From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kai Luo Subject: Question about intercept debug breakpoint in the Guest OS Date: Sun, 10 Nov 2013 01:03:11 -0800 (PST) Message-ID: <1769008706.26655832.1384074191540.JavaMail.root@vmware.com> References: <704310110.26649484.1384072884934.JavaMail.root@vmware.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8029803079904566026==" Return-path: In-Reply-To: <704310110.26649484.1384072884934.JavaMail.root@vmware.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org --===============8029803079904566026== Content-Type: multipart/alternative; boundary="----=_Part_26655831_445139201.1384074191539" ------=_Part_26655831_445139201.1384074191539 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi: Recently I try to intercept a given kernel address-syscall address,for example- of the guest windows 7 to the hypervisor, I set the exception flag in the EXCEPTION_BITMAP as follows: vmcs.c void vmx_do_resume(vcpu * v) { ...... unsigned long intercepts = __vmread(EXCEPTION_BITMAP); unsigned long mask = (1UL << TRAP_debug); intercepts |= mask; __vmwrite(EXCEPTION_BITMAP, intercepts) v->arch.guest_context.debugreg[0] = [Address of a syscall]; v->arch.guest_context.debugreg[7] |= 2; ...... } I do reveive the VMexit in the vmx_vmexit_handler in vmx.c then I want to let the guest os keep going as usual without concerning about the debug breakpoint so I set some flags as follows: case TRAP_debug: