[okl4-developer] the return address from wombat linux system call
Geoffrey Lee
glee at ok-labs.com
Thu Nov 6 19:05:19 EST 2008
On Thu, Nov 06, 2008 at 04:19:26PM +0900, 최수길 wrote:
> Hello
>
> I am trying to implement system call hooking in wombat linux.
>
> I want to do some security check before allowing normal system call processing.
>
> I found out that the function syscall_loop() in arch/l4/kernel/main.c is the right place to add the security check mechanism.
>
> One of the information I need to know is the address of instruction which will be executed after returning from system call processing.
>
> In ARM architecture, the return address is stored in lr(link register).
The lr register is the register for returning from a function call.
Here you are returning from a software interrupt via the swi
instruction. The exception protocol of L4 has a field for the
program counter in the reply message, which specifies the address
to start executing at when the thread is restarted. For Linux,
you'll most likely find it is the instruction after the swi instruction.
-gl
>
> But, in case of L4, the lr doesn't seem to hvae the value of return address.
>
> Can anyone help me to identify the return address? (the return address in the process' own address space)
>
> Regards,
>
> SuGil
> _______________________________________________
> Developer mailing list
> Developer at okl4.org
> https://lists.okl4.org/mailman/listinfo/developer
--
More information about the Developer
mailing list