Re: hypercall execution path?

["Bryan D. Payne" <bryan@thepaynes.cc>]

> Where have you put this tracing?
> 
> How you are arranging for the hypercall you are expecting to be called
> and how you are matching that up with where your tracing is placed?
> 
> Perhaps you could post your code so we can see what you are actually
> doing?

This all started with me playing with grant tables.  I have a simple 
example setup where I am passing a string from a domU kernel module to a 
dom0 kernel module.  Dom0 allocates the page and sets permissions in the 
grant table using gnttab_grant_foreign_access.

In domU, the kernel module makes a GNTTABOP_copy hypercall to pass the 
string.  The domU code looks like this:

static int send_string (grant_ref_t gref)
{
     struct gnttab_copy op;
     char str[MAX_STR_LENGTH];

     /* hard code string for testing */
     memset(str, 0, MAX_STR_LENGTH);
     memcpy(str, "This is a test\n", 16);

     op.source.domid = DOMID_SELF;
     op.source.offset = (PAGE_SIZE-1) & (uint32_t)str;
     op.source.u.gmfn = virt_to_mfn(str);
     op.dest.domid = 0;
     op.dest.offset = 0;
     op.dest.u.ref = gref;
     op.len = strnlen(str, MAX_LOG_LENGTH);
     op.flags = GNTCOPY_dest_gref;

     HYPERVISOR_grant_table_op(GNTTABOP_priv_write, &op, 1);

     /* make sure that the hypercall succeeded */
     if (op.status){
         printk("Grant table operation failure\n");
         return 1;
     }

     return 0;
}

This code setup seems to work just fine.  I can pass the string to dom0 
without any problems.

Next, I wanted to study the execution path between the two kernel 
modules.  As part of this, I placed code in the hypervisor to print out 
the EIP value from domU while servicing the hypercall (the one shown in 
the code above).  I put this code in the __gnttab_copy function of 
common/grant_table.c, because this is the function that does most of the 
work for this hypercall.  Here I simply print out the EIP value, as 
indicated in my prior email:

uint32_t eip = sd->vcpu[0]->arch.guest_context.user_regs.eip;
gdprintk(XENLOG_WARNING, "eip=0x%x", eip);

Note that I'm using 'sd' for the domain since I'm interested in the 
domain that invoked the hypercall.  This is where I see the eip value 
that I indicated in my previous email.  Also note that I am doing this 
after 'sd' is initialized, of course :-)

My assumptions are as follows:

* When I make a hypercall from domU, the execution switches to the 
hypervisor immediately (as soon as the 'int' instruction is issued).

* The hypervisor services this hypercall and then returns to domU where 
it left off.

However, this is now what I'm seeing... and this is why I'm confused. 
Hopefully this helps explain the problem.  Let me know if you have any 
other questions about my setup.

Thanks,
bryan


-
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org