From owner-freebsd-hackers Tue May 19 14:21:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA17586 for freebsd-hackers-outgoing; Tue, 19 May 1998 14:21:13 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from relay.hq.tis.com (relay.hq.tis.com [192.94.214.100]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA17534 for ; Tue, 19 May 1998 14:20:50 -0700 (PDT) (envelope-from stevek@tis.com) Received: by relay.hq.tis.com; id RAA02333; Tue, 19 May 1998 17:17:14 -0400 (EDT) Received: from clipper.hq.tis.com(10.33.1.2) by relay.hq.tis.com via smap (4.0a) id xma002319; Tue, 19 May 98 17:16:42 -0400 Received: from mufasa.va.tis.com (mufasa.va.tis.com [192.168.10.18]) by clipper.hq.tis.com (8.7.5/8.7.3) with ESMTP id RAA29526 for ; Tue, 19 May 1998 17:12:16 -0400 (EDT) Received: from localhost (stevek@localhost) by mufasa.va.tis.com (8.8.7/8.8.7) with SMTP id RAA01610 for ; Tue, 19 May 1998 17:18:09 -0400 (EDT) (envelope-from stevek@mufasa.va.tis.com) Date: Tue, 19 May 1998 17:18:09 -0400 (EDT) From: Steve Kiernan To: freebsd-hackers@FreeBSD.ORG Subject: Restoring syscall for blocked procs in mod unload Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm working on a project which uses an LKM that intercepts the syscalls for specific processes. The problem I'm trying to solve is that if there is a process which is blocked in a syscall which is intercepted by the LKM and you unload the LKM, when the syscall unblocks and the stack frame is popped, the EIP can be pointing to an invalid address and the kernel will panic. I tried setting up a function called via the sv_prepsyscall pointer in the sysent structure which saves the trapframe and restores it (in p->p_md.md_regs) on LKM unload with the EIP adjusted to act as an ERESTART return from syscall would do, but this doesn't seem to work. Am I heading in the right direction in this solution or should I be doing something else? Do I need to do some calls to reschedule the process and/or fix-up any other pointers? Anything special that needs to be done dependent on the process being the currently-running one? This is on a FreeBSD 2.2.5-RELEASE system, FYI. Any pointers to RTFM is welcome. -- Stephen Kiernan stevek@tis.com TIS Labs at Network Associates, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message