Question about uprobes

Mulyadi Santosa mulyadi.santosa at gmail.com
Fri Apr 7 07:51:35 EDT 2017


On Thursday, April 6, 2017, W. Michael Petullo <mike at flyn.org> wrote:

> >> I am writing some software that monitors a guest VM using
> virtual-machine
> >> introspection and "hijacks" system calls under certain conditions. For
> >> example, the program might inject an int3/breakpoint into the guest
> >> kernel at the entry point to sys_open. When the breakpoint is hit, the
> >> program might set the guest instruction pointer to the address to which
> >> sys_open would have itself returned and set register RAX to some desired
> >> error-code return value.
> >>
> >> The problem I am encountering is that for some reason the process is
> >> triggering a "uprobe ... failed to handle uretprobe" message from the
> >> guest kernel.  I do not yet know enough about uprobes to understand what
> >> might be causing this. Is there something in procedures such as sys_open
> >> which must execute to prevent the error which causes the kernel to print
> >> this message?
>
> >> What vm  hypervisor do you use?
>
> We are using Xen + libvmi.
>
> I have continued to read the kernel sources, and as best as I can
> understand it the kernel installs uprobe instrumentation if it detects
> a software breakpoint. Our program does not reinject the software
> breakpoints it services back into the guest, so I am still trying to
> figure out why uprobes seems to get triggered.
>
> --
> Mike
>
> :wq
>

I am not really into xen, but afaik both guest and host xen kernel is
modified in order to facilitate hypercall

Thus, i suggest you study first how hypercall works

Regards,

Mulyadi


-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20170407/9478d06c/attachment.html 


More information about the Kernelnewbies mailing list