0

I have a process PID that access a memory region that it's not allowed to, the CPU creates a trap into the kernel which calls do_page_fault() which will send SIGSEGV to the user process. The user process has a custom signal handler that has some logic and the faulting instruction is resumed. What I want to do is to move this signal handler logic to kernel space and prevent SIGSEGV from being sent. For that could I write a kernel module that hijacks the fault handler for this PID or something? or do I have to add my logic to do_page_fault()? Some guidance would be helpful.

ruke
  • 55
  • 5
  • Would be a massive undertaking, but I could see `ebpf` being used for this. A hackier way just for fun and to get something happening faster would be to find exactly where the sigsegv is being sent and don't send the signal if the `current->comm` is equal to the name of your process. Relies on you hard coding the program name and not relying on PID. – wxz Mar 25 '22 at 21:13
  • @wxz Out of all things, why use `->comm` to identify the process and not the PID? That's a very NOT unique value that can also be arbitrarily changed during execution. Makes no sense. – Marco Bonelli Mar 26 '22 at 03:09
  • Just a suggestion. Couldn't tell if this is for a legit program or just getting feet wet with kernel hacking. Relax – wxz Mar 26 '22 at 06:52
  • in the kernel module, is there a way to hijack this memory access violation trap like using irq_handler() or something? – ruke Mar 26 '22 at 08:28

1 Answers1

0

userfaultfd() could be useful to you. It allows you to handle page faults in usermode.

user
  • 1
  • 1
  • I want to avoid expensive context switches of executing my logic in a signal handler by moving it to the kernel itself, using userfaultfd() defeats that purpose? – ruke Mar 26 '22 at 08:20
  • Probably not. The fault would happen anyway. – user Mar 26 '22 at 11:41
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 26 '22 at 19:26