/* Nuke the vmsplice syscall by inserting a RET
 * right after it's entry point in the kernel.
 * Credit: Morten Hustveit <morten@rashbox.org>
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>

int main()
{
    char line[4096];
    FILE *ksyms = fopen("/proc/kallsyms", "r");
    size_t address = 0;

    if (!ksyms) {
	perror("Could not open /proc/kallsyms");
	exit(1);
    }

    while (fgets(line, sizeof(line), ksyms)) {
	if (strstr(line, "sys_vmsplice")) {
	    sscanf(line, "%zx", &address);
	    break;
	}
    }

    if (!address) {
	fprintf(stderr, "Address not found\n");
	exit(1);
    }

    int fd = open("/dev/kmem", O_RDWR);

    if (fd == -1) {
	perror("open(\"/dev/kmem\")");
	exit(1);
    }

    char *map =
	mmap(0, 0x200000, PROT_READ | PROT_WRITE, MAP_SHARED, fd,
	     address & ~0xFFF);

    if (map == MAP_FAILED) {
	perror("mmap");
	exit(1);
    }

    map[address & 0xfff] = 0xc3;	/* 0xC3 = RET */

    fprintf(stderr, "OMG Wheeeeee!\n");

    exit(0);
}