I'm working on system call interception (for open() system call) and I got one problem: I have two kernel modules (mod1 and mod2) and both of them are trying to intercept open() syscall. I've loaded mod1 first and then mod2. The mod1 intercepted open() by:
original_open1 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod1_open;
Here original_open1 would be sys_open. After this, mod2 intercepted open() by:
original_open2 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod2_open;
Here, original_open2 would be mod1_open() since mod1 was loaded first. Now, the problem is: Suppose I unload mod1 first and open() system call gets executed, then mod2_open() would get called, which ultimately calls mod1_open().
Since mod1 is already unloaded, calling mod1_open() caused panic (since the function pointer is no longer a valid memory region).
I need some mechanism to avoid this problem. Basically, I want a solution which facilitates loading/unloading the modules (which intercept same syscall) in any random order without causing any panic.
Is there some kind of facility such that while unloading the module (`mod2` here), the module will broadcast the message to all other modules that it's being unloaded and instead of refering to `original_open2()` the other modules should use `original_open1()`.
Your help would really be appreciated.
Thanks,
Ajinkya.
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
