On Mon, Apr 08, 2002 at 12:03:06AM +0100, Anton Altaparmakov wrote:
> At 21:23 07/04/02, Muli Ben-Yehuda wrote:
> >Right, this module (syscall_hijack.o) currently has the interface:
> >
> >int hijack_syscall_before(int syscall_id, func_ptr func);
> >int hijack_syscall_after(int syscall_id, func_ptr func);
> >
> >int release_syscall_before(int syscall_id);
> >int release_syscall_after(int syscall_id);
> >
> >where 'before' and 'after' correspond to a hook which should run
> >before the original system call is invoked (allowing it to specify
> >that the original system call should not be executed) or after the
> >original system call is invoked (allowing it access to its return
> >value).
> [snip]
>
> So are you coping with someone hijacking YOU as well between calls to
> hijack_syscall_* and release_syscall_*? Or would that trash the
> caller chain?
That should work fine, since we never explicitly refer to the entry in
the sys_call_table in our call chain (our callchain goes
hijacked_function
-> hook_before
if call original syscall
-> original syscall (the entry that was in the sys_call_table when we
hijacked it, not the currrent entry!)
-> hook_after
Note that we don't support stacking of hooks right now - we never had
need to.
-- The ill-formed Orange Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/ Segmentation fault. http://syscalltrack.sf.net/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 15 2002 - 22:00:10 EST