Re: Logging External Page Writes for a Given Domain

[Anthony Liguori <aliguori@us.ibm.com>]

Scott Baker wrote:
> Hello, all:
>
> My team's goal is to be able to log all writes that are made to any 
> memory page of a certain domain, except those writes that the domain 
> itself makes.  That is to say, if Domain 2 is the domain we want to 
> log page writes for (where logging is capturing what was written and 
> its location), then we want to be able to log all the writes made by 
> any domain /except/ Domain 2 -- i.e., writes made to shared pages that 
> belong to Domain 2.
The details here are going to make a big difference.  Do you want to 
know the content of every write?

You'll have to modify Xen.  You can probably reuse some of the shadow 
paging code to track the dirty mappings of foreign pages for a domain.  
However, this won't track the contents of the write.

If you want to do that, you're going to have to implement a large amount 
of emulation to track what data gets written to the page so you can 
emulate the writes completely.  If this is an important requirement, you 
may wish to try to user an emulator (Bochs or qemu).

Regards,

Anthony Liguori
>
> Ideally, we would like to be able to have these writes for domain /x/ 
> detected and trap to a process running on Domain 0, with minimal VMM 
> modification.  Preferably, the method used would only cause 
> significant overhead when a write is made from outside domain /x/ 
> (rather than for every write /x/ and everyone else makes), but I'm not 
> picky about efficiency at the moment.
>
> The rough idea we have at this point is to make the monitor process on 
> Domain 0 mark all the pages of Domain /x/ as read-only (while 
> remembering which are actually read-only).  Then, when a write-fault 
> occurred, the VMM would pass it on to the monitoring process, which 
> would then let Domain /x/ finish the write, the monitor would record 
> what was written, and let everything continue as normal.
>
> Unfortunately, I'm not sure how that vague sketch fits into Xen.  For 
> the page table read-only flag setting, would we use the 
> update_va_mapping() hypercall?  And, how would the monitoring process 
> let Domain /x/ finish the write and then get control back?  (Or, does 
> the VMM know what is about to be written, so we could just pass that 
> to the monitoring process?)  Finally, where in Xen's code would we 
> have to go to modify the fault-handling behavior so the callback could 
> be made?
>
> Hope I'm clear, and hope you can help a newbie!
>
> Thanks,
> Scott
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel