Query regarding kernel modules intercepting system call.

Ajinkya Surnis surnisaa at gmail.com
Sat Jul 8 10:08:21 EDT 2017


Hi guys,

I'm new to kernelnewbies and this is my first question in the list.

I'm working on system call interception (for open() system call) and I got
one problem: I have two kernel modules (mod1 and mod2) and both of them are
trying to intercept open() syscall. I've loaded mod1 first and then mod2.
The mod1 intercepted open() by:

original_open1 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod1_open;

Here original_open1 would be sys_open. After this, mod2 intercepted open()
 by:

original_open2 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod2_open;

Here, original_open2 would be mod1_open() since mod1 was loaded first. Now,
the problem is: Suppose I unload mod1 first and open() system call gets
executed, then mod2_open() would get called, which ultimately calls
mod1_open().

Since mod1 is already unloaded, calling mod1_open() caused panic (since the
function pointer is no longer a valid memory region).

I need some mechanism to avoid this problem. Basically, I want a solution
which facilitates loading/unloading the modules (which intercept same
syscall) in any random order without causing any panic.

Is there some kind of facility such that while unloading the module (`mod2`
here), the module will broadcast the message to all other modules that it's
being unloaded and instead of refering to `original_open2()` the other
modules should use `original_open1()`.

Your help would really be appreciated.

Thanks,

Ajinkya.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20170708/8a42b45c/attachment.html 


More information about the Kernelnewbies mailing list