta-test
On Thu, Jan 20, 2000 at 12:12:11PM +0530, Vimal Mathew wrote:
> Hi,
>
> I patched the SGI kernel debugger into my kernel today morning and
> found the assembly equivalent of the foll. C lines
You don't need a kernel debugger to do this. Just load vmlinux into
gdb and disassemble the function.
>
> /* Initialize the module. */
> atomic_set(&mod->uc.usecount,1);
> if (mod->init && mod->init() != 0) {
> atomic_set(&mod->uc.usecount,0);
> error = -EBUSY;
> goto err0;
> }
> to be
>
> sys_init_module+0x433: movl $01,0x10(%ebx)
> sys_init_module+0x43a: movl 0x2c(%ebx),%edx
> sys_init_module+0x43d: testl %edx,%edx
> sys_init_module+0x43f: je sys_init_module+0x458
> sys_init_module+0x441: call *%edx
> sys_init_module+0x443: testl %eax,%eax
> sys_init_module+0x445: je sys_init_module+0x458
> sys_init_module+0x447: movl $0x0,0x10(%ebx)
> sys_init_module+0x44e: movl $0xfffffff0,0xffffffac(%ebp)
> sys_init_module+0x455: jmp sys_init_module+0x4be
>
> "mod" seems to be stored in %ebx for quite some time (I think from its
> first occurence in sys_init_module, even). I dont know why.
>
Here is a guess - %ebx is a callee saved register. Read the calling
convention at:
http://www.linuxdoc.org/HOWTO/Assembly-HOWTO-5.html
If you put mod in %ebx, it is guaranteed to be there even after the call.
So the instruction at sys_init_module+0x447 can use it without reloading
it.
It looks like the hack can be defeated simply by inserting a couple of
lines of dummy code in sys_init_module.
> And, about my original question, if I take my module out of the module link-
> list, will it cause any problems? Till now, my modules have only been
> replacing other system-calls (such as "getdents"). Would the kernel try
> to reuse my kernel-memory (garbage-collection?) if I dont belong to the
> module-list?
There is no such thing as garbage collection in C or UNIX kernels. At best,
you can see reference counting. But no mark and sweep style garbage
collection.
The kernel memory won't be freed unless you explicitly do it.
-Arun
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available. Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.