Skip to content

Commit

Permalink
syscall_steal: rename sys_call_table to fix compile error
Browse files Browse the repository at this point in the history
sys_call_table is already declared in arch/x86/include/asm/syscall.h but of
cource not exported by the kernel.
before this commit, gcc complains as follows:
/usr/src/linux-headers-6.1.0-16-common/arch/x86/include/asm/syscall.h:21:29:
note: previous declaration of 'sys_call_table' with type 'long int (*
const[])(const struct pt_regs *)'
   21 | extern const sys_call_ptr_t sys_call_table[];
  • Loading branch information
keytouch committed Dec 22, 2023
1 parent a60e84a commit f2ad878
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions examples/syscall_steal.c
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ module_param(sym, ulong, 0644);

#endif /* Version < v5.7 */

static unsigned long **sys_call_table;
static unsigned long **sys_call_table_stolen;

/* UID we want to spy on - will be filled from the command line. */
static uid_t uid = -1;
Expand Down Expand Up @@ -208,16 +208,16 @@ static void disable_write_protection(void)

static int __init syscall_steal_start(void)
{
if (!(sys_call_table = acquire_sys_call_table()))
if (!(sys_call_table_stolen = acquire_sys_call_table()))
return -1;

disable_write_protection();

/* keep track of the original open function */
original_call = (void *)sys_call_table[__NR_openat];
original_call = (void *)sys_call_table_stolen[__NR_openat];

/* use our openat function instead */
sys_call_table[__NR_openat] = (unsigned long *)our_sys_openat;
sys_call_table_stolen[__NR_openat] = (unsigned long *)our_sys_openat;

enable_write_protection();

Expand All @@ -228,19 +228,19 @@ static int __init syscall_steal_start(void)

static void __exit syscall_steal_end(void)
{
if (!sys_call_table)
if (!sys_call_table_stolen)
return;

/* Return the system call back to normal */
if (sys_call_table[__NR_openat] != (unsigned long *)our_sys_openat) {
if (sys_call_table_stolen[__NR_openat] != (unsigned long *)our_sys_openat) {
pr_alert("Somebody else also played with the ");
pr_alert("open system call\n");
pr_alert("The system may be left in ");
pr_alert("an unstable state.\n");
}

disable_write_protection();
sys_call_table[__NR_openat] = (unsigned long *)original_call;
sys_call_table_stolen[__NR_openat] = (unsigned long *)original_call;
enable_write_protection();

msleep(2000);
Expand Down

0 comments on commit f2ad878

Please sign in to comment.