WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Debugging the hypervisor

To: Matthew Donovan <matthew@xxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Debugging the hypervisor
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Wed, 21 May 2008 18:56:00 +0100
Delivery-date: Wed, 21 May 2008 10:56:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <60D45469A1AAD311A04C009027B6BF6806461057@SERVER20>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Aci7a+13K8aFACdfEd2/hwAWy6hiGQ==
Thread-topic: [Xen-devel] Debugging the hypervisor
User-agent: Microsoft-Entourage/11.4.0.080122
On 21/5/08 18:52, "Matthew Donovan" <matthew@xxxxxxxxxxxxxx> wrote:

>> What do you require the IDT details for?
> 
> We're working on a security service using VM introspection to monitor the
> state of a running guest.  We'd like to include the IDT as part of that
> monitoring.
> 
>> The right approach to obtain those details is to issue an  hvm_save
> hypercall and then
>> parse the returned guest state to find the IDT details for each VCPU.  I
> can give 
>> yous ome more direction on this if that is what you need to be able to do.
> 
> That would be great.

Okay, then see xc_domain_hvm_getcontext() as defined in
tools/libxc/xc_domain.c and provided by library libxenctrl. An example of
its usage is in xc_domain_save.c -- first call is to get required size of
the state buffer; second call fills the dynamically allocated buffer.
Alternatively I think you can just make the buffer 'plenty big enough', e.g.
64kB.

The contents of the state buffer is a set of state records, format you can
probably work out after looking in xen/include/public/hvm/save.h and the
arch-specific header file xen/include/public/arch-x86/hvm/save.h. You're
looking for the hvm_hw_cpu structure, and the idt_base/idt_limit that it
contains. You can then map pages of guest memory to walk its pagetables
(based on cr0/cr3 values from the hvm_hw_cpu structure) and ultimately get a
mapping of its IDT. And from there you can do what yoiu need to do...

So overall it's a pretty involved operation to get at the IDT. Whether it's
worthwhile depends on how badly you need it.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>