Method and system for kernel routine callbacks

US 11,106,491 B2
Filed: 04/06/2018
Issued: 08/31/2021
Est. Priority Date: 04/06/2018
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

hooking a pre-callback handler and a post-callback handler to an operating system of a computing device;

obtaining, by the pre-callback handler, a kernel routine request for a kernel routine to be performed in a kernel mode of the operating system;

determining, by the pre-callback handler, whether to allow the kernel routine to be performed based on one or more input parameters of the kernel routine request, wherein the determination by the pre-callback handler is based on whether a value of at least one of the input parameters exceeds a threshold and/or matches a standard input value;

upon determining that the kernel routine is allowed to be performed, causing the kernel routine to be performed in the kernel mode to generate kernel routine results;

determining, by the post-callback handler, whether to allow the kernel routine results of the kernel routine to be returned based on one or more output parameters of the kernel routine request, wherein the determination by the post-callback handler is based on whether a value of at least one of the output parameters exceeds a threshold and/or matches a standard output value;

upon determining that the kernel routine results of the kernel routine are allowed to be returned, causing the kernel routine results of the kernel routine to be returned to an application that is executed in a non-kernel mode of the operating system; and

upon determining that the kernel routine results are not allowed to be returned,modifying the kernel routine results, wherein the modifying the kernel routine results comprises filtering out a portion from the kernel routine results that is not accessible by a function call corresponding to the kernel routine, andcausing the modified kernel routine results and a first post-operation error indicating the portion of the kernel routine results has not been accessed to be returned to the application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for kernel routine callbacks. Such methods may include hooking a pre-callback handler and a post-callback handler to a pre-existing operating system of a computing device. According to the pre-callback handler, a kernel routine request for a kernel routine to be performed in a kernel mode of the operating system is obtained, whether to allow the kernel routine to be performed is determined, and the kernel routine is caused to be performed in the kernel mode to generate kernel routine results. According to the post-callback handler, whether to allow the kernel routine results of the kernel routine to be returned is determined, and the kernel routine results of the kernel routine is caused to be returned to an application that is executed in a non-kernel mode of the operating system.

11 Citations

20 Claims

1. A method comprising:
- hooking a pre-callback handler and a post-callback handler to an operating system of a computing device;
  
  obtaining, by the pre-callback handler, a kernel routine request for a kernel routine to be performed in a kernel mode of the operating system;
  
  determining, by the pre-callback handler, whether to allow the kernel routine to be performed based on one or more input parameters of the kernel routine request, wherein the determination by the pre-callback handler is based on whether a value of at least one of the input parameters exceeds a threshold and/or matches a standard input value;
  
  upon determining that the kernel routine is allowed to be performed, causing the kernel routine to be performed in the kernel mode to generate kernel routine results;
  
  determining, by the post-callback handler, whether to allow the kernel routine results of the kernel routine to be returned based on one or more output parameters of the kernel routine request, wherein the determination by the post-callback handler is based on whether a value of at least one of the output parameters exceeds a threshold and/or matches a standard output value;
  
  upon determining that the kernel routine results of the kernel routine are allowed to be returned, causing the kernel routine results of the kernel routine to be returned to an application that is executed in a non-kernel mode of the operating system; and
  
  upon determining that the kernel routine results are not allowed to be returned,modifying the kernel routine results, wherein the modifying the kernel routine results comprises filtering out a portion from the kernel routine results that is not accessible by a function call corresponding to the kernel routine, andcausing the modified kernel routine results and a first post-operation error indicating the portion of the kernel routine results has not been accessed to be returned to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising upon determining that the kernel routine is not allowed to be performed, preventing the kernel routine from being performed and causing a pre-operation error to be returned to the application.
  - 3. The method of claim 1, further comprising upon determining that the kernel routine results of the kernel routine are not allowed to be returned, causing a post-operation error to be returned to the application.
  - 4. The method of claim 1, wherein the filtering out the portion from the kernel routine results further comprises filtering out at least one of the one or more output parameters included in the kernel routine results.
  - 5. The method of claim 1, wherein the pre-callback handler and the post-callback handler are uniquely associated with the kernel routine, and a plurality of pre-callback handlers and a plurality of post-callback handlers associated with different types of kernel routines are hooked to the operating system.
  - 6. The method of claim 1, wherein the kernel routine comprises a file system operation.
  - 7. The method of claim 1, wherein the kernel routine comprises a non-file system operation and does not include a file system operation.
  - 8. The method of claim 1, wherein the pre-callback handler and the post-callback handler are hooked to the operating system, in a state where the operating system is not protected by a kernel patch protection.
  - 9. The method of claim 1, wherein the operating system is a macOS.

