Dinesh K Subhraveti | 9 Apr 08:10 1999

Isn't wait4 amenable to interception?


I am trying to intercept wait4 and having problems with it. Does wait4
differ from other system calls in any peculiar way? The new system call
routine just returns original sys_wait4. After inserting the module, system
works just fine. But rmmod causes a kernel oops with "Bad EIP" message and
shell gets killed. After kernel oops everything seems just fine too. I'd
greatly appreciate any insight on this. Am attaching the code below. Please
reply to dinesh <at> cs.columbia.edu.

Thanks in advance,

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/resource.h>
#include <sys/syscall.h>

extern void *sys_call_table[];

static int (*original_sys_wait4) (pid_t, int*, int, struct rusage*);

asmlinkage int my_wait4 (pid_t a, int *b, int c, struct rusage *d)
   return original_sys_wait4 (a, b, c, d);

int init_module()
(Continue reading)