[Lguest] probing the guest os kernel code ?
dylan
weijunliu at yahoo.cn
Thu Dec 10 01:09:47 EST 2009
Rusty Russell 写道:
> > On Wed, 25 Nov 2009 06:01:04 pm dylan wrote:
>
>> >> I want to collect informations about guest os,so i probing the guest
>> >> os code using kprobe.
>> >> First, I run a guest os(linux-2.6.31) using lguest, and insmod the
>> >> fellow module--the code is as follows.
>> >>
>> >> @%@%> insmod /home/lguest_kprobe_example.ko
>> >> [ 11.592410] Planted kprobe at c0163430
>> >>
>> >> Results is right above,but when I run command "dmeg" to view the
>> >> print information,the results are fellows:
>> >>
>> >> @%@%> dmesg
>> >> [ 85.056197] pre_handler1: p->addr = 0xc0163430, ip = c0163431, flags
>> >> = 0x286
>> >> [ 85.056249] pre_handler2: p->symbol_name=do_fork, p->opcode=85
>> >> lguest: Bad address 0xc3a37c34
>>
> >
> > I'm not surprised. We don't let the guest set debug registers or such. No
> > doubt the breakpoint instruction jumps to hyperspace.
> >
> > I've cc'd some kprobes people, in case they want to add debug register
> > support to lguest
> > Cheers,
> > Rusty.
> >
>
Thank you for your answers,but I have some questions.
I have perused the code of kprobes, especially the process of int3
exception ,debug exception and notifier mechanism.
However, I have not found any places associated with debug registers
about above problems.I find some snippets about my questions in kernel
code.
(1) arch/x86/kernel/kprobes.c
int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
unsigned long val, void *data)
{
struct die_args *args = data;
int ret = NOTIFY_DONE;
*if (args->regs && user_mode_vm(args->regs)) return ret;
*
switch (val) {
case DIE_INT3:
if (kprobe_handler(args->regs))
ret = NOTIFY_STOP;
break;
case DIE_DEBUG:
if (post_kprobe_handler(args->regs))
ret = NOTIFY_STOP;
break;
case DIE_GPF:
/*
* To be potentially processing a kprobe fault and to
* trust the result from kprobe_running(), we have
* be non-preemptible.
*/
if (!preemptible() && kprobe_running() &&
kprobe_fault_handler(args->regs, args->trapnr))
ret = NOTIFY_STOP;
break;
default:
break;
}
return ret;
}
The red code indicates if the args->regs is from user vm mode , then the
funciton will return and do nothings. (2) Indeed, lguest don't support
the debug registers.But I don't think kprobes use debug registers.
__________________________________________________
赶快注册雅虎超大容量免费邮箱?
http://cn.mail.yahoo.com
More information about the Lguest
mailing list