I'm working on system call interception (for open() system call) and I got one problem: I have two kernel modules (mod1 and mod2) and both of them are trying to intercept open() syscall. I've loaded mod1 first and then mod2. The mod1 intercepted open() by:
original_open1 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod1_open;
Here original_open1 would be sys_open.
After this, mod2 intercepted open() by:
original_open2 = sys_call_table[__NR_open];
sys_call_table[__NR_open] = mod2_open;
Here, original_open2 would be mod1_open() since mod1 was loaded first.
Now, the problem is: Suppose I unload mod1 first and open() system call gets executed, then mod2_open() would get called, which ultimately calls mod1_open().
Since mod1 is already unloaded, calling mod1_open() would cause panic (since the function pointer is no longer a valid memory region).
I need some mechanism to avoid this problem. Basically, I want a solution which facilitates loading/unloading the modules (which intercept same syscall) in any random order without causing any panic.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 闹够了就滚 的文章《Multiple kernel modules intercepting same system c》','https://www.manongdao.com/article-470975.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}