From mboxrd@z Thu Jan  1 00:00:00 1970
From: machi1271 <machi1271@gmail.com>
Subject: Modify cr0 at dom0
Date: Fri, 17 Oct 2014 09:47:54 +0800
Message-ID: <201410170947517919470@gmail.com>
Reply-To: machi1271 <machi1271@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5173169215951380575=="
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.

--===============5173169215951380575==
Content-Type: multipart/alternative;
	boundary="----=_001_NextPart537484072403_=----"

This is a multi-part message in MIME format.

------=_001_NextPart537484072403_=----
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: base64

aGksDQpCYWNrZ3JvdW5kOg0KSSB3YW50IHRvIGhvb2sgdGhlIHN5c2NhbGxzIGZvciBkb20wLiBT
bywgSSBnZXQgdGhlIHN5c2NhbGxfZW50ZXIgYWRkcmVzcyBieSBjYWxsaW5nIEhZUEVSVklTT1Jf
ZG9tY3RsLCB3aXRoIHhlbl9kb21jdGwuY21kID0gWEVOX0RPTUNUTF9nZXR2Y3B1Y29udGV4dC4N
ClRoZSByZXR1cm5lZCBjdHguc3lzY2FsbF9jYWxsYmFja19laXAgaXMgY29ycmVjdCwgYW5kIEkg
ZmluZCB0aGUgc3lzY2FsbF90YWJsZSBhZGRyZXNzIGZyb20gdGhlIHN5c2NhbGxfY2FsbGJhY2tf
ZWlwLg0KTm93LCBteSB0YXJnZXQgaXMgdG8gbW9kaWZ5IHRoZSBvcmlnaW5hbCBzeXNjYWxsX3Rh
YmxlLCBhbmQgSSBrbm93IEkgc2hvdWxkIGNsZWFyIHRoZSBDUjAuV1AgYml0IGJlZm9yZSBtb2Rp
ZnkuDQoNCkhvd2V2ZXIsIHdoZW4gSSB0cnkgdG8gc2V0IGNyMCBiYWNrIHRvIGh5cGVydmlzb3Ig
YWZ0ZXIgdGhlIGNyMC5XUCBiZWluZyBjbGVhcmVkIHRocm91Z2ggSFlQRVJWSVNPUl9kb21jdGwo
d2l0aCB4ZW5fZG9tY3RsLmNtZCA9IFhFTl9ET01DVExfc2V0dmNwdWNvbnRleHQpLCANCmRvbTAg
REVBRC4gDQoNCkkgdHJhY2VkIGludG8gdGhlIGh5cGVyY2FsbCwgYW5kIEkgZmluZCB0aGUgcHJv
Z3JhbSBkZWFkIGluIHRoZSBmb2xsb3dpbmcgd2hpbGUgbG9vcDoNCnZvaWQgdmNwdV9zbGVlcF9z
eW5jKHN0cnVjdCB2Y3B1ICp2KQ0Kew0KICAgIHZjcHVfc2xlZXBfbm9zeW5jKHYpOw0KDQogICAg
d2hpbGUgKCAhdmNwdV9ydW5uYWJsZSh2KSAmJiB2LT5pc19ydW5uaW5nICkNCiAgICAgICAgY3B1
X3JlbGF4KCk7DQoNCiAgICBzeW5jX3ZjcHVfZXhlY3N0YXRlKHYpOw0KfQ0KaW4gZG9tYWluX3Bh
dXNlLg0KDQpXaHk/IElzIENhbGxpbmcgWEVOX0RPTUNUTF9zZXR2Y3B1Y29udGV4dCBmcm9tIGRv
bTAgbm90IGFsbG93ZWQ/IE9yLCBpcyB0aGVyZSBhbm90aGVyIHdheSB0byBtYWtlIHRoZSBtZW1v
cnkgYXJlYSBwcm90ZWN0ZWQgYnkgV1AgdG8gYmUgd3JpdGFibGU/DQoNCkkgYW0gcnVubmluZyBt
eSBjb2RlIG9uIDIuNi4xOC0xOTQuZWw1eGVuLiwgbm8gZG9tYWluIGlzIHJ1bm5pbmcgZXhjZXB0
IGRvbTAuDQoNClJlZ2FyZHN+DQoNCg0KDQoNCm1hY2hpMTI3MQ==

------=_001_NextPart537484072403_=----
Content-Type: text/html;
	charset="gb2312"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dgb2312" http-equiv=3DContent-Type>
<STYLE>
BLOCKQUOTE {
	MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em; MARGIN-TOP: 0px
}
OL {
	MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
UL {
	MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
P {
	MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
BODY {
	FONT-SIZE: 10.5pt; FONT-FAMILY: =CB=CE=CC=E5; COLOR: #000000; LINE-HEIGHT=
: 1.5
}
</STYLE>

<META name=3DGENERATOR content=3D"MSHTML 11.00.9600.17344"></HEAD>
<BODY style=3D"MARGIN: 10px">
<DIV>hi,</DIV>
<DIV style=3D"TEXT-INDENT: 2em">Background:</DIV>
<DIV style=3D"TEXT-INDENT: 4em">I want to hook the syscalls for dom0. So, =
I get=20
the syscall_enter address by calling HYPERVISOR_domctl, with xen_domctl.cm=
d =3D=20
XEN_DOMCTL_getvcpucontext.</DIV>
<DIV style=3D"TEXT-INDENT: 4em">The returned ctx.syscall_callback_eip is c=
orrect,=20
and I find the syscall_table address from the syscall_callback_eip.</DIV>
<DIV style=3D"TEXT-INDENT: 4em">Now, my target is to modify the original=20
syscall_table, and I know I should clear the CR0.WP bit before modify.</DI=
V>
<DIV style=3D"TEXT-INDENT: 4em">&nbsp;</DIV>
<DIV style=3D"TEXT-INDENT: 2em">However, when I try to set cr0 back to hyp=
ervisor=20
after the cr0.WP being cleared through HYPERVISOR_domctl(with xen_domctl.c=
md =3D=20
XEN_DOMCTL_setvcpucontext), </DIV>
<DIV style=3D"TEXT-INDENT: 2em">dom0 DEAD. </DIV>
<DIV style=3D"TEXT-INDENT: 2em">&nbsp;</DIV>
<DIV style=3D"TEXT-INDENT: 2em">I traced into the hypercall, and I find=20
the&nbsp;program dead in the following while&nbsp;loop:</DIV>
<DIV style=3D"TEXT-INDENT: 4em">
<DIV>void&nbsp;vcpu_sleep_sync(struct&nbsp;vcpu&nbsp;*v)</DIV>
<DIV>{</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;vcpu_sleep_nosync(v);</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;while&nbsp;(&nbsp;!vcpu_runnable(v)&nbsp;&amp=
;&amp;&nbsp;v-&gt;is_running&nbsp;)</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cpu_relax();</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;&nbsp;&nbsp;&nbsp;sync_vcpu_execstate(v);</DIV>
<DIV>}</DIV></DIV>
<DIV style=3D"TEXT-INDENT: 2em">in domain_pause.</DIV>
<DIV style=3D"TEXT-INDENT: 2em">&nbsp;</DIV>
<DIV style=3D"TEXT-INDENT: 2em">Why? Is&nbsp;Calling XEN_DOMCTL_setvcpucon=
text=20
from dom0 not allowed? Or, is there another way to make the memory area=20
protected by WP to be writable?</DIV>
<DIV style=3D"TEXT-INDENT: 2em">&nbsp;</DIV>
<DIV style=3D"TEXT-INDENT: 2em">I am running my code on 2.6.18-194.el5xen.=
, no=20
domain is running except dom0.</DIV>
<DIV style=3D"TEXT-INDENT: 2em">&nbsp;</DIV>
<DIV>Regards~</DIV>
<DIV>&nbsp;</DIV>
<HR style=3D"HEIGHT: 1px; WIDTH: 210px" align=3Dleft color=3D#b5c4df SIZE=
=3D1>

<DIV><SPAN>machi1271</SPAN></DIV></BODY></HTML>

------=_001_NextPart537484072403_=------



--===============5173169215951380575==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============5173169215951380575==--