Linux kernel - add system call dynamically through module
No, sys_call_table is of fixed size:
const sys_call_ptr_t sys_call_table[__NR_syscall_max+1] = { ... The best you can do, as you probably already discovered, is to intercept existing system calls.
Zach, yes it is possible :D
Although sys_call_table is of fixed size, in some cases there may be free positions in the table
Look this links:
lxr.free-electrons.com/source/arch/x86/kernel/syscall_32.c
lxr.free-electrons.com/source/arch/x86/kernel/syscall_64.c
Firstly the Kernel fills all positions of sys_call_table with a pointer to sys_ni_syscall
At compile, the files asm/syscalls_32.h and asm/syscalls_64.h aregenerated based on the following tables:
lxr.free-electrons.com/source/arch/x86/syscalls/syscall_32.tbl
lxr.free-electrons.com/source/arch/x86/syscalls/syscall_64.tbl
With a brief look at these tables you could see that some positions will continuepointing to sys_ni_syscall, for example, positions 17, 31, 32, 35, ..., in syscall_32.tblsince they are not implemented.
Therefore, our only task is to identify these positions and "register" our new syscall.
I put something similar on my git
https://github.com/MrN0body/rsysadd
Intercepting existing system call (to have something done in the kernel) is not the right way in some cases. For eg, if your userspace drivers need to execute something in kernel, send something there, or read something from kernel?
Usually for drivers, the right way is to use ioctl() call, which is just one system call, but it can call different kernel functions or driver modules - by passing different parameters through ioctl().
The above is for user-controlled kernel code execution.
For data passing, you can use procfs, or sysfs drivers to talk to the kernel.
PS: when you intercept system call, which generally affect the entire OS, you have to worry about how to solve the problem of doing it safely: what if someone else is halfway calling the system call, and then you modify/intercept the codes?