We use kernel 3.7 Fedora16, 64-bit and want to intercept kernel functions.
We tried Linux Kernel: System call hooking example and successfully received the address of "sys_call_table", while returned address of "access_remote_vm" is NULL.
Please advice.
Related
I would like to know what callback gets called in Linux device drivers when issuing poweroff from user space. The driver is built as external module.
For suspend / resume we have struct dev_pm_ops methods.
Is there any method/callback that could be registered for getting called when issuing poweroff/shutdown command from user space?
I want to send message from VM kernel to host kernel without net like socket. I refer to hypercall but still can not know how to use. Is there any tutorials or any other solution?
A possibility might be to use AF_NETLINK sockets documented in netlink(7). You might need to code then load your own Linux kernel module.
So I understand that a kernel driver sits on top of HW device and then to communicate with the device via user space you will need to talk to the kernel driver via CreateFile && Read && Write. I have seen the design of Window's kernel drivers and their sample codes whether it is a USB or PCI or...
Now what I want to understand is how does the kernel drive communicate with the hardware? Where is the driver code would we usually find the code responsible for reading/writing registers on a certain device? What does the driver need to communicate with the device? I was told it is the BAR0 value that maps the HW to the virtual memory area which means any address we want to access on a physical device would start at that address. Is that correct? what If I have BAR0 = 0xfc500000, do i have to find addresses of certain register on the device and then ad it as an offset?
Driver need to get HW Resources from the OS. in a PCI device example, you will get MMIO Address and the interrupt vector. the MMIO Address is a physical address the PCI Controller and the BIOS map the device too.
the driver gets this value in EvtPepareHardware callback (in KMDF) and then need to map it to kernel Virtual address using MmMapIoSpace().
once you get a kernel Virtual address theoretically it is a "pointer" to the HW memory space and you can access the registers as you wish.
but it is recommended to use the HAL macros to void caching and other issues to access that memory. e.g. READ_REGISTER_ULONG64
to find the address of a registers you the Hardware device spec
for more info read this "Reading and Writing to Device Registers"
I'm writing a Linux kernel module. A userspace process (P1) sends a virtual address and size to my kernel module. I save the virtual address (V1). It corresponds to some physical address (Ph).
Now, another userspace process (P2) calls my kernel module. In this case, I want to create a virtual address (V2) for P2, that would be mapped to the same physical address (Ph) in my kernel module.
How can I do this in the kernel module?
Also, is there any way to get the value of Ph in the kernel module?
i have been doing the KVM stuff and have a couple of questions that can not figure out.
1> as we know, normally the external interrupt will cause VMexit and the hypervisor will inject a virtual interrupt if it is for guest. Then which irq will be injected (i mean the interrupt vector for indexing the guest IDT)? How does the KVM get to know about this (associate a host IRQ with a guest virtual IRQ)?
2> if for assigned device to the guest, the hypervisor will deliver that IRQ to the guest. by tracing the code, i found the host IRQ is different with the guest's (i mean the interrupt vector). how the KVM configure which interrupt vector the guest should use?
3> if we configure not exit on external interrupt by setting some field in VMCS, what will happen during the physical interrupts? will the CPU use the guest IDT for response interrupt? If so, can KVM redirect the CPU to use another IDT for guest (assuming modifying the IDTR)?
4> where is the guest IDT located? it this configured by the qemu while initializing the vcpu and registers (include the IDTR)?
I really hope someone can reply to my questions. I will be very appreciated.
Thanks
1-
2-
The code is in irq_comm.c and very complex. For the guest vector, the hypervisor traps and monitors the PCI configuration space of the guest (this is actually done in QEMU - see for instance kvm_msi_update - however a syscall to the KVM updates it with the data).
3- Yes. For setting another IDT - you need to change the IDTR field in the VMCS.
4- The guest IDT is configured by the guest code. QEMU/KVM is not directly involved in it. You need to configure the execution-controls to trap on LIDT in order to monitor changes for the guest IDTR.
Sounds like you are trying to implement ELI from ASPLOS'12.
Contact me offline (the second author of the paper - NA).