Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni*ae
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Career Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support
      • PhD Studies
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic Partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Foundation University
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • IBR YouTube
    • Facebook
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute of Operating Systems and Computer Networks
  • Prof. Dr.-Ing. Christian Dietrich
  • Advent(2)
  • The Endless Advent Calendar
Logo IBR
IBR Login
  • Institute of Operating Systems and Computer Networks
    • News
      • Directions
      • Floor Plan
      • Projects
      • Publications
      • Software
      • News Archive
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
      • Datasets
      • Team
      • Teaching
      • Theses & Jobs
      • Research
      • Publications
      • Courses
      • Theses
      • Projects
      • Publications
    • Microprocessor Lab
      • Winter 2025/2026
      • Summer 2025
      • Theses
      • Library
      • Mailinglists
      • Webmail
      • Knowledge Base
      • Wiki
      • Account Management
      • Services Status
    • Spin-Offs
      • Docoloc
      • bliq (formerly AIPARK)
      • Confidential Technologies
      • IST.hub
  • Task Overview
  • Git repository
  • Mailing list
  • Matrix-Channel

The Endless Advent Calendar

☃️
Git-Repository: Template Solution Solution-Diff (Solution is posted at 18:00 CET)
Workload: 61 lines of code
Important System-Calls: prctl(2), sigaction(2)
Illustration for this exercsie

It is finally done. The ELFs loaded all the gifts onto Santa's sled and waved him one last time as he disappeared, completely overloaded, into the winter clouds. A big sigh went through the whole ELF community. "Finally, the old man has gone". The bottles of mulled wine were unpacked, the feet came onto the tables faster than they counted the gifts yesterday, gingerbread was eaten, and the ELFs rolled cigars from the letters of the children. Finally done.

To prevent this story from happening again in the same way next year, the Council of the ELFs decided on that very day that the children should build their own system calls in the future. "If you give them gingerbread, they will be filled for one evening, but if you show them how to build their own system calls, they will be happy forever". Such, or such similar words and speeches were brandished there.

Syscall User Dispatch

With Linux 5.11, the kernel learned a new feature on x86: Syscall User Dispatch, which allows the user to intercept all system calls that originate from a certain thread. Originally, this feature was introduced in Linux for Valve to allow for faster wine emulation. With this feature, wine can install a system call interceptor mechanism to interpret system calls within Windows binaries that are not supported by the Linux kernel directly (most of them) and which cannot be hooked easily.

This interface hides behind the prctl(2) system call, which allows various manipulations of the execution environment of the calling thread, and the PR_SET_SYSCALL_USER_DISPATCH flag:

 prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON,
      code_ptr, length, &flag)

With this call, the calling thread enables the user space syscall dispatcher: Whenever a system call is issued from a place outside of the region [code_ptr, code_ptr+length], the kernel will send a SIGSYS signal to the thread, which then should handle the system call. Furthermore, the prctl() call, installs a pointer to a char-sized flag (char flag) in user space, which allows the user space to enable and disable the filter without issuing a system call (which would be rather unhandy).

Therefore, the following pattern will write Hello World, every time somebody tries to execute a system call:

void usyscall_signal(int signum, siginfo_t *info, void *context) {
   flag = false;
   write(1, "Hello World\n", 12)
   flag = true;
   return;
}

Again, similar to rseq(2), we see that registering a memory region with the kernel allows us to communicate information passively between user space and kernel space without invoking a system call. And I'm sure that this is a pattern that we will see more often in the future.

Task

  • Implement a rot13 filter: All bytes that are written to stdout should be "translated" with rot13.

  • Implement a new system call with the syscall number 512, which can be invoked with

    syscall(512, args)
    

Hint: Returning from a signal handler requires the system call sigreturn(2), which the glibc invokes in restore_rt.. With a GDB, and the disassemble mechanism, we can also look at this function:

(gdb) disassemble __restore_rt
Dump of assembler code for function __restore_rt:
   0x00007ffff7c3daa0 <+0>: mov    $0xf,%rax
   0x00007ffff7c3daa7 <+7>: syscall 
   0x00007ffff7c3daa9 <+9>: nopl   0x0(%rax)
End of assembler dump.

As our user space syscall dispatcher would intercept this system call (rax=0xf), we would end in an endless loop. Therefore we have to instruct the kernel to exclude this code region from the user space dispatching mechanism. This can be done, by invoking prtctl() a second time in the signal handler to set the ignored region to [&__restore_rt, __restore_rt+9]. As the restore_rt symbol is not exported by the glibc, we have to deduce the address by extracting the address where our signal handler will return to via the GCC instrinsic __builtin_return_address.

Thanks!

At this point, I want to thank you for participating in the System-Call Advent Calendar. Have a great Christmas! Enjoy your time and a Happy New Year!

Last modified: 2023-12-01 15:52:27.998840, Last author: , Permalink: /p/advent-24-syscall


last changed 2023-12-01, 15:52 by Prof. Dr.-Ing. Christian Dietrich

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility