[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 00/11] Alternate p2m: support multiple copies of host p2m



At 11:58 +0100 on 05 Mar (1425553138), Tamas K Lengyel wrote:
> On Thu, Mar 5, 2015 at 11:36 AM, Tim Deegan <tim@xxxxxxx> wrote:
> > At 00:06 +0100 on 05 Mar (1425510383), Tamas K Lengyel wrote:
> >> Let's assume we trap an instruction that only performs data accesses
> >> on pages other than the one the instruction was fetched from. Since
> >> the instruction fetch is repeated after a failed data access due to
> >> EPT violation, the page containing the instruction has to be at least
> >> --x and the pages that will be touched by it rw- (or the proper
> >> combination or r-- and rw-) simultaneously in order to avoid getting
> >> into a live-lock. This results in all subsequent instruction fetches
> >> to succeed from the original page. Furthermore, as long as all such
> >> subsequent instructions keep accessing only the pages touched by the
> >> first instruction, we could end up missing a good chunk of code
> >> execution.
> >
> > If all you want is to audit the changes that were made to the target
> > page before making them visible (e.g. before marking the target page
> > executable or before undoing a private redirection of the page) then
> > perhaps you don't care how many instructions have executed.  You can
> > just treat that chunk of execution as if it were one really complex
> > instruction.
> >
> > Tim.
> 
> Thanks Tim, that indeed seems to have been the intended usecase for
> this subsystem. The usecase I was thinking is API call tracing via
> instruction fetch violations (stealthy debugging).

Ah, yes, for that you'd need all the function you care about to be on
different pages from their callers.  That's probably true in many
interesting cases (e.g. tracing all calls into a dll).

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.