finit_module - request the kernel to initialize or delete a kernel module
The finit_module system call requests the kernel to initialize (instantiate) or delete (remove) a kernel module. At the end of the initializing procedure, the module code will be executed. If the module removal is requested, all its resources will be freed. This call is intended to be used by privileged processes.
param_values argument points to a block of memory containing one or more parameters with fixed limit size, passed to the kernel module initialization function. The
flags argument is used to control the operation of the module. It can be bitwise ORed of zero or more of the following values:
O_TRACE- flag to trace module
O_DEBUG- debug flag
O_ASYNC- asynchronous initialization
O_EXCL- exclusive module initializing
int- an open file descriptor for the module file that needs to be loaded.
const char*- a pointer to a block of memory containing one or more parameters with a fixed limit size, to be passed to the kernel module initialization function.
int- a flag which used to control the operation of the module. It can be bitwise ORed of zero or more values.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
To allow userspace to request initialization of a module.
To allow system-calls tracing and further inspection of the module init process outcome.
Example Use Case¶
When debugging kernel modules, finit_module can be used to manually load and unload the module from userspace and allow the debugging process to continue.
Currently, finit_module cannot be linked with other syscalls, as it does not return any useful data about its outcome or the status of the module.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.