how to intercept system calls

rajesh singarapu rajesh0541 at
Wed Jul 10 13:28:05 EDT 2013

you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage
and maintaining keys in inode/as extended attributes.

On Wed, Jul 10, 2013 at 10:39 PM, <Valdis.Kletnieks at> wrote:

>  On Wed, 10 Jul 2013 21:32:22 +0800, <wuyaalan at> said:
> >      I wanna encrpto some data in kernel, and these encrypto data storage
> > on disk .i should decrypt data before system call trasmit to user mode.
> > then what should i do ? how to get encrypt data ?
> >      I wanna intercept write function(kernel), when this function got
> > encrypt data i will decrypt.
> This will probably not end well, as crypto is a lot harder to get right
> than
> it looks.
> What threat model are you trying to defend against with the encrypted data?
> What data are you encrypting, and who are you trying to keep it away from?
> The biggest problem is the secure storage and management of crypto keys.
> You're almost certainly better off using the in-kernel keyring code instead
> of trying to do this yourself.  Also see the various TPM support code.
> And it's possible that what you *really* wanted to use is the userspace
> cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're
> trying to do.
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Kernelnewbies mailing list