On Thu, Feb 24, 2022 at 08:59:59AM +0900, Yun Levi wrote:
> I think if someone wants to control their own binfmt via "ioctl" not
> on time on LOAD.
> For example, someone wants to control exec (notification,
> allow/disallow and etc..)
> and want to enable and disable own's control exec via binfmt reg / unreg
> In that situation, While the module is loaded, binfmt is still live
> and can be reused by
> reg/unreg to enable/disable his exec' control.
Er... So have your ->load_binary() start with
if (I_want_it_disabled)
return -ENOEXEC;
and be done with that.
The only caller of that thing is
list_for_each_entry(fmt, &formats, lh) {
if (!try_module_get(fmt->module))
continue;
read_unlock(&binfmt_lock);
retval = fmt->load_binary(bprm);
read_lock(&binfmt_lock);
put_binfmt(fmt);
if (bprm->point_of_no_return || (retval != -ENOEXEC)) {
read_unlock(&binfmt_lock);
return retval;
}
}
so returning -ENOEXEC is equivalent to not having it in the list.
IDGI... Why bother unregistering/re-registering/etc.?
