[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] hypercall execution path?

Where have you put this tracing?

How you are arranging for the hypercall you are expecting to be called
and how you are matching that up with where your tracing is placed?

Perhaps you could post your code so we can see what you are actually

This all started with me playing with grant tables. I have a simple example setup where I am passing a string from a domU kernel module to a dom0 kernel module. Dom0 allocates the page and sets permissions in the grant table using gnttab_grant_foreign_access.

In domU, the kernel module makes a GNTTABOP_copy hypercall to pass the string. The domU code looks like this:

static int send_string (grant_ref_t gref)
    struct gnttab_copy op;
    char str[MAX_STR_LENGTH];

    /* hard code string for testing */
    memset(str, 0, MAX_STR_LENGTH);
    memcpy(str, "This is a test\n", 16);

    op.source.domid = DOMID_SELF;
    op.source.offset = (PAGE_SIZE-1) & (uint32_t)str;
    op.source.u.gmfn = virt_to_mfn(str);
    op.dest.domid = 0;
    op.dest.offset = 0;
    op.dest.u.ref = gref;
    op.len = strnlen(str, MAX_LOG_LENGTH);
    op.flags = GNTCOPY_dest_gref;

    HYPERVISOR_grant_table_op(GNTTABOP_priv_write, &op, 1);

    /* make sure that the hypercall succeeded */
    if (op.status){
        printk("Grant table operation failure\n");
        return 1;

    return 0;

This code setup seems to work just fine. I can pass the string to dom0 without any problems.

Next, I wanted to study the execution path between the two kernel modules. As part of this, I placed code in the hypervisor to print out the EIP value from domU while servicing the hypercall (the one shown in the code above). I put this code in the __gnttab_copy function of common/grant_table.c, because this is the function that does most of the work for this hypercall. Here I simply print out the EIP value, as indicated in my prior email:

uint32_t eip = sd->vcpu[0]->arch.guest_context.user_regs.eip;
gdprintk(XENLOG_WARNING, "eip=0x%x", eip);

Note that I'm using 'sd' for the domain since I'm interested in the domain that invoked the hypercall. This is where I see the eip value that I indicated in my previous email. Also note that I am doing this after 'sd' is initialized, of course :-)

My assumptions are as follows:

* When I make a hypercall from domU, the execution switches to the hypervisor immediately (as soon as the 'int' instruction is issued).

* The hypervisor services this hypercall and then returns to domU where it left off.

However, this is now what I'm seeing... and this is why I'm confused. Hopefully this helps explain the problem. Let me know if you have any other questions about my setup.


Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.