On Thu, Feb 24, 2022 at 08:59:59AM +0900, Yun Levi wrote: > I think if someone wants to control their own binfmt via "ioctl" not > on time on LOAD. > For example, someone wants to control exec (notification, > allow/disallow and etc..) > and want to enable and disable own's control exec via binfmt reg / unreg > In that situation, While the module is loaded, binfmt is still live > and can be reused by > reg/unreg to enable/disable his exec' control. Er... So have your ->load_binary() start with if (I_want_it_disabled) return -ENOEXEC; and be done with that. The only caller of that thing is list_for_each_entry(fmt, &formats, lh) { if (!try_module_get(fmt->module)) continue; read_unlock(&binfmt_lock); retval = fmt->load_binary(bprm); read_lock(&binfmt_lock); put_binfmt(fmt); if (bprm->point_of_no_return || (retval != -ENOEXEC)) { read_unlock(&binfmt_lock); return retval; } } so returning -ENOEXEC is equivalent to not having it in the list. IDGI... Why bother unregistering/re-registering/etc.?