10. A computing system comprising:
- one or more processors; and
  
  a memory storing instructions that, when executed by the one or more processors, cause the computing system to;
  
  obtain, by a pre-callback handler hooked to an operating system of the computing system, a kernel routine request for a kernel routine to be performed in a kernel mode of an operating system of the computing system;
  
  determine, by the pre-callback handler, whether to allow the kernel routine to be performed based on one or more input parameters of the kernel routine request, wherein the determination is based on whether a value of at least one of the input parameters exceeds a threshold and/or matches a standard input value;
  
  upon determining that the kernel routine is allowed to be performed, cause the kernel routine to be performed in the kernel mode to generate kernel routine results;
  
  determine, by a post-callback handler that is also hooked to the operating system of the computing system, whether to allow the kernel routine results of the kernel routine to be returned based on one or more output parameters of the kernel routine request, wherein the determination is based on whether a value of at least one of the output parameters exceeds a threshold and/or matches a standard output value;
  
  upon determining that the kernel routine results of the kernel routine are allowed to be returned, cause the kernel routine results of the kernel routine to be returned to an application that is executed in a non-kernel mode of the operating system; and
  
  upon determining that the kernel routine results are not allowed to be returned,modify the kernel routine results, wherein the modifying the kernel routine results comprises filtering out a portion from the kernel routine results that is not accessible by a function call corresponding to the kernel routine, andcause the modified kernel routine results and a first post-operation error indicating the portion of the kernel routine results has not been accessed to be returned to the application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computing system of claim 10, wherein the instructions further cause the computing system to, upon determining that the kernel routine is not allowed to be performed, prevent the kernel routine from being performed and cause a pre-operation error to be returned to the application.
  - 12. The computing system of claim 10, wherein the instructions further cause the computing system to, upon determining that the kernel routine results of the kernel routine are not allowed to be returned, cause a post-operation error to be returned to the application.
  - 13. The computing system of claim 10, wherein the filtering out the portion from the kernel routine results further comprises filtering out at least one of the one or more output parameters included in the kernel routine results.
  - 14. The computing system of claim 10, wherein the pre-callback handler and the post-callback handler are uniquely associated with the kernel routine, and a plurality of pre-callback handlers and a plurality of post-callback handlers associated with different types of kernel routines are hooked to the operating system.
  - 15. The computing system of claim 10, wherein the kernel routine comprises a file system operation.
  - 16. The computing system of claim 10, wherein the kernel routine comprises a non-file system operation and does not include a file system operation.
  - 17. The computing system of claim 10, wherein the pre-callback handler and the post-callback handler are hooked to the operating system, in a state where the operating system is not protected by a kernel patch protection.
  - 18. The computing system of claim 10, wherein the operating system is a macOS.

19. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising:
- hooking a pre-callback handler and a post-callback handler to an operating system of a computing device;
  
  obtaining, by the pre-callback handler, a kernel routine request for a kernel routine to be performed in a kernel mode of the operating system;
  
  determining, by the pre-callback handler, whether to allow the kernel routine to be performed based on one or more input parameters of the kernel routine request, wherein the determination by the pre-callback handler is based on whether a value of at least one of the input parameters exceeds a threshold and/or matches a standard input value;
  
  upon determining that the kernel routine is allowed to be performed, causing the kernel routine to be performed in the kernel mode to generate kernel routine results;
  
  determining, by the post-callback handler, whether to allow the kernel routine results of the kernel routine to be returned based on one or more output parameters of the kernel routine request, wherein the determination by the post-callback handler is based on whether a value of at least one of the output parameters exceeds a threshold and/or matches a standard output value;
  
  upon determining that the kernel routine results of the kernel routine are allowed to be returned, causing the kernel routine results of the kernel routine to be returned to an application that is executed in a non-kernel mode of the operating system; and
  
  upon determining that the kernel routine results are not allowed to be returned,modifying the kernel routine results, wherein the modifying the kernel routine results comprises filtering out a portion from the kernel routine results that is not accessible by a function call corresponding to the kernel routine, andcausing the modified kernel routine results and a first post-operation error indicating the portion of the kernel routine results has not been accessed to be returned to the application.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising upon determining that the kernel routine is not allowed to be performed, preventing the kernel routine from being performed and causing a pre-operation error to be returned to the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Didi Infinity Technology And Development Co.Ltd.
Original Assignee
Beijing Didi Infinity Technology And Development Co.Ltd.
Inventors
Wang, Yu
Primary Examiner(s)
Bullock, Jr., Lewis A
Assistant Examiner(s)
Lu, Kevin X

Application Number

US15/946,963
Publication Number

US 20190310883A1
Time in Patent Office

1,243 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/4881   Scheduling strategies for d...

G06F 9/545   where tasks reside in diffe...

G06F 9/547   Remote procedure calls [RPC...

Method and system for kernel routine callbacks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for kernel routine callbacks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links