Memory mapping

Memory mapping

[Siders, Keith]

OK, now that I've spent a couple weeks looking at Linux memory management,
can someone please help me straighten this out. First, I have a requirement
to "unobtrusively" hot-patch instruction code ( and probably data also )
segments in memory. I've decided that the best way to do this is to mmap
device memory of a pseudo-device module to both the patching process and the
target process. To the patching process it can be viewed as just RW data
memory, but to the target process it must look like read-only executable. In
addition I have found the find_task_by_pid() for getting the process
descriptor for the target process. So...

1. Can I copy off the current task pointer and substitute the task pointer
returned by find_task_by_pid() (in the pseudo-device mmap() call), and do
remap_page_range() to map the memory to the target process?

2. Do I need to set task->has_cpu or any other controls to have the remap
work?

3. The book "Understanding the Linux Kernel" has so many references to
vm_area_struct that I'm confused as to when this memory area gets allocated,
let alone who it belongs to in the mmap() call. I had thought I'd just do
get_free_page() and mmap that address, but everything seems very convoluted
with so many references in the API's to vm_area_struct: I can't seem to keep
straight just what VM is supposed to be passed in the mmap() call, where it
comes from, etc. Is this the [task]->active_mm->mmap vm_area_struct or
should I look for another? 

HELP! Code deadline was supposed to be noon today ( I'm screwed ) and this
is the main hitch holding me back. BTW, I can't tell why I'm doing this, so
please don't ask...

Keith Siders
Software Engineer
 Toshiba America Consumer Products, Inc.
Advanced Television Technology Center
801 Royal Parkway, Suite 100
Nashville, Tennessee 37214
Phone: (615) 257-4050
Fax:   (615) 453-7880

Re: Memory mapping

[Keith Owens]

On Mon, 19 Nov 2001 10:18:23 -0600, 
"Siders, Keith" <keith_siders@toshibatv.com> wrote:
>OK, now that I've spent a couple weeks looking at Linux memory management,
>can someone please help me straighten this out. First, I have a requirement
>to "unobtrusively" hot-patch instruction code ( and probably data also )
>segments in memory.

At the risk of stating the obvious, have you looked at the ptrace code
in arch/$(ARCH)/kernel/ptrace.c?  That already does all the work for
reading and writing code and data.

RE: Memory mapping

[Siders, Keith]

-> >OK, now that I've spent a couple weeks looking at Linux 
-> >memory management,
-> >can someone please help me straighten this out. First, I 
-> >have a requirement
-> >to "unobtrusively" hot-patch instruction code ( and 
-> >probably data also )
-> >segments in memory.
-> 
-> At the risk of stating the obvious, have you looked at the 
-> ptrace code
-> in arch/$(ARCH)/kernel/ptrace.c?  That already does all the work for
-> reading and writing code and data.
->

Yep, most of what it does I have in the simple patch case: replace existing
instructions. It did give me some things to check to make certain it works,
though. Thanks. The other case requires adding code, so kernel space memory
must be allocated and mmap'd. That's what I've been wrestling most with.

memory mapping

[Srividya Ramanathan]

Hi,
 Thanks a lot. I am facing one more problem. There is
one section of the driver where we map a small portion
of the PCI card's memory into user space. During
driver initialization, a magic number is written into
this space and read back from user space to verify the
driver is set up correctly. This fails.

any other way to locate the problem?

Thanks
R Srividya



		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 

memory mapping

[Grzegorz Milos]

Hi there!

You were in a meeting half an hour ago (or so), so instead of asking in person 
I am writing this email.

I am looking at the memory mapping done from a privileged domain, and I am 
getting a bit lost in the call stack. Could you possibly fill in the missing 
gap (hopefully I did not get everything wrong :) ):

xc_map_foreign_range   (userspace dom0)
ioctl (userspace dom0)

privcmd_ioctl (kernelspace dom0)
direct_remap_area_pages (kernelspace dom0)
__HYPERVISOR_do_mmu_update ?
....

do_mmu_update (Xen)


Also, when dom0 decides to unmap some memory, isn't it that domain just drops 
appropirate entry from its pagetable and Xen is not even informed? This would 
mean that the counter we talked about could not be really made to work that 
easily. 
What if I wanted to force dom0 to drop some mapping. Any simple way of doing 
that?

Thanks
Gregor



-- 
Quidquid latine dictum sit, altum viditur --- Anon

Re: memory mapping

[Grzegorz Milos]

Oops, sorry, that was supposed to be send to Keir directly. Please ignore.

Gregor

> Hi there!
>
> You were in a meeting half an hour ago (or so), so instead of asking in
> person I am writing this email.
>
> I am looking at the memory mapping done from a privileged domain, and I am
> getting a bit lost in the call stack. Could you possibly fill in the
> missing gap (hopefully I did not get everything wrong :) ):
>
> xc_map_foreign_range   (userspace dom0)
> ioctl (userspace dom0)
>
> privcmd_ioctl (kernelspace dom0)
> direct_remap_area_pages (kernelspace dom0)
> __HYPERVISOR_do_mmu_update ?
> ....
>
> do_mmu_update (Xen)
>
>
> Also, when dom0 decides to unmap some memory, isn't it that domain just
> drops appropirate entry from its pagetable and Xen is not even informed?
> This would mean that the counter we talked about could not be really made
> to work that easily.
> What if I wanted to force dom0 to drop some mapping. Any simple way of
> doing that?
>
> Thanks
> Gregor

-- 
Quidquid latine dictum sit, altum viditur --- Anon

Memory mapping

[Frederic Beck]

Hello

I managed to do what i wanted with my module (finally gave up on the
syscall and did everything in the module init), and i foudn the offsets
i was looking for. I later found out that what i've done was already
available via XenAccess (tools/linux-offset-finder).

I have the following offsets:
linux_name = 0x225;
linux_tasks = 0xd0;
linux_mm = 0xe8;
linux_pid = 0x10c;
linux_pgd = 0x24;
linux_addr = 0x84;

After disabling fast system calls handling, i modified  do_guest_trap in
xen/arch/x86/traps.c. I get the user regs to have access to the CPU
registers EAX, EIP and ESP (info i wanna log via the tracing). I take
the ESP and apply the mask 0xFFFFF000 to get the base address of the
thread_info struct.

user_regs = guest_cpu_user_regs();
base_addr = (user_regs->esp & 0xFFFFF000);

Then the first 4 bytes after this base_addr are on a regular system a
pointer to a task_struct where the PId of the current task is stored,
which i wanna get. On a regular OS (i tested on Dom0 or DomU) I can
find easily the PID and print it out. I would like to do the same in
the hypervisor. 

I tried to map the same code without modification, but i begin reading
memory addresses that do not exist and the hypervisor crashes when i
create my DomU. So far, i'm not very surprised, as there must be some
virtual memory handling that i'm missing.

However, i do not understand well how i can do the mapping. how do i
map this kernel address in the hypervisor to read the right memory
address ?

I guess that this mapping will be different for HVM and PV domains ? Is
there a function that dynamically detects what kind of domain the guest
is ?

Moreover, i found out in XenAccess that the right formula to get the
PID would be 
memcpy(&pid, memory + offset + PID_OFFSET - TASKS_OFFSET,4);
I guess that memory is the base adress of the virtual stack. How can i
find that value ? in that case the base_addr i calculated earlier would
be the offset ?

Thanks for the help!

Regards
Fred

Re: Memory mapping

[Frederic Beck]

Well, first of all, i did a wrong copy and paste when i mapped the
code, the mask i apply is 0xFFFFE000.

I checked the control registers, cr0 and cr3 to ensure that paging is
used, i just have to understand now how it is implemented.

Digging right now in several file, prom mm.c to page.h, paging.h to
understand how i can walk through the memory.

Any hint or pointer to documentation would be helpful

Thanks
Fred

Le Mon, 16 Feb 2009 17:58:24 +0100,
Frederic Beck <frederic.beck@loria.fr> a écrit :

> Hello
> 
> I managed to do what i wanted with my module (finally gave up on the
> syscall and did everything in the module init), and i foudn the
> offsets i was looking for. I later found out that what i've done was
> already available via XenAccess (tools/linux-offset-finder).
> 
> I have the following offsets:
> linux_name = 0x225;
> linux_tasks = 0xd0;
> linux_mm = 0xe8;
> linux_pid = 0x10c;
> linux_pgd = 0x24;
> linux_addr = 0x84;
> 
> After disabling fast system calls handling, i modified  do_guest_trap
> in xen/arch/x86/traps.c. I get the user regs to have access to the CPU
> registers EAX, EIP and ESP (info i wanna log via the tracing). I take
> the ESP and apply the mask 0xFFFFF000 to get the base address of the
> thread_info struct.
> 
> user_regs = guest_cpu_user_regs();
> base_addr = (user_regs->esp & 0xFFFFF000);
> 
> Then the first 4 bytes after this base_addr are on a regular system a
> pointer to a task_struct where the PId of the current task is stored,
> which i wanna get. On a regular OS (i tested on Dom0 or DomU) I can
> find easily the PID and print it out. I would like to do the same in
> the hypervisor. 
> 
> I tried to map the same code without modification, but i begin reading
> memory addresses that do not exist and the hypervisor crashes when i
> create my DomU. So far, i'm not very surprised, as there must be some
> virtual memory handling that i'm missing.
> 
> However, i do not understand well how i can do the mapping. how do i
> map this kernel address in the hypervisor to read the right memory
> address ?
> 
> I guess that this mapping will be different for HVM and PV domains ?
> Is there a function that dynamically detects what kind of domain the
> guest is ?
> 
> Moreover, i found out in XenAccess that the right formula to get the
> PID would be 
> memcpy(&pid, memory + offset + PID_OFFSET - TASKS_OFFSET,4);
> I guess that memory is the base adress of the virtual stack. How can i
> find that value ? in that case the base_addr i calculated earlier
> would be the offset ?
> 
> Thanks for the help!
> 
> Regards
> Fred
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Memory Mapping

[Lakshitha Harshan]

[-- Attachment #1.1: Type: text/plain, Size: 245 bytes --]

Hi all,

I want to get the access to task structs in domUs to get the memory
addresses of code segments in each process. So how do I read/map the data
correctly which I get through xc_map_foreign_range or  xc_map_foreign_batch?

Thanks,
Harshan

[-- Attachment #1.2: Type: text/html, Size: 306 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Memory Mapping

[Konrad Rzeszutek Wilk]

On Fri, May 06, 2011 at 08:20:18PM +0530, Lakshitha Harshan wrote:
> Hi all,
> 
> I want to get the access to task structs in domUs to get the memory
> addresses of code segments in each process. So how do I read/map the data
> correctly which I get through xc_map_foreign_range or  xc_map_foreign_batch?

You mean, how do I identify that the blob of memory you mapped is
a task struct? I would suggest you look in the debuggers (gdbsx for example)
and see how they figure this out.