[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trapping execve()

To: Sridhar N <srin@symonds.net>
Subject: Re: trapping execve()
From: John Levon <movement@marcelothewonderpenguin.com>
Date: Thu, 23 May 2002 00:07:26 +0100
Cc: "Mailing List:Kernel Newbies" <kernelnewbies@nl.linux.org>
In-Reply-To: <200205222142.g4MLgoYS002822@srin.homelinux.net>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;kernelnewbies-archive@nl.linux.org
References: <200205100121.g4A1LXqQ002002@srin.homelinux.net> <200205131713.g4DHDV3e008401@srin.homelinux.net> <20020513235416.GB44302@compsoc.man.ac.uk> <200205222142.g4MLgoYS002822@srin.homelinux.net>
Sender: kernelnewbies-bounce@nl.linux.org
User-Agent: Mutt/1.3.25i

On Thu, May 23, 2002 at 03:12:50AM +0530, Sridhar N wrote:

> 1) why isn't modifying syscalltable safe under module unloading ?

Consider code like this :

asmlinkage static long my_sys_init_module(char const * name_user, struct
module * mod_user)
{
        long ret;

        ret = old_sys_init_module(name_user, mod_user);

	/* some code ... */
        return ret;
}

Now consider what happens if a process is sleeping in
old_sys_init_module somewhere (i.e. sleeping in the kernel), and
somebody does a rmmod. This code (my_sys_init_module) is unmapped. Now
the process wakes up and tries to return to "some code" above.
Unfortunately, at this point the vfat module has been autoloaded and
/its/ code is now taking up this space. You just trashed your windows
partition.

You might think that module use counts will help here, but there is
always a tiny window between the decrement of the use count, and the end
of a process needing the code to be mapped[1]

> 2) why isn't the argument to execve not a pointer ?

Well, there's nothing stopping it being a pointer as far as I can see,
but the fact is, it is not, and your code must cope with this as result.

Hope this helps.

regards
john

[1] in fact my tests have /never/ caused this race in this manner, but
that's not the point

-- 
"I never understood what's so hard about picking a unique
 first and last name - and not going beyond the 6 character limit."
 	- Toon Moene
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

Follow-Ups:
- Re: trapping execve()
  - From: Sridhar N <srin@symonds.net>

References:
- trapping execve()
  - From: Sridhar N <srin@symonds.net>
- Re: trapping execve()
  - From: Sridhar N <srin@symonds.net>
- Re: trapping execve()
  - From: John Levon <movement@marcelothewonderpenguin.com>
- Re: trapping execve()
  - From: Sridhar N <srin@symonds.net>

Prev by Date: Re: case sensitivity
Next by Date: Re: case sensitivity
Prev by thread: Re: trapping execve()
Next by thread: Re: trapping execve()
Index(es):
- Date
- Thread