From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: ** X-Spam-Status: No, score=2.7 required=3.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4443FC54FCB for ; Thu, 23 Apr 2020 19:54:46 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EFBBE20728 for ; Thu, 23 Apr 2020 19:54:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aGGvjv5h" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EFBBE20728 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.92.3) (envelope-from ) id 1jRhvD-00035A-OU; Thu, 23 Apr 2020 15:54:07 -0400 Received: from mail-qt1-x82d.google.com ([2607:f8b0:4864:20::82d]) by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) (envelope-from ) id 1jRhvB-000354-8B for kernelnewbies@kernelnewbies.org; Thu, 23 Apr 2020 15:54:05 -0400 Received: by mail-qt1-x82d.google.com with SMTP id v26so386565qto.0 for ; Thu, 23 Apr 2020 12:54:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=R305D9t6V8/WAOckiHgt0CuBavbJMRy2SlgLe8Ldcq4=; b=aGGvjv5hukHLHhc4UL8U3kUfCIQb+5YZpUx67qGTg8Q7xEoxJMu6sNsEjsBYIwdMMP CcL64IY05sES23pQG1Zi/3+m7VkPHdZEFlsX/xdVlgPbwagEUIYE1gvOR4vcy/+xU+Wt R5LJ54ywIqgWoygDr/PWw09llU0VTNPyEgu/rjMxbdSMr7flHUrE2JN2MKrsEe0nZosl isxAN8oUhhzjdHQyUIfQWv8KYWwcYAC9OzM8pkOpEDdP17jBiyb5O2QBL55UlMowcQy7 c6SIwb/EieOok7/9jkGsXadCYi84AQ33kBTuCQe1MXHqLehVmktwHIS2srFxUby27VAR mR9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=R305D9t6V8/WAOckiHgt0CuBavbJMRy2SlgLe8Ldcq4=; b=mphimBUgT7s/FoMycZctXOva+MPJ7Nopwf9L6BeABeTxkIdD9Rr7Ct0S9YWjkW9Yjj UJZ8iOoAxomvSw034qKQRflO70kKwW8Y9vSjX0HqaL03V8/uc324H0wk6TmNieSbYvT8 /gTSdC6zap8EHrrtqMa1lZpA6SdPJ9JIdzwxCJnHUVnBwo9/ABQJfge++q0DGJgG90BF jhDaMZMKNGoLyP4ODTk2RDMWZ4X1ma0luClq4lSUEbRmS69tKR+aUIIG1FJDr1X9xX69 MoRaJz3A1bZKdrPr6n1qMmFzIRZh6lD3bE6odkEBp7p8M1WCowCJYBZO3+lihF/5DwAh coiw== X-Gm-Message-State: AGi0PubordxWgx6Qf4FnwVJ/Ioe7YhXielfg5dHcOPENM8kaKUIHebxE Q/pqZ4B5hQTMUYYkaSAFkh/vjwSEkV/BveBdNzH/Zjh7 X-Google-Smtp-Source: APiQypLzgNGAfQUjp/gHjezJuiJ462Nhs+foaOSpMwLsgM5MA0oMVmB3zIbhUsJNBf7sx0WZvOOxpgx6sQ9rE9TWidU= X-Received: by 2002:ac8:1757:: with SMTP id u23mr5888949qtk.138.1587671642090; Thu, 23 Apr 2020 12:54:02 -0700 (PDT) MIME-Version: 1.0 From: hemanth nandish Date: Fri, 24 Apr 2020 01:23:45 +0530 Message-ID: Subject: Invoke binary from kernel space To: kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2197246668123169777==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============2197246668123169777== Content-Type: multipart/alternative; boundary="0000000000003f31f605a3fa9c46" --0000000000003f31f605a3fa9c46 Content-Type: text/plain; charset="UTF-8" Hello, I came across the function: call_usermodehelper This can be used to invoke exec a binary from the kernel space. It ultimately calls: call_usermodehelper_exec_async Which internally does: retval = do_execve ( getname_kernel ( sub_info->path ),(const char __user *const __user *)sub_info->argv ,(const char __user *const __user *)sub_info->envp ); This function works as expected and a new thread is spawned. Now when I try to directly call do_execve within my module by passing the required arguments, I am getting -EFAULT error. This is happening in this function: count(argv, MAX_ARG_STRINGS) What am I missing here? Thank you Hemanth --0000000000003f31f605a3fa9c46 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

I cam= e across the function:=C2=A0call_usermode= helper=C2=A0
This can be used to invoke exec a binary from the kernel space.
It ultimately calls:=
call_usermodehelper_exec_async=C2=A0
Which internally does:=C2=A0
retval=C2=A0=3D=C2=A0do_execve(g= etname_kernel(sub_info->path),(const= char __user <= /span>*const<= span style=3D"font-family:"ubuntu mono",monospace;font-size:0.9em= "> __user *)sub_info-= >argv,(const char __user *const __user= *= )sub_info->envp);





--0000000000003f31f605a3fa9c46-- --===============2197246668123169777== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============2197246668123169777==--