From mboxrd@z Thu Jan 1 00:00:00 1970 From: machi1271 Subject: Re: Modify cr0 at dom0 Date: Fri, 17 Oct 2014 14:34:49 +0800 Message-ID: <201410171434447719581@gmail.com> References: <201410170947517919470@gmail.com>, <5440B647.2000502@bitdefender.com> Reply-To: machi1271 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6757087100129317482==" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Razvan Cojocaru , xen-devel List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --===============6757087100129317482== Content-Type: multipart/alternative; boundary="----=_001_NextPart325660156505_=----" This is a multi-part message in MIME format. ------=_001_NextPart325660156505_=---- Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 VGhhbmtzIFJhenZhbn4NCg0KSSdtIG5ldyB0byBYZW4gYW5kIExpbnV4Lg0KQ291bGQgeW91IHBs ZWFzZSB0ZWxsIG1lIGlzIHRoZXJlIGFueSBYZW4taW5kZXBlbmRlbnQgbWFubmVyIHRvIG1vZGlm eSBDUjAsIG9yIHRoZSBtZW1vcnkgYXJlYSBwcm90ZWN0ZWQgYnkgQ1IwLldQIGJpdD8NCg0KUmVn YXJkcw0KDQoNCg0KDQptYWNoaTEyNzENCg0KRnJvbTogUmF6dmFuIENvam9jYXJ1DQpEYXRlOiAy MDE0LTEwLTE3IDE0OjI1DQpUbzogbWFjaGkxMjcxOyB4ZW4tZGV2ZWwNClN1YmplY3Q6IFJlOiBb WGVuLWRldmVsXSBNb2RpZnkgY3IwIGF0IGRvbTANCk9uIDEwLzE3LzE0IDA0OjQ3LCBtYWNoaTEy NzEgd3JvdGU6DQo+IGhpLA0KPiBCYWNrZ3JvdW5kOg0KPiBJIHdhbnQgdG8gaG9vayB0aGUgc3lz Y2FsbHMgZm9yIGRvbTAuIFNvLCBJIGdldCB0aGUgc3lzY2FsbF9lbnRlcg0KPiBhZGRyZXNzIGJ5 IGNhbGxpbmcgSFlQRVJWSVNPUl9kb21jdGwsIHdpdGggeGVuX2RvbWN0bC5jbWQgPQ0KPiBYRU5f RE9NQ1RMX2dldHZjcHVjb250ZXh0Lg0KPiBUaGUgcmV0dXJuZWQgY3R4LnN5c2NhbGxfY2FsbGJh Y2tfZWlwIGlzIGNvcnJlY3QsIGFuZCBJIGZpbmQgdGhlDQo+IHN5c2NhbGxfdGFibGUgYWRkcmVz cyBmcm9tIHRoZSBzeXNjYWxsX2NhbGxiYWNrX2VpcC4NCj4gTm93LCBteSB0YXJnZXQgaXMgdG8g bW9kaWZ5IHRoZSBvcmlnaW5hbCBzeXNjYWxsX3RhYmxlLCBhbmQgSSBrbm93IEkNCj4gc2hvdWxk IGNsZWFyIHRoZSBDUjAuV1AgYml0IGJlZm9yZSBtb2RpZnkuDQo+ICANCj4gSG93ZXZlciwgd2hl biBJIHRyeSB0byBzZXQgY3IwIGJhY2sgdG8gaHlwZXJ2aXNvciBhZnRlciB0aGUgY3IwLldQIGJl aW5nDQo+IGNsZWFyZWQgdGhyb3VnaCBIWVBFUlZJU09SX2RvbWN0bCh3aXRoIHhlbl9kb21jdGwu Y21kID0NCj4gWEVOX0RPTUNUTF9zZXR2Y3B1Y29udGV4dCksDQo+IGRvbTAgREVBRC4NCj4gIA0K PiBJIHRyYWNlZCBpbnRvIHRoZSBoeXBlcmNhbGwsIGFuZCBJIGZpbmQgdGhlIHByb2dyYW0gZGVh ZCBpbiB0aGUNCj4gZm9sbG93aW5nIHdoaWxlIGxvb3A6DQo+IHZvaWQgdmNwdV9zbGVlcF9zeW5j KHN0cnVjdCB2Y3B1ICp2KQ0KPiB7DQo+ICAgICB2Y3B1X3NsZWVwX25vc3luYyh2KTsNCj4gIA0K PiAgICAgd2hpbGUgKCAhdmNwdV9ydW5uYWJsZSh2KSAmJiB2LT5pc19ydW5uaW5nICkNCj4gICAg ICAgICBjcHVfcmVsYXgoKTsNCj4gIA0KPiAgICAgc3luY192Y3B1X2V4ZWNzdGF0ZSh2KTsNCj4g fQ0KPiBpbiBkb21haW5fcGF1c2UuDQo+ICANCj4gV2h5PyBJcyBDYWxsaW5nIFhFTl9ET01DVExf c2V0dmNwdWNvbnRleHQgZnJvbSBkb20wIG5vdCBhbGxvd2VkPyBPciwgaXMNCj4gdGhlcmUgYW5v dGhlciB3YXkgdG8gbWFrZSB0aGUgbWVtb3J5IGFyZWEgcHJvdGVjdGVkIGJ5IFdQIHRvIGJlIHdy aXRhYmxlPw0KPiAgDQo+IEkgYW0gcnVubmluZyBteSBjb2RlIG9uIDIuNi4xOC0xOTQuZWw1eGVu Liwgbm8gZG9tYWluIGlzIHJ1bm5pbmcgZXhjZXB0DQo+IGRvbTAuDQoNCkNhbGxpbmcgc2V0dmNw dWNvbnRleHQoKSBfZnJvbV8gZG9tMCBpcyBpbmRlZWQgYWxsb3dlZCAoSSdtIGRvaW5nIGl0DQp3 aXRoIG5vIGFwcGFyZW50IGlsbC1lZmZlY3RzKSwgaG93ZXZlciBJJ20gbm90IHN1cmUgYWJvdXQg Y2FsbGluZyBpdA0KX2Zyb21fIGRvbTAgX3RvXyBkb20wIC0gSSd2ZSBvbmx5IHRyaWVkIGl0IHdp dGggSFZNIGd1ZXN0cyBfb3RoZXJfIHRoYW4NCmRvbTAuDQoNCkNhbGxpbmcgdGhhdCBoeXBlcmNh bGwgZnJvbSBkb20wIHRvIG1vZGlmeSBkb20wJ3Mgc3RhdGUgZG9lcyBzb3VuZCBhIGJpdA0KdW5u ZWNlc3NhcnkgLSB3aHkgY2FuJ3QgeW91IGp1c3QgbW9kaWZ5IGRvbTAncyBzdGF0ZSBpbiBhDQpY ZW4taW5kZXBlbmRlbnQgbWFubmVyPw0KDQoNClJhenZhbg== ------=_001_NextPart325660156505_=---- Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable
Thanks Razvan~
 
I'm new to Xen and Linux.
Could you please tell me is there any Xen-independent manner to = modify=20 CR0, or the memory area protected by CR0.WP bit?
 
Regards
 
machi1271
 
Date: 2014-10-17 14:25
To: machi1271;= xen-devel
Subject: Re: [Xen-devel] Modify cr0 at dom0
On 10/17/14 04:47, machi1271 wrote:
> hi,
> Background:
> I want to hook the syscalls f= or dom0. So, I get the syscall_enter
> address by calling HYPERVISOR_domctl, w= ith xen_domctl.cmd =3D
> XEN_DOMCTL_getvcpucontext.
> The returned ctx.syscall_callback_eip is&nbs= p;correct, and I find the
> syscall_table address from the syscall_= callback_eip.
> Now, my target is to modify t= he original syscall_table, and I know I
> should clear the CR0.WP bit before=  modify.
>  
> However, when I try to set cr= 0 back to hypervisor after the cr0.WP b= eing
> cleared through HYPERVISOR_domctl(with xen_d= omctl.cmd =3D
> XEN_DOMCTL_setvcpucontext),
> dom0 DEAD.
>  
> I traced into the hypercall, and&n= bsp;I find the program dead in the
> following while loop:
> void vcpu_sleep_sync(struct vcpu *v)
> {
>     vcpu_sleep_nosync(v);
>  
>     while ( !vcpu_runnable(v)=  && v->is_running )
>         cpu_relax()= ;
>  
>     sync_vcpu_execstate(v);
> }
> in domain_pause.
>  
> Why? Is Calling XEN_DOMCTL_setvcpucontext&nb= sp;from dom0 not allowed? Or, is
> there another way to make the = ;memory area protected by WP to be writ= able?
>  
> I am running my code on 2.6.1= 8-194.el5xen., no domain is running except
> dom0.
 
Calling setvcpucontext() _from_ dom0 is inde= ed allowed (I'm doing it
with no apparent ill-effects), however I'm&n= bsp;not sure about calling it
_from_ dom0 _to_ dom0 - I've only = tried it with HVM guests _other_ than
dom0.
 
Calling that hypercall from dom0 to mod= ify dom0's state does sound a bit
unnecessary - why can't you just modify=  dom0's state in a
Xen-independent manner?
 
 
Razvan
------=_001_NextPart325660156505_=------ --===============6757087100129317482== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============6757087100129317482==--