RichardUSTC
Reputation: 39
What is the best practice to intercept an exception handler in Linux kernel
I need to intercept the exception handling of page fault in Linux kernel, but I'm not allowed to modify the kernel source and compile the kernel. I have to do this in a kernel module. I now have several approach.
- copy the IDT table and replace the ISR of page fault. However, I looked into the assembly code of the kernel and found that the ISR calls some functions whose address cannot be determined at the compile time of the module. For example,
callq *0x2b0a07(%rip) # ffffffff81620100 <pv_irq_ops+0x30>. - use kprobe/jprobe mechanism to intercept
do_page_fault, but not all kernel are configured with kprobe enabled. - replace the first several bytes of
do_page_faultwith a jump instruction which jumps to my code. However, I need to usedo_page_faultlatter in my code. I have to put the replaced instructions to another place, but the size of x86 code is hard to determin, and if one of the replaced instructions is jump, things will get more complicated.
Do you guys have any idea to solve the problem?
Upvotes: 1
Views: 984
Answers (1)
Alexey Frunze
Reputation: 62106
Change the IDT entry to point to your handler. Call the original handler from there if/when needed. No need to copy the IDT or patch the existing code.
Upvotes: 4
Related Questions
- How do I catch system-level exceptions in Linux C++?
- Intercepting c++ exceptions
- Receiving SIGINT and exception Handles in Linux
- Best way to abstract wrapping C error handling with exceptions
- Linux kernel thread created inside exception handler stalls
- Throwing C++ exceptions from linux system errors
- Exception Handling in C without C++ in Linux
- Exception handling in linux
- How to replace the default handler with user defined handler in Linux kernel that handles the exceptions generating core dump?
- Catching exceptions with objective-c in Linux