[Lguest] probing the guest os kernel code ?

dylan weijunliu at yahoo.cn
Wed Dec 9 20:38:38 EST 2009 

Rusty Russell 写道:
> On Wed, 25 Nov 2009 06:01:04 pm dylan wrote:
>   
>> I want to collect informations about guest os,so i probing the guest os 
>> code using kprobe.
>> First, I run a guest os(linux-2.6.31) using lguest, and insmod the 
>> fellow module--the code is as follows.
>>
>> @%@%> insmod /home/lguest_kprobe_example.ko
>> [ 11.592410] Planted kprobe at c0163430
>>
>> Results is right above,but when I run command "dmeg" to view the print 
>> information,the results are fellows:
>>
>> @%@%> dmesg
>> [ 85.056197] pre_handler1: p->addr = 0xc0163430, ip = c0163431, flags = 
>> 0x286
>> [ 85.056249] pre_handler2: p->symbol_name=do_fork, p->opcode=85
>> lguest: Bad address 0xc3a37c34
>>     
>
> I'm not surprised.  We don't let the guest set debug registers or such.  No
> doubt the breakpoint instruction jumps to hyperspace.
>
> I've cc'd some kprobes people, in case they want to add debug register
> support to lguest 
>
> Cheers,
> Rusty.
>
>   
Thank you for your answers,but I have some questions.

I have perused the code of kprobes, especially the process of int3 exception ,debug exception and notifier mechanism.
 However, I have not found any places associated with debug registers  about  above  problems.I find some snippets about my questions in kernel code.
(1) arch/x86/kernel/kprobes.c
int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
				       unsigned long val, void *data)
{
	struct die_args *args = data;
	int ret = NOTIFY_DONE;
        
	*if (args->regs && user_mode_vm(args->regs)) 
		return ret;
*
	switch (val) {
	case DIE_INT3:
		if (kprobe_handler(args->regs))
			ret = NOTIFY_STOP;
		break;
	case DIE_DEBUG:
		if (post_kprobe_handler(args->regs))
			ret = NOTIFY_STOP;
		break;
	case DIE_GPF:
		/*
		 * To be potentially processing a kprobe fault and to
		 * trust the result from kprobe_running(), we have
		 * be non-preemptible.
		 */
		if (!preemptible() && kprobe_running() &&
		    kprobe_fault_handler(args->regs, args->trapnr))
			ret = NOTIFY_STOP;
		break;
	default:
		break;
	}
	return ret;
}

The red code indicates if the args->regs is from user vm mode , then the funciton will return and do nothings. 
(2) Indeed, lguest don't support the debug registers.But I don't think kprobes use debug registers.

 



__________________________________________________
¸Ï¿ì×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä?
http://cn.mail.yahoo.com

More information about the Lguest mailing list