Android Linux kernel communicate with user space

0
votes

I'm following this article to implement android linux kernel communicate with user space.

I use insmod kernel to insert my kernel to Android avd goldfish kernel, then I use cat /proc/kmsg to observe the kernel message, but I find the program doesn't execute as intended. Here is my code:

void hello_nl_recv_msg(struct sk_buff *skb)
{
    struct nlmsghdr *nlh;
    int pid;
    struct sk_buff *skb_out;
    int msg_size;
    char *msg = "Hello from kernel";
    int res;

    printk(KERN_INFO "Entering: %sn", __FUNCTION__);

    msg_size = strlen(msg);

    nlh = (struct nlmsghdr *)skb->data;
    printk(KERN_INFO "Netlink received msg payload:%sn", (char *)nlmsg_data(nlh));
    pid = nlh->nlmsg_pid; //pid of sending process

    skb_out = nlmsg_new(msg_size, 0);

    if (!skb_out)
    {
        printk(KERN_ERR "Failed to allocate new skbn");
        return;
    }

    nlh = nlmsg_put(skb_out, 0, 0, NLMSG_DONE, msg_size, 0);
    NETLINK_CB(skb_out).dst_group = 0; //not in mcast group
    strncpy(nlmsg_data(nlh), msg, msg_size);

    res = nlmsg_unicast(nl_sk, skb_out, pid);

    if (res < 0)
    printk(KERN_INFO "Error while sending bak to usern");
}

int init_module()
{
    printk("Entering: %sn", __FUNCTION__);
    nl_sk = netlink_kernel_create(&init_net, NETLINK_USER, 0, hello_nl_recv_msg, NULL, THIS_MODULE);
    printk("%s",nl_sk);

    // nl_sk = netlink_kernel_create(NETLINK_USER, input);
    //if (!nl_sk)
    //{
        //  printk(KERN_ALERT "Error creating socket.n");
        // return -10;
    //}

    return 0;
}

I find when the program exec 

  nl_sk = netlink_kernel_create(&init_net, NETLINK_USER, 0, hello_nl_recv_msg, NULL, THIS_MODULE);

The kernel returns -1 or other integer, and it can't execute the function "hello_ne_recv_msg". I use android avd, the kernel is goldfish 2.6. Please help me, thanks.

1
androidlinux-kernel
Why are you using %s to print the value of nl_sk? Also, -1 probably means -EPERM - "operation not permitted".tangrs
Also, how did you determine that netlink_kernel_create is returning -1? From a cursory glance in the definition for that function, I can only see it returning NULL on an error.tangrs
I also just realised that the kernel you're using is 6 years old now. Is there any reason you're using a kernel that old?tangrs
@tangrs I use print("%s",nl_sk) ,because I want to see what will print, no practical function.And I want to know why it return -1? please help me ,thank you very much.nijian81
@tangrs I use the old kernel, because when I use kernel 3.4 to insert kernel occur wrong, so I use a old kernel to test. But I meet this error.nijian81

1 Answers

0
votes

Here is my code (tested on sony z2 kernel).

  • Note: your code may still fail if seandroid (selinux) is enforced.
  • Beware of code copy pasting. Check it!
  • Don't ignore compilation warnings.

Kernel module: 

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <net/sock.h>
#include <linux/socket.h>
#include <linux/net.h>
#include <asm/types.h>
#include <linux/netlink.h>
#include <linux/skbuff.h>

static struct sock* nl_sk;
#define NETLINK_USER 31

void hello_nl_recv_msg(struct sk_buff* skb)
{
    struct nlmsghdr* nlh;
    int pid;
    struct sk_buff* skb_out;
    int msg_size;
    char* msg = "Hello from kernel";
    int res;

    printk(KERN_INFO "Entering: %s\n", __FUNCTION__);

    msg_size = strlen(msg);

    nlh = (struct nlmsghdr*)skb->data;
    printk(KERN_INFO "Netlink received msg payload:%s\n", (char*)nlmsg_data(nlh));
    pid = nlh->nlmsg_pid; //pid of sending process

    skb_out = nlmsg_new(msg_size, 0);

    if (!skb_out) {
        printk(KERN_ERR "Failed to allocate new skbn\n");
        return;
    }

    nlh = nlmsg_put(skb_out, 0, 0, NLMSG_DONE, msg_size, 0);
    NETLINK_CB(skb_out).dst_group = 0; //not in mcast group
    strncpy(nlmsg_data(nlh), msg, msg_size);

    res = nlmsg_unicast(nl_sk, skb_out, pid);

    if (res < 0) {
        printk(KERN_INFO "Error while sending back to user\n");
    }
}


int __init init_netlink_test(void)
{
    printk(KERN_INFO "Entering: %s\n", __FUNCTION__);
    nl_sk = netlink_kernel_create(&init_net, NETLINK_USER, 0, hello_nl_recv_msg, NULL, THIS_MODULE);

    if (!nl_sk) {
        printk(KERN_ALERT "Error creating socket.\n");
        return -10;
    }

    return 0;
}

void __exit exit_netlink_test(void)
{
    printk(KERN_INFO "exiting hello module\n");
    netlink_kernel_release(nl_sk);
}

module_init(init_netlink_test);
module_exit(exit_netlink_test);

userspace test app: 

#include <sys/socket.h>
#include <linux/netlink.h>
#include <string.h>
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/types.h>

#define NETLINK_USER 31
#define MAX_PAYLOAD 1024 /* maximum payload size*/

struct sockaddr_nl src_addr, dest_addr;
struct nlmsghdr* nlh = NULL;
struct iovec iov;
int sock_fd;
struct msghdr msg;

int main()
{

    sock_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_USER);

    if (sock_fd < 0) {
        return -1;
    }

    memset(&src_addr, 0, sizeof(src_addr));
    src_addr.nl_family = AF_NETLINK;
    src_addr.nl_pid = getpid();  /* self pid */
    /* interested in group 1<<0 */
    bind(sock_fd, (struct sockaddr*)&src_addr,
         sizeof(src_addr));

    memset(&dest_addr, 0, sizeof(dest_addr));
    dest_addr.nl_family = AF_NETLINK;
    dest_addr.nl_pid = 0;   /* For Linux Kernel */
    dest_addr.nl_groups = 0; /* unicast */

    nlh = (struct nlmsghdr*)malloc(
              NLMSG_SPACE(MAX_PAYLOAD));
    memset(nlh, 0, NLMSG_SPACE(MAX_PAYLOAD));
    nlh->nlmsg_len = NLMSG_SPACE(MAX_PAYLOAD);
    nlh->nlmsg_pid = getpid();
    nlh->nlmsg_flags = 0;

    strcpy(NLMSG_DATA(nlh), "Hello");

    iov.iov_base = (void*)nlh;
    iov.iov_len = nlh->nlmsg_len;
    msg.msg_name = (void*)&dest_addr;
    msg.msg_namelen = sizeof(dest_addr);
    msg.msg_iov = &iov;
    msg.msg_iovlen = 1;

    printf("Sending message to kernel\n");
    sendmsg(sock_fd, &msg, 0);
    printf("Waiting for message from kernel\n");

    /* Read message from kernel */
    recvmsg(sock_fd, &msg, 0);
    printf(" Received message payload: %s\n",
           NLMSG_DATA(nlh));
    close(sock_fd);
}