To elaborate on the module:
These things were tried on Redhat Linux 7 , KDE desktop
kernel 2.4.6
1.
Instead of implementing a device driver using a kernel module, i have tried to implement a simple code as a module.
This code has the functionality as:
It reads data from a file and collects it in the data structures declared in ".h" file.
2.
I also have data structures to store process id, process name and instances and then compare the data with data read from file.
I also have data structures to store process id, process name and instances and then compare the data with data read from file.
I have not defined or used data structures used by a device driver such as struct file_operations, struct task_struct etc.
I have used system calls such as read, open to deal with files.
kmalloc - to allocate kernel memory, printk - to log messages.
3.
The module is a kind of simple spy program which gets the process id, process name and if more than one program instance is opened then i want to increment the count of pid associated with that process.
The structure of process_list in which i am storing the information is:
struct process_list
{
long pid;
struct process_details *prod;
struct process_list *link;
};
and
struct process_details
{
char pname[20];
int pid_count;
struct process_details * plink;
};
Note: if pid_count becomes 0 then i free the whole data structure related to that process.
I store the data of current process from exec system call( which i have trapped (do_execve to be more specific), by changing the pointer in sys_call_table) to my data structure.
Then i open and read my file through open() and then read() system call. open() and read() are not trapped, only exec() is trapped.
Similar structures as described above is used to put entries in the data file i read.
Then i compare the pname with pname stored in my file, if they match then that process is blocked.
My Example is xpdf, which i want to block. i.e. if someone tries to open xpdf through any means i.e. through terminal or through GUI, he should not be able to open it.
4.
I am able to block this process under the circumstances that:
i inserted the module from one terminal.
i changed to some user(not superuser), say bravetanveer.
When this process called "xpdf" was initiated from the same terminal as:
[root@localhost /root]#insmod mod.o
[root@localhost /root]#su bravetanveer
[bravetanveer@localhost /home/bravetanveer]$
[bravetanveer@localhost /home/bravetanveer]$xpdf abc.pdf
, then that process was blocked.
Note: No other user process is running except the process on terminal.
5.
I wanted to do a very simple thing using kernel modules, so only simple linked lists are used as data structures and linear searching of the linked list is done to find the match from my data structures to block a process.
6.
The problem is not with whether the process is blocked or not because it is blocked, but as the circumstances changes, the system hangs.
The changed circumstances are:
If i open another terminal >>( this invocation of new terminal is not initiated from the same prompt from which i was trying things, but it is invoked by clicking on terminal icon on my panel bar), just at this moment system hangs.
I also tried opening any other process other than a terminal, still system hangs.
------>>>I have also tried invoking different processes from the same terminal i.e. using command line example "strace ls", "ls","gedit". Here nothing goes wrong and the system functions proprely.
Is it necessary to use the functions used by a typical driver(character or block) to implement such a functionality?
I mean how should i register this module, as a character device or block device or no registration is required.
------->>>because the data structures need to be modified when a process uses this device.
At application level, we have to use shared memory with semaphores and signals for several processes to access one set of data structures.
7.
a) So one thing that comes to my mind is that are those data structures which i am using shared between invocation of multiple processes. And the answer to this is Yes, because the process is blocked.
Now the question is why it is not able to use the data structures with the invocation of different terminal.
Is it that the invocation of new terminal(not of a shell) creates whole new set of things , other that those created when a new shell is spawned from current shell?
I mean spawning a new shell from the shell on which the module was loaded is ok. But invoking a new terminal is creating a whole new tree of process, as per me?
b)
>>>>>I also don't handle any interrupts because i don't know what kind of interrupts are there when a terminal is invoked from panel bar.
c)
Is is that a race condition has occured, it seems?
8.
I wanted to do this, Just to get more knowledge about the kernel and it's functionality and understand the linux as a whole in more details by implementing few things.
I want guidance regarding this concept.
bravetanveer
