Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add module to hijack ubifs follow_link function.
- Loading branch information
1 parent
375af33
commit ea018e2
Showing
2 changed files
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
ifneq ($(KERNELRELEASE),) | ||
ifneq ($(KERNELRELEASE),2.6.34.10_sd5115v100_wr4.3) | ||
$(error "KERNELRELEASE" must be "2.6.34.10_sd5115v100_wr4.3") | ||
endif | ||
obj-m := hijack.o | ||
else | ||
ifeq ($(CROSS_COMPILE),) | ||
$(error Set CROSS_COMPILE env first) | ||
endif | ||
ifeq ($(KERNEL_DIR),) | ||
$(error Set KERNEL_DIR env first) | ||
endif | ||
|
||
PWD := $(shell pwd) | ||
|
||
hijack: | ||
$(MAKE) ARCH=arm -C $(KERNEL_DIR) M=$(PWD) | ||
endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
#define DRV_NAME "hijack" | ||
#define DRV_VERSION "0.1" | ||
#define DRV_DESCRIPTION "Hijack ubifs follow_link." | ||
#define DRV_COPYRIGHT "leexiaolan@gmail.com" | ||
|
||
//#include <asm/cacheflush.h> | ||
#include <linux/fs.h> | ||
#include <linux/kallsyms.h> | ||
#include <linux/module.h> | ||
#include <linux/namei.h> | ||
#include <linux/vermagic.h> | ||
|
||
#if 7 != __LINUX_ARM_ARCH__ | ||
# error CPU Must be ARMv7. | ||
#endif | ||
#ifndef CONFIG_SMP | ||
# error Must enable SMP. | ||
#endif | ||
|
||
|
||
#define HIJACK_PATH "/dev/mtd2ro" | ||
#define HIJACK_SYMBOL_NAME "ubifs_symlink_inode_operations" | ||
|
||
typedef void* (*FollowLinkProc)(struct dentry*, struct nameidata*); | ||
static FollowLinkProc followLink; | ||
|
||
static void* hookedFollowLink(struct dentry* dentry, struct nameidata* nd){ | ||
followLink(dentry, nd); | ||
printk(KERN_ERR DRV_NAME ": symbol link %s.\n", nd_get_link(nd)); | ||
if(strcmp(nd_get_link(nd), HIJACK_PATH)){ | ||
return NULL; | ||
}else{ | ||
printk(KERN_ERR DRV_NAME ": oops!\n"); | ||
return (void*)-ENOENT; | ||
} | ||
} | ||
|
||
static int hook(void* value){ | ||
struct inode_operations* ops = (struct inode_operations*)kallsyms_lookup_name(HIJACK_SYMBOL_NAME); | ||
if(NULL == ops){ | ||
printk(KERN_ERR DRV_NAME ": can not find " HIJACK_SYMBOL_NAME ".\n"); | ||
return ENOENT; | ||
} | ||
followLink = ops->follow_link; | ||
printk(KERN_ERR DRV_NAME ": follow_link = %p\n", followLink); | ||
if(NULL != followLink){ | ||
ops->follow_link = value; | ||
//clean_dcache_area(&ops->follow_link, 4); | ||
//__asm__ __volatile__ ("dsb" : : : "memory"); | ||
printk(KERN_ERR DRV_NAME ": good luck %p!\n", value); | ||
return 0; | ||
} | ||
return ENOENT; | ||
} | ||
|
||
static int __init hijackInit(void) | ||
{ | ||
printk(KERN_ERR DRV_NAME ": loading...\n"); | ||
return hook(&hookedFollowLink); | ||
} | ||
module_init(hijackInit); | ||
|
||
static void hijackCleanup(void) | ||
{ | ||
hook(followLink); | ||
} | ||
module_exit(hijackCleanup); | ||
|
||
MODULE_DESCRIPTION(DRV_DESCRIPTION); | ||
MODULE_AUTHOR(DRV_COPYRIGHT); | ||
MODULE_LICENSE("GPL"); |