unregister_syscall

Author: lacraig2

src/hooks/syscalls_hc.c

@@ -533,82 +533,3 @@ int syscalls_hc_init(void) {
     hash_init(syscall_hook_table);
     return 0;
 }
-
-/* Deferred unregistration so we can invoke from inside a syscall callback */
-struct deferred_unregister {
-    struct kernel_syscall_hook *hook;
-    struct list_head list;
-};
-static LIST_HEAD(deferred_unregister_list);
-static DEFINE_SPINLOCK(deferred_unregister_lock);
-
-static void process_deferred_unregisters(struct work_struct *work)
-{
-    struct deferred_unregister *deferred, *tmp;
-    LIST_HEAD(local_list);
-
-    // Move all pending unregistrations to local list
-    spin_lock(&deferred_unregister_lock);
-    list_splice_init(&deferred_unregister_list, &local_list);
-    spin_unlock(&deferred_unregister_lock);
-
-    // Process unregistrations outside of spinlock
-    list_for_each_entry_safe(deferred, tmp, &local_list, list) {
-        DBG_PRINTK("IGLOO: Processing deferred unregistration for hook %p\n",
-               deferred->hook);
-
-        // Actually unregister the hook
-        unregister_syscall_hook(deferred->hook);
-
-        // Clean up the deferred entry
-        list_del(&deferred->list);
-        kfree(deferred);
-    }
-}
-
-static DECLARE_WORK(deferred_unregister_work, process_deferred_unregisters);
-
-static int do_unregister_syscall_hook(struct kernel_syscall_hook *hook_ptr)
-{
-    if (!hook_ptr) {
-        return -EINVAL;
-    }
-
-    spin_lock(&syscall_hook_lock);
-
-    hash_del(&hook_ptr->hlist);
-    hlist_del_rcu(&hook_ptr->name_hlist);
-
-    spin_unlock(&syscall_hook_lock);
-
-    kfree_rcu(hook_ptr, rcu);
-    atomic_dec(&global_syscall_hook_count);
-
-    DBG_PRINTK("IGLOO: Unregistered syscall hook %p\n", hook_ptr);
-    return 0;
-}
-
-// Modified unregister function
-int unregister_syscall_hook(struct kernel_syscall_hook *hook_ptr)
-{
-    struct deferred_unregister *deferred;
-
-    // Check if we're in syscall processing context
-    if (in_interrupt() || rcu_read_lock_held()) {
-        // Defer the unregistration
-        deferred = kmalloc(sizeof(*deferred), GFP_ATOMIC);
-        if (!deferred) return -ENOMEM;
-
-        deferred->hook = hook_ptr;
-        spin_lock(&deferred_unregister_lock);
-        list_add_tail(&deferred->list, &deferred_unregister_list);
-        spin_unlock(&deferred_unregister_lock);
-
-        // Schedule work to process deferred unregistrations
-        schedule_work(&deferred_unregister_work);
-        return 0;
-    }
-
-    // Safe to unregister immediately
-    return do_unregister_syscall_hook(hook_ptr);
-}

src/portal/portal_op_list.h

@@ -19,6 +19,7 @@
     X(register_uprobe, REGISTER_UPROBE) \
     X(unregister_uprobe, UNREGISTER_UPROBE) \
     X(register_syscall_hook, REGISTER_SYSCALL_HOOK) \
+    X(unregister_syscall_hook, UNREGISTER_SYSCALL_HOOK) \
     X(ffi_exec, FFI_EXEC) \
     X(kallsyms_lookup, KALLSYMS_LOOKUP) \
     X(tramp_generate, TRAMP_GENERATE) \

src/portal/portal_syscall.c

@@ -68,4 +68,53 @@ void handle_op_register_syscall_hook(portal_region *mem_region)
     // Return the hook's memory address in the size field
     mem_region->header.size = (unsigned long)kernel_hook;
     mem_region->header.op = HYPER_RESP_READ_NUM;
+}
+
+int unregister_syscall_hook(struct kernel_syscall_hook *hook_ptr)
+{
+    if (!hook_ptr) {
+        return -EINVAL;
+    }
+    
+    // 1. Immediately disable the hook to stop it from firing
+    hook_ptr->hook.enabled = false;
+
+    // 2. Remove from hash tables under lock
+    spin_lock(&syscall_hook_lock);
+
+    hash_del_rcu(&hook_ptr->hlist);
+    hlist_del_rcu(&hook_ptr->name_hlist);
+
+    spin_unlock(&syscall_hook_lock);
+
+    // 3. Decrement global count
+    atomic_dec(&global_syscall_hook_count);
+
+    // 4. Free memory safely using RCU
+    kfree_rcu(hook_ptr, rcu);
+
+    printk(KERN_EMERG "IGLOO: Unregistered syscall hook %p\n", hook_ptr);
+    return 0;
+}
+
+void handle_op_unregister_syscall_hook(portal_region *mem_region)
+{
+    struct kernel_syscall_hook *kernel_hook;
+    
+    igloo_pr_debug("igloo: Handling HYPER_OP_UNREGISTER_SYSCALL_HOOK\n");
+    
+    // Safety check: Ensure we received a pointer-sized payload
+    if (mem_region->header.size < sizeof(void *)) {
+        mem_region->header.op = HYPER_RESP_READ_FAIL;
+        return;
+    }
+    
+    // Retrieve the hook pointer from the portal data buffer
+    kernel_hook = *(struct kernel_syscall_hook **)PORTAL_DATA(mem_region);
+    
+    if (unregister_syscall_hook(kernel_hook) == 0) {
+        mem_region->header.op = HYPER_RESP_READ_OK;
+    } else {
+        mem_region->header.op = HYPER_RESP_WRITE_FAIL;
+    }
 }