Hook functions for Linux filesystem

linux linux-kernel filesystems hook
10,391

Solution 1

Use Linux Security Modules. These are loadable kernel modules, that provide hooks to mediate accesses to various internal objects in the kernel. You can use the hook to filesystem, or inodes as per your requirement. A god place to start is to read Greg Kroah Hartman's paper on LSM. Then you can visit this link, where it is shown along with an example how to make use of LSM hooks. The example is to mediate access to the system only when a particular USB is inserted, and is a good reference point on how to start with LSM hooks.

Solution 2

Well, it's interesting question.

Unfortunately, even LSM doesn't help here. As a possible solution I'll recommend use address_space_operations tables and hook writepage function. For example, look at ext3_writeback_aops:

1984 static const struct address_space_operations ext3_writeback_aops = {
1985         .readpage               = ext3_readpage,
1986         .readpages              = ext3_readpages,
1987         .writepage              = ext3_writeback_writepage,
1988         .write_begin            = ext3_write_begin,
1989         .write_end              = ext3_writeback_write_end,
1990         .bmap                   = ext3_bmap,
1991         .invalidatepage         = ext3_invalidatepage,
1992         .releasepage            = ext3_releasepage,
1993         .direct_IO              = ext3_direct_IO,
1994         .migratepage            = buffer_migrate_page,
1995         .is_partially_uptodate  = block_is_partially_uptodate,
1996         .error_remove_page      = generic_error_remove_page,
1997 };

So, in case of ext3 filesystem we need to find this struct in memory and replace the writepage pointer to point to our_writepage wrapper. Note also that this table is in read-only memory and you need to handle it correctly.

EDIT:

With LSM it is possible to hook on inode open operation and replace inode->i_mapping->a_ops inplace.

Share:
10,391
thanhtv
Author by

thanhtv

Updated on June 04, 2022

Comments

  • thanhtv
    thanhtv almost 2 years

    I want to do something before writing data into hard disk. I don't known any solutions. To avoid editing kernel source code, is there any locations that I can use hook function as a loadable module?

    UPDATE: Thanks all, LSM is good for API hooks. But I want to find other solution that provides mechanism hook read/write block of data. It can avoid re-encrypting all file after updating file.

    I think there is something that I can modify between filesystem (ext2, ext3,...) and buffer cache.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ext3/ext4 physical block size view
What are the performance implications for millions of files in a modern file system?
Maximum number of files in one ext3 directory while still getting acceptable performance?
Linux file system corruption due to improper shutdown (fs ext4)?
Do tmpfs and devtmpfs share the same memory region?
Can anyone explain the output of mount?
how to totally clear the filesytem's cache on linux?
how to set alias for the folder in Linux
Difference between reading from /dev/block/mmcblk0 and /dev/block/mmcblk0p1
Where are inodes stored at?