[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Mem_event API and MEM_EVENT_REASON_SINGLESTEP


At 16:38 +0200 on 29 Nov (1354207125), Razvan Cojocaru wrote:
> I'm interested in using the mem_event API (or it's LibVMI wrapper), but 
> I'm interested in capturing write events anywhere in a domU guest's 
> memory, _and_ not just once for each page write, but every time a page 
> is being written to.
> To this end, I've looked at the xen-access.c example, where at first all 
> the pages are being monitored:
> xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, ~0ull, 0);
> xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rx, 0, 
> xenaccess->domain_info->max_pages);
> Then, after an event is received:
> xc_hvm_set_mem_access(xch, domain_id, HVMMEM_access_rwx, req.gfn, 1);
> thus allowing 'rwx' access to 1 page starting at req.gfn.
> This strategy indeed allows me to inspect writes to any page of the 
> guest OS, however I can only do this once per page. Once the page is 
> allowed HVMMEM_access_rwx access, any subsequent writes to it become 
> unavailable to my dom0 userspace tool (I'm "unregistering" for that 
> page-specific event).

Yes, indeed.

> The author of LibVMI's events code has suggested that I might enable 
> writes to that page, single step past the write instruction, and then 
> disable writes again.

That might work for single-vcpu guests.  On multi-vcpu, you'd have to
pause the whole VM, unprotect the page, single-step the one vcpu that
trapped, re-protect the page, and unpause the VM.  That might be
unacceptably slow.

> 1. I haven't been able to find an example of how single-stepping via the 
> mem_event API might work. Can you point me to some code that does this 
> (or a paper, etc.)?

I think you have to do the single-stepping via the existing debugger
API, and the memory event API stuff is just to notify you that it's

Cc'ing the author.  Joe, can you help out here?

> 2. Is there any other way to achieve what I'm after?

You could try:
 - pause the domain
 - copy out the contents of the page
 - use XENMEM_decrease_reservation to remove the page from the guest
 - unpause the domain

Then all accesses to that page will get emulated by Xen and forwarded to
qemu, just like happens for emulated MMIO devices.  In qemu, you can
emulate the read or write access, and do anything else you like at the
same time.

That won't work for memory that's accessed in non-trivial ways
(e.g. used for pagetables or descriptor tables) or using instructions
that are unsupported/buggy in Xen's instruction emulator.



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.