This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: How to intercept interrupts from guest domains

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: How to intercept interrupts from guest domains
From: Mads Bergdal <mbergdal@xxxxxxxxx>
Date: Thu, 21 Sep 2006 13:46:19 +0200
Delivery-date: Thu, 21 Sep 2006 04:47:55 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C1357E8B.1615%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <eeoelb$qec$1@xxxxxxxxxxxxx> <C1357E8B.1615%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (Macintosh/20060909)
Keir Fraser wrote:
On 19/9/06 10:52, "Mads Bergdal" <mbergdal@xxxxxxxxx> wrote:

I am writing my master thesis on virtualization with Xen. I am trying to
    intercept the hypercalls coming from the guest domains. More
specific I am trying to determine where in memory a guest domain is
writing. Does anyone have a hint on where in the code I should try to do
If you want to know where a guest is writing you need to do more than
intercept hypercalls. You want to intercept memory accesses to, which would
liekly mean you need to run on shadow pagetables and manipulate access
permissions to trap on first access to a page.

 -- Keir
Yes, that sounds reasonable. Do you know where in the code this could be

What's the intended purpose? You could perhaps look at the log-dirty shadow
mode. This is used to track which pages have been modified by the guest -- a
page which the guest maps writeable is not made writable in the shadow page
tables until the time of the first write access (when that page is added to
a 'dirty log' for further processing).

Be warned that modifying the shadow code is rather more difficult than a
project that would simply involve adding a hook point to every hypercall!

 -- Keir
Thanks for the hints. I really appreciate it.

My main purpose of this is to try to monitor when a guestdomain tries to write to a specific address in it's memory. (An address that it should not write to) And then get the Hypervisor to notify my userspace "surveillance" program about this. I have spent quite some time now reading the code. I must admit I am a bit lost. I am not sure where in the code I should be looking to get started.

From what you write above I take it that you think the easiest approach is to hook into the hypercalls? I that case which hypercalls and where?

If not, where should I look to learn he internals of the shadow mode?

Hope I am not wasting your time...


Xen-devel mailing list