[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] vm_event: Implement ARM SMC events

I would have to double check but AFAIK those instructions can't be
configured to trap to the hypervisor directly. So while SMC was not
intended to be a breakpoint, conceptually it's the closest thing we have
an on ARM to the INT3 instruction when configured to trap to the VMM.

Please see AArch32 HDCR.TDE and AArch64 MDCR_EL2.TDE bits. Since activating this bit would imply additional (in this context -unwanted-) traps, the performance hit of having this bit set might be significant.

Right, actually I believe KVM already implemented this, I was just under the impression it was only for aarch64. As for performance overhead I'm not that worried about it, rather I need to make sure the presence of the monitoring can remain stealthy. I know on KVM for example this type of trapping renders the guest to be unable to use singlestepping, which would easily reveal the presence of the external monitor (see https://lists.cs.columbia.edu/pipermail/kvmarm/2015-May/014589.html). So this will need to be looked at carefully.

That seems to apply to single-stepping only, which would be a different matter.

If you read the commit message on the previous patch in that thread that actually enables TDE trapping (https://lists.cs.columbia.edu/pipermail/kvmarm/2015-May/014621.html) it says: "Any other guest software debug exception (e.g. single step or HW assisted breakpoints) will cause an error and the VM to be killed." So it sounds to me singlestep on ARM is also routed as a software debug exception and thus would be trapped (again, I would need to double-check the manual). The follow up patch I linked earlier implements handling it but requires the supression of the guest being able to singlestep itself. We might be able to work around that if we can reinject the singlestep exception to the guest. So all I'm saying is that this needs to be looked at carefully as there may be issues there, especially for the use-case I have in mind.

And while having singlestepping trap to the hypervisor is very handy I actually have a better method to hide the presence of say injected SMCs, albeit it requires altp2m. Fortunately we have some students who proposed implementing it this summer through the Honeynet Project's Google Summer of Code ;)


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.