1

I am trying to program a kernel module that copy the elf of the process that called the module using ioctl to a buffer in the module.

So far i managed to get the location of the elf in the memory by using /proc/pid/exe but i need the size of the file in order to copy it to kernel space.

I also have access to the elf header of the mentioned file but i could figure a way to calculate the size using the information from the header.

Since i can't use functions like stat is there a way to calculate the mentioned file size when programming in kernel space?

The unique part of my question that i need to calculate it under the constraints that kernel programming impose such is the inability to use system calls such as stat

omer12433
  • 199
  • 1
  • 17
  • Possible duplicate of [How can I find the size of a ELF file/image with Header information?](http://stackoverflow.com/questions/2995347/how-can-i-find-the-size-of-a-elf-file-image-with-header-information) – Alex Hoppus Sep 30 '15 at 19:44
  • @AlexHoppus that might be but i ask similar question but under the constraints that kernel programming impose such as i can't use any system calls – omer12433 Sep 30 '15 at 19:52
  • I've only dabbled at kernel programming, but this raises a lot red flags to me. Are you actually reading the `/proc` filesystem? That's strange. Copying arbitrary user data into kernel memory sounds dangerous. It could be a LOT of data, could be a resource limit pain point; it introduces large amounts of random code into kernel space; copying could involve huge amounts of page faults and disk I/O -- how would that work if you're in the middle of servicing a system call? What if there are I/O errors? You could hang in kernel mode, leaving an unkillable process. – John Kugelman Sep 30 '15 at 20:02
  • You might be better advised to use memory mapping rather than straight copying data. But then, any sort of file I/O is highly frowned upon in kernel mode. Highly. What are you doing anyways? – John Kugelman Sep 30 '15 at 20:03
  • @JohnKugelman i know using file i/o in the kernel is frowned upon i am just doing a little excercise because i am new in the field of kernel progarmming ,i am copying the elf file from /proc/pid/exe of the process that called the module and store it in page size buffers and execute that elf from kernel space – omer12433 Sep 30 '15 at 20:12
  • "execute that elf from kernel space". How do you expect to execute user code from within kernel space? Or do you mean you are trying to start a user process that executes a binary? If it is the latter, you may just want to inspect the existing Linux kernel code that does exactly this already. You'll learn exactly what needs to be done including parsing the ELF headers. See [here](http://stackoverflow.com/questions/8352535/how-does-kernel-get-an-executable-binary-file-running-under-linux) to get started. – kaylum Sep 30 '15 at 20:24
  • @AlanAu i actually mean the former,at least it is the ultimate goal of the exercise after i read the elf i wanted to find the address of a certain function(using the function table) and i guess call it using inline asm,but whether it is possible or not it yet to be seen until i can't solve the problem i asked here – omer12433 Sep 30 '15 at 20:30
  • Good luck with that. There's more to executing code than just getting the instructions (e.g. you probably need to do relocation). For your specific problem again, just look at existing kernel code which [loads an exec file](http://lxr.free-electrons.com/source/fs/exec.c#L1478) and then [processes the elf binary](http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L664) – kaylum Sep 30 '15 at 20:46
  • no. executing user code in kernel mode is not feasible, even printing hello world. a user program establishes a ram environment for the program to be executed. if you run those code in kernel mode, your ram will be mash potato. – Jason Hu Oct 01 '15 at 13:03
  • @HuStmpHrrr can you be more specific why is isn't feasible given that i have the asm instructions from the elf? i try to do this because of an assignment i got – omer12433 Oct 01 '15 at 15:00
  • 1
    @omer12433 for example, kernel space can't do(or is not very good at) floating point calculation, and i don't think there is rt loader that will load any shared objects etc. too many reasons. i don't think it's gonna work. i guess your homework really means to write a loader or something. otherwise it just make poor sense. unless your program is pure cpu integer computation, then you may dig out that part only and give a shot. but there is no hope to execute the whole elf in general. for details, you need to know elf, loader, linker and some os. – Jason Hu Oct 01 '15 at 17:32
  • @HuStmpHrrr ok i will ask the instructor what he meant specifically but can you help me how can i calculate the size of the elf file i try to copy? – omer12433 Oct 01 '15 at 18:05
  • @omer12433 honestly i don't know. i don't even know how to operate on files in kernel, since, as people said, it's frowned. in terms of elf, you can get as much as info you want as long as you decode the file. check the link above Alan Au provided. – Jason Hu Oct 01 '15 at 19:39

0 Answers0