xen-devel

[Top] [All Lists]

RE: [Xen-devel] xen strace analysis

from [Petersson, Mats]

[Permanent Link][Original]

To:	"Sanjam Garg" <sanjamg@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	RE: [Xen-devel] xen strace analysis
From:	"Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date:	Wed, 28 Feb 2007 18:55:23 +0100
Delivery-date:	Wed, 28 Feb 2007 09:54:55 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<20070228173740.40436.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcdbX0zOjWnU9urkRFiEdZRUNiRzvAAAP5tQ
Thread-topic:	[Xen-devel] xen strace analysis

 

> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Sanjam Garg
> Sent: 28 February 2007 17:38
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] xen strace analysis
> 
> Hi
> 
> I  am looking for  a mechanism to gather information about 
> system calls that a guest Operating system  is making. Any 
> references for development of IDS's with Xen would also help.

Xen doesn't have any clue what system calls the guest-OS is making (and
should not know this). Xen itself only gets involved for certain special
operations which, generally, either deal with page-table
(memory-mapping) handling or inter-domain communication (event-channel),
and of course domain life-cycle (creating, destroying, pausing and
unpausing, save and restore, and migration). With a few other
exceptions, everything else is handled within the guest itself. That's
for the para-virtual case. In a fully-virtualized domain, there's even
less knowledge of what's going on in the guest. 

So whilst the hypervisor may be able to surmise from this knowledge that
a guest changed its pagetables around, it's not sufficiently aware of
WHY to say whether that was done because of a fork, mmap or malloc call
for example. It can determine that some communication happened between
the guest and dom0, but not whether it's a file-read or a socket network
operation, etc, etc. 

The only way to know what the guest is doing is to sit inside the
guest-OS and perform something like strace (I think there are some ways
to do a "system-wide strace", so you'd see exactly which system calls
are done by which process). 

--
Mats
> 
> Thanks
> Sanjam
> 
> 
> ________________________________
> 
> Don't pick lemons.
> See all the new 2007 cars 
> <http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE0OGRsc3F2BF9
TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3Y2Fycw-->  at Yahoo! Autos.
<http://autos.yahoo.com/new_cars.html;>
_ylc=X3oDMTE0OGRsc3F2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDb
> mV3Y2Fycw--> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] xen strace analysis, Sanjam Garg RE: [Xen-devel] xen strace analysis, Petersson, Mats <= RE: [Xen-devel] xen strace analysis, Sanjam Garg RE: [Xen-devel] xen strace analysis, Petersson, Mats

Previous by Date:	[Xen-devel] xen strace analysis, Sanjam Garg
Next by Date:	RE: [Xen-devel] Error in XendCheckpoint: failed to flush file, Graham, Simon
Previous by Thread:	[Xen-devel] xen strace analysis, Sanjam Garg
Next by Thread:	RE: [Xen-devel] xen strace analysis, Sanjam Garg
Indexes:	[Date] [Thread] [Top] [All Lists]