|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Question about the repeated page fault
Andrew Cooper wrote on 2013-09-22: > On 21/09/2013 17:02, Andrew Cooper wrote: > > > On 21/09/2013 15:52, Kai Luo wrote: > > > Hello everyone: > > Recently,I am working on a feature of intercepting the > giving > function in windows SSDT table,I replace address of function in SSDT > whith an invalid address. > The question is when I trapped the page fault caused by > accessing the invalid address and I recovered it to the correct > function address,I can recive the same page fault again.That is to say: > 1.I trapped a page fault caused by an invalid address > in > sh_page_fault(struct vcpu *v,unsigned long va,struct cpu_user_regs *regs) > 2.I rescover the guest eip to the correct address > using > the following code(Missing something?): > regs->eip = <correct_addr> > __vmwrite(GUEST_RIP, <correct_addr>); > 3.Another page fault caused by the same address > occured > I dumped the vmcs when the page faults occured,contents in > vmcs > are almost the same except the 'Virtual processor ID',still > confused.Could you help me to analyse the strange phenomenon?Thank you very > much! > > Jone > > > > Ignoring for now whether this is sensible in the slightest, are you > certain that the SSDT function is only being executed once by Windows > and still resulting in two pagefaults? > > (Not directly related, but) sh_page_fault() is only valid for shadow > mode, and not valid for EPT/NPT, which HVM domains default on > appropriate hardware. > > The vmentry helper writes regs->rip back to GUEST_RIP so you should > not need to do that. If you have followed the instructions at the top > of sh_page_fault(), the guest should retry the access with the correct RIP. Yes, this is the point. You should not write GUEST_RIP directly. Instead, modify regs->rip to the correct_addr. > > As for the VPID being different, that is to be expected. > > > > > Thinking about this a little more, it is utterly crazy. The SSDT will > be made of AML which will be interpreted. The pagefault will almost > certainly have occurred because of a read from the bad address, rather > than an instruction fetch. Fixing up rip will result in an unexpected > branch as far as the VM is concerned. I am surprised it didn't BSOD. > > > If you still insist on using this method, then you would need to > decode the instruction under regs->rip and fix up the appropriate source > operand. I guess he knows correct_addr. So there is no decoding involved. > > ~Andrew Best regards, Yang _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |