[Lguest] probing the guest os kernel code ?

dylan weijunliu at yahoo.cn
Thu Dec 10 00:59:50 EST 2009 

Rusty Russell 写道:
> On Wed, 25 Nov 2009 06:01:04 pm dylan wrote:
>> I want to collect informations about guest os,so i probing the guest
>> os code using kprobe.
>> First, I run a guest os(linux-2.6.31) using lguest, and insmod the
>> fellow module--the code is as follows.
>>
>> @%@%> insmod /home/lguest_kprobe_example.ko
>> [ 11.592410] Planted kprobe at c0163430
>>
>> Results is right above,but when I run command "dmeg" to view the
>> print information,the results are fellows:
>>
>> @%@%> dmesg
>> [ 85.056197] pre_handler1: p->addr = 0xc0163430, ip = c0163431, flags
>> = 0x286
>> [ 85.056249] pre_handler2: p->symbol_name=do_fork, p->opcode=85
>> lguest: Bad address 0xc3a37c34
>
> I'm not surprised. We don't let the guest set debug registers or such. No
> doubt the breakpoint instruction jumps to hyperspace.
>
> I've cc'd some kprobes people, in case they want to add debug register
> support to lguest
> Cheers,
> Rusty.
>
Thank you for your answers,but I have some questions.

I have perused the code of kprobes, especially the process of int3
exception ,debug exception and notifier mechanism.
However, I have not found any places associated with debug registers
about above problems.I find some snippets about my questions in kernel
code.
(1) arch/x86/kernel/kprobes.c
int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
unsigned long val, void *data)
{
struct die_args *args = data;
int ret = NOTIFY_DONE;
*if (args->regs && user_mode_vm(args->regs)) return ret;
*
switch (val) {
case DIE_INT3:
if (kprobe_handler(args->regs))
ret = NOTIFY_STOP;
break;
case DIE_DEBUG:
if (post_kprobe_handler(args->regs))
ret = NOTIFY_STOP;
break;
case DIE_GPF:
/*
* To be potentially processing a kprobe fault and to
* trust the result from kprobe_running(), we have
* be non-preemptible.
*/
if (!preemptible() && kprobe_running() &&
kprobe_fault_handler(args->regs, args->trapnr))
ret = NOTIFY_STOP;
break;
default:
break;
}
return ret;
}

The red code indicates if the args->regs is from user vm mode , then the
funciton will return and do nothings. (2) Indeed, lguest don't support
the debug registers.But I don't think kprobes use debug registers.
__________________________________________________
赶快注册雅虎超大容量免费邮箱?
http://cn.mail.yahoo.com

More information about the Lguest mailing list