From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mads Bergdal <mbergdal@gmail.com>
Subject: Re: How to intercept interrupts from guest domains
Date: Thu, 21 Sep 2006 13:46:19 +0200
Message-ID: <eetu2n$6an$1@sea.gmane.org>
References: <eeoelb$qec$1@sea.gmane.org>
	<C1357E8B.1615%Keir.Fraser@cl.cam.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <C1357E8B.1615%Keir.Fraser@cl.cam.ac.uk>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Keir Fraser wrote:
> On 19/9/06 10:52, "Mads Bergdal" <mbergdal@gmail.com> wrote:
> 
>>>> I am writing my master thesis on virtualization with Xen. I am trying to
>>>>     intercept the hypercalls coming from the guest domains. More
>>>> specific I am trying to determine where in memory a guest domain is
>>>> writing. Does anyone have a hint on where in the code I should try to do
>>>> this?
>>> If you want to know where a guest is writing you need to do more than
>>> intercept hypercalls. You want to intercept memory accesses to, which would
>>> liekly mean you need to run on shadow pagetables and manipulate access
>>> permissions to trap on first access to a page.
>>>
>>>  -- Keir
>> Yes, that sounds reasonable. Do you know where in the code this could be
>> achieved?
> 
> What's the intended purpose? You could perhaps look at the log-dirty shadow
> mode. This is used to track which pages have been modified by the guest -- a
> page which the guest maps writeable is not made writable in the shadow page
> tables until the time of the first write access (when that page is added to
> a 'dirty log' for further processing).
> 
> Be warned that modifying the shadow code is rather more difficult than a
> project that would simply involve adding a hook point to every hypercall!
> 
>  -- Keir
Thanks for the hints. I really appreciate it.

My main purpose of this is to try to monitor when a guestdomain tries to 
write to a specific address in it's memory. (An address that it should 
not write to) And then get the Hypervisor to notify my userspace 
"surveillance" program about this.
I have spent quite some time now reading the code. I must admit I am a 
bit lost. I am not sure where in the code I should be looking to get 
started.

 From what you write above I take it that you think the easiest approach 
  is to hook into the hypercalls? I that case which hypercalls and where?

If not, where should I look to learn he internals of the shadow mode?

Hope I am not wasting your time...

Mads