Linux文件系统的挂钩函数 [英] Hook functions for Linux filesystem

问题描述

我想在将数据写入硬盘之前先做些事情.我不知道任何解决方案.为了避免编辑内核源代码，我可以在任何位置使用钩子函数作为可加载模块吗?

I want to do something before writing data into hard disk. I don't known any solutions. To avoid editing kernel source code, is there any locations that I can use hook function as a loadable module?

更新:谢谢，LSM非常适合API挂钩.但我想找到其他提供机制挂钩读取/写入数据块的解决方案.这样可以避免在更新文件后重新加密所有文件.

UPDATE: Thanks all, LSM is good for API hooks. But I want to find other solution that provides mechanism hook read/write block of data. It can avoid re-encrypting all file after updating file.

我认为我可以在文件系统(ext2，ext3 ...)和缓冲区高速缓存之间进行一些修改.

I think there is something that I can modify between filesystem (ext2, ext3,...) and buffer cache.

推荐答案

好吧，这是一个有趣的问题.

Well, it's interesting question.

不幸的是，即使LSM在这里也无济于事.作为一种可能的解决方案，我建议使用address_space_operations表并挂钩writepage函数.例如，查看 ext3_writeback_aops :

Unfortunately, even LSM doesn't help here. As a possible solution I'll recommend use address_space_operations tables and hook writepage function. For example, look at ext3_writeback_aops:

1984 static const struct address_space_operations ext3_writeback_aops = {
1985         .readpage               = ext3_readpage,
1986         .readpages              = ext3_readpages,
1987         .writepage              = ext3_writeback_writepage,
1988         .write_begin            = ext3_write_begin,
1989         .write_end              = ext3_writeback_write_end,
1990         .bmap                   = ext3_bmap,
1991         .invalidatepage         = ext3_invalidatepage,
1992         .releasepage            = ext3_releasepage,
1993         .direct_IO              = ext3_direct_IO,
1994         .migratepage            = buffer_migrate_page,
1995         .is_partially_uptodate  = block_is_partially_uptodate,
1996         .error_remove_page      = generic_error_remove_page,
1997 };

因此，对于ext3文件系统，我们需要在内存中找到此结构，并替换writepage指针以指向our_writepage包装器.另请注意，该表位于只读存储器中，您需要正确处理它.

So, in case of ext3 filesystem we need to find this struct in memory and replace the writepage pointer to point to our_writepage wrapper. Note also that this table is in read-only memory and you need to handle it correctly.

使用LSM，可以钩住inode打开操作并就地替换inode->i_mapping->a_ops.

With LSM it is possible to hook on inode open operation and replace inode->i_mapping->a_ops inplace.

这篇关于Linux文件系统的挂钩函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！