Invoking a system call from within the kernel

Greg KH greg at
Thu Nov 16 04:54:24 EST 2017

On Wed, Nov 15, 2017 at 09:16:35PM -0500, Demi Marie Obenour wrote:
> I am looking to write my first driver.  This driver will create a single
> character device, which can be opened by any user.  The device will
> support one ioctl:
>         long ioctl_syscall(int fd, long syscall, long args[6]);
> This is simply equivalent to:
>         syscall(syscall, args[0], args[1], args[2], args[3], args[4],
>                 args[5], args[6]);

Wait, why?  Why do you want to do something like this, what problem are
you trying to solve that you feel that something like this is the
solution?  Let's step back and see if there isn't a better way to do

> and indeed I want it to behave *identically* to that.  That means that
> ptracers are notified about the syscall (and given the opportunity to
> update its arguments), and that seccomp_bpf filters are applied.
> Furthermore, it means that all arguments to the syscall need full
> validation, as if they came from userspace (because they do).
> Is there an in-kernel API that allows one to invoke an arbitrary syscall
> with arguments AND proper ptrace/seccomp_bpf filtering?  If not, how
> difficult would it be to create one?

Wouldn't creating such an interface be more work than just using the
correct user/kernel interface in the first place?  :)

Again, what is the problem you are trying to solve here.


greg k-h

More information about the Kernelnewbies mailing list