[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [VMI] How to add support for MOV-TO-DRx events ?



On Thu, May 9, 2019 at 4:54 PM Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>
> On 09/05/2019 23:34, Tamas K Lengyel wrote:
> > On Thu, May 9, 2019 at 3:50 PM Razvan Cojocaru
> > <rcojocaru@xxxxxxxxxxxxxxx> wrote:
> >> On 5/10/19 12:31 AM, Andrew Cooper wrote:
> >>> What we'll have to do is end up in a position where we can have some
> >>> real %dr settings given by the VMI agent, and some shadow %dr settings
> >>> which the guest interacts with.  Also I should warn you at this point
> >>> that, because of how the registers work, It will not be possible to have
> >>> guest-shadowed %dr functioning at the same time as VMI-provided %dr
> >>> settings.
> >>>
> >>> I guess the main usecase here is simply hiding from the guest kernel
> >>> that debugging activities are in use, and we are ok to break the real
> >>> use of gdb/other inside the guest?  Razvan/Tamas: As your the
> >>> maintainers, it is your call, ultimately.
> >> What worries me here is that in that case it becomes easier for a rogue
> >> application inside the guest to figure out that the guest's being
> >> monitored, if I understand things correctly.
> >>
> >> Of course, a dom0 introspection agent may choose to simply not subscribe
> >> to DR events, and thus not alter the current flow at all, which makes
> >> things better.
> > I agree, ideally none of the VMI events should alter the guests'
> > ability to do anything it normally can and the VMI events should only
> > add overhead (and of course the cache side-effects that are
> > detectable). That said, since the usecase for Mathieu is one where he
> > can live with the guest not being able to run a debugger, I would
> > still accept the patch as long as there is an explicit comment
> > documenting its limitation. We can worry about figuring out how to
> > make the event transparent iff that becomes needed for some other
> > usecase.
>
> It is not possible to share use of the debugging facilities,
> irrespective of whether you wish to hide the sharing from the guest kernel.
>
> Depending on exactly what the VMI agent wants to do, it could see about
> context switching the hidden-active settings behind the back of the
> kernel, e.g. if one process is debugging itself, but the VMI agent wants
> to transparently debug another.
>
> However, if both the guest and VMI agent want to use the debugging
> facilities, one is going to have to relinquish use.  It should be
> possible for the VMI agent to cleanly detach its hidden settings.

Right, like relinquishing the hardware breakpoints and switching to
software breakpoints instead.

> Either way, everything comes down to what behaviour is wanted to start with.

As I said, I think adding that monitoring capability is fine as long
as its limitation is clearly documented.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.