> This is not only racy (no locking!) but also a loophole for binary
> modules to do all kinds of crap (see http://www.sysinternals.com/linux/
> utilities/filemon.shtml for details). In early 2.5 I will submit a patch
> to remove the export, let's see wether it will be accepted.
This means that "funky" modules that do overload system calls will break
irredeemably. Yes, it's ugly, and dangerous, but is definitely useful in
a small number of situations.
What would nice is a "transparent" binfmt a module could add, that always is
first on the binfmt chain and lets things pass through,
plus some method to intercept syscalls nicely.
A transparent binfmt could be ref-counted also, avoiding the SMP module unload
races in these types of modules.
Before you ask, yes I tried the user-space methods of tracing syscall behaviour.
It was not only unreliable and racy, but slow as hell.
regards
john
-- "If the software that a company produces isn't reliable, adding a bunch of 'Mother, may I' rules to the language and the code won't fix it." - Pete Becker - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/