Xen project Mailing List

After step by step monitoring, I get the following statistics about hypercall entries:

numbers | hypercalls | executed bytes (offset to hypercall entry)

7755 24: 0 1 3 8 a c d

6374 23: 0 1 3 4 9

3281 25: 0 1 3 8 a c d

2979 13: 0 1 3 8 a c d

2475 17: 0 1 3 8

2253 17: a c d

749 3: 0 1 3 8 a c d

655 23: 0 1 3 4 9 0 1 3 4 9

640 29: 0 1 3 8

636 29: a c d

445 23: 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9

433 23: 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9

414 24: 0 1 3 8 a c d 0 1 3 8 a c d

274 13: 0 1 3 8 8 a c d

129 17: d

125 17: a c

112 29: a c d 0 1 3 8

112 17: c d

105 17: a

73 24: 0 1 3 8 a c d 0 1 3 8 a c d 0 1 3 8 a c d

67 17: 0

59 17: 8 a c d

54 17: 0 1 3

53 17: 0 1

50 17: 1 3 8 a c d

46 17: 3 8 a c d

21 3: 0 1 3 8 a c d 0 1 3 8 a c d

8 33: 0 1 3 8 a c d

7 17: 1 3

6 13: 0 1 3 8 8 8 a c d

5 29: d

5 23: 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9 0 1 3 4 9

4 29: a c

4 17: 3

3 17: 8 a

3 17: 8

3 17: 3 8

3 17: 1 3 8 a c

3 17: 1

2 29: 0 1 3 8 a c d

2 17: 3 8 a

2 17: 1 3 8 a

2 17: 1 3 8

1 29: c

1 29: a

1 29: 3 8 a c d

1 29: 1 3 8 a c d

1 29: 0 1

1 29: 0

1 17: 3 8 a c

From the above we can see that hypercall #17 and #29 are very irregular, with various combination occurs. Other hypercalls basically obey to the sequence of "0 1 3 8 a c d" which conforms to the content in hypercall_page_initialise function. HYPERCALL_iret is a special one as explained in the function, but it also conforms to its sequence of "0 1 3 4 9". So why would #17(do_xen_version) and #29(do_sched_op) performs irregular? They seem to be easily interrupted at any place of the hypercall entry. Besides, there is also some abnormals for #13(do_multicall) shown in bold.

From: quizy_jones@xxxxxxxxxxx
To: xen-devel@xxxxxxxxxxxxxxxxxxxx
Date: Wed, 2 Mar 2016 12:44:16 +0000
Subject: Re: [Xen-devel] what's inside hypercall page?

For following hypercall page initialise code, where would the execution jumps at syscall? How can I predict what is the execution order of "pop %r11"? Is it the fifth instruction/step? I need the order to precisely set up hooks to monitor hypercalls.

static void hypercall_page_initialise_ring3_kernel(void *hypercall_page)

{

char *p;

int i;

/* Fill in all the transfer points with template machine code. */

for ( i = 0; i < (PAGE_SIZE / 32); i++ )

{

if ( i == __HYPERVISOR_iret )

continue;

p = (char *)(hypercall_page + (i * 32));

*(u8 *)(p+ 0) = 0x51; /* push %rcx */

*(u16 *)(p+ 1) = 0x5341; /* push %r11 */

*(u8 *)(p+ 3) = 0xb8; /* mov $<i>,%eax */

*(u32 *)(p+ 4) = i;

*(u16 *)(p+ 8) = 0x050f; /* syscall */

*(u16 *)(p+10) = 0x5b41; /* pop %r11 */

*(u8 *)(p+12) = 0x59; /* pop %rcx */

*(u8 *)(p+13) = 0xc3; /* ret */

}

* HYPERVISOR_iret is special because it doesn't return and expects a

* special stack frame. Guests jump at this transfer point instead of

* calling it.

p = (char *)(hypercall_page + (__HYPERVISOR_iret * 32));

*(u8 *)(p+ 0) = 0x51; /* push %rcx */

*(u16 *)(p+ 1) = 0x5341; /* push %r11 */

*(u8 *)(p+ 3) = 0x50; /* push %rax */

*(u8 *)(p+ 4) = 0xb8; /* mov $__HYPERVISOR_iret,%eax */

*(u32 *)(p+ 5) = __HYPERVISOR_iret;

*(u16 *)(p+ 9) = 0x050f; /* syscall */

朗读