Page 1 of 1

reverse system calls to communicate with user-space

PostPosted: Tue Aug 22, 2017 7:48 am
by adam81
In the third book (security and insecurity) there's a quote about a medium to communicate with user-space process from kext using reverse system call.

in page 36, it says in relation to kauth that "the logic is left entirely up to the listener, which can even pass the decision logic to a user mode helper (via reverse system call or mach message)..."

I wonder where can I find any demonstration of how to use this methodology and if I can define new such syscalls to fit my needs...

currently I'm using IOSharedDataQueue which is not optimal for my needs since I cannot get the response to the same kernel thread that posted the command (I actually need to poll another shared memory in order to get the response).

thanks

Re: reverse system calls to communicate with user-space

PostPosted: Tue Aug 22, 2017 10:32 pm
by morpheus
So - define new sys calls - NO. You can't without recompiling kernel.

Otherwise, reverse sys call is when you implement a device driver, and some BSD device node (/dev/foo). An application in user space will read(2) from the device, which is when your driver will block it. When you want to do something in user space, your driver returns data to the calling application (thereby freeing it), then the driver waits for the subsequent write(2) operation. That's when the app writes the result back into the driver, ergo kernel space.

The technique is not at all unique to XNU, and I'm betting you can find some samples (probably for Linux) all over.