Re: Page Fault Handler Hijacking and Oops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alle 13:44, giovedì 4 agosto 2005, Arjan van de Ven ha scritto:
> On Wed, 2005-08-03 at 22:59 +0000, Vincenzo Mallozzi wrote:
> > Hi all,
> > in LKM I've implemented, I hijack the page fault handler with a function 
that 
> > first scans a list created by me and then call the original page fault 
> > handler.
> 
> 
> you forgot to attach your sourcecode.
> 

I've attached some pieces of my source code in a previous email. I reattach it 
below.

The data structures used are the following:
 
 1.  struct mtpmc_wrprotected_pages{
 2.   unsigned long address;
 3.   struct mtpmc_wrprotected_pages *next_page;
 4.  };
 5.
 6.  struct mtpmc_vm_wrprotected{
 7.   unsigned long vm_start;
 8.   unsigned long vm_end;
 9.  
10.   struct mtpmc_wrprotected_pages *pages;
11.   struct mtpmc_vm_wrprotected *vm_next;
12.  };
13.  
14.  static struct mtpmc_vm_wrprotected *mtpmc_mm_wrprotected;

in which I records the vmas and the corresponding pages that I've 
write-protected.
Now I post also the other pieces of code I'm using:

The exception handler function hijacked:

15.  static asmlinkage void mtpmc_handler(struct pt_regs * regs,
    long  error_code)
16.  {
17.   unsigned long address;
18.   struct mm_struct *mm;
19.   struct mtpmc_address_fault *temp;
20.  
21.   unsigned long pid = current->pid;
22.   int hijack = 0;
23.    
24.   /* store the old_exception handler pointer in mtpmc_old_int_handler */
25.   void (*mtpmc_old_int_handler)(struct pt_regs *,long) =                  
                                            (void*)mtpmc_old_handler;
26.    
27.   /* get the address */
28.   __asm__("movl %%cr2,%0":"=r" (address));
29.  
30.   mm = current->mm;
31.   if ((current->pid>=mtpmc_min_pid) && (current->pid<=mtpmc_max_pid))
32.    if ((error_code & 3) == 3)
33.     if (mtpmc_protected_by_us(address) == 1) /*ERROR IN CALLING THIS 
        FUNCTION*/
34.     {
35.      send_sig(SIGSTOP, current, 1);
36.      hijack = 1;*/
37.     }
38.   
39.   if (hijack != 1)
40.    (*mtpmc_old_int_handler)(regs,error_code);/*call the original handler*/
41.   
42.   return;
43.  }


The line that causes the error is the 33.th, when during the call to the 
mtpmc_protected_by_us() function. This function scan the list created by me 
in which I store the value of memory pages write-protected by me.

44.  #define INSIDE(a, b, c)  ( ((c) <= (b)) && ((c) >= (a)) )
45.  
46.  int mtpmc_protected_by_us(unsigned long addr)
47.  {
48.   struct mtpmc_vm_wrprotected *wr_vma;
49.   struct mtpmc_wrprotected_pages *wr_page;
50.  
51.   for (wr_vma=mtpmc_mm_wrprotected; wr_vma!=NULL; wr_vma=wr_vma->vm_next)
52.    if (INSIDE(wr_vma->vm_start, wr_vma->vm_end, addr)){
53.     for (wr_page=wr_vma->pages; wr_page!=NULL; wr_page=wr_page->next_page)
54.      if ((addr >= wr_page->address) && (addr <(wr_page->address + 
         PAGE_SIZE)))
55.       return 1;
56.     return 0;      
57.    } 
58.   
59.   return 0;
60.  }

I hope these are not too much lines of code and that I've well explained them. 
Thanks.
VM

	

	
		
___________________________________ 
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB 
http://mail.yahoo.it


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux