Re: [Xen-users] Memory Tracing using XEN Hypervisor

[George Dunlap <dunlapg@xxxxxxxxx>]

On Sat, Oct 3, 2015 at 2:33 PM, Michael Engstler
<michaelengstler@xxxxxxxxx> wrote:
> Hey,
> I have a question regarding memory tracing in XEN,
> I'l start by explaining my final goal, and then ask my question:
> I want to be able to run a guest VM and intercept all memory read\write
> operations of VM.
> The intercepting code will not be complicated and might be just a simple
> check.
> For example: I might want to intercept all memory read\write operations and
> log if the VM tried to access a specific memory address (Lets say address
> 0x7fffffff).
>
> My question is: Can this be done using a modified version of XEN ?
> Does the hypervisor actually "see" all the memory read\write operations of
> the VM ?
>
> I know this might sound "crazy" and not serious but we are a strong team of
> developers trying to solve a specific problem that requires fast memory
> tracing capabilities.
> We are willing to make the effort and spend the time in order to get the job
> done.

What you're describing is called "introspection", and it can be done
with an UNmodified version of Xen, using the vm_event and mem_event
interfaces.  See tools/tests/xen-access/xen-access.c for some sample
code to get you started.  (Unfortunately it looks like you may have to
do a lot of code reading to infer what the interface looks like, but
that should still be easier than implementing your own interface from
scratch.  Feel free to submit better documentation.)

You probably don't actually want to intercept *all* memory operations
(which would slow down VM execution by probably millions of times),
but instead just memory operations on the specific regions of memory
you care about.

These interfaces are actively used and maintained by at least two
different companies who have proprietary VM introspection products.

 -George

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users