[...]
What can a custom kprobes fault handler do if a user-level instruction
causes a fault? [...]
If you look at the notifier hooks that invoke the fault handler, they
are only at the entry of the page_fault and general protection paths,
and are used to shield the kernel from seeing this fault if caused by
the probes. [...]
Yes, "caused by the probes" i.e., providing protection to buggy
pre/post handlers. What I don't understand (and rereading Richard's
message didn't help) is how *single-stepping the user code* could
trigger a fault, and do so in such a way that the kprobes-registered
handler could do something useful with it.
Is the idea that the single-stepped user instruction would e.g.,
perform memory access to an address that happens to be paged out, to
cause an ordinary page fault? OK, so you don't want the kernel to
process that as a page fault right there because of the int3 context
(right?). I can imagine this happening, but what could a user-defined
kprobes handler do to the user program to let it recover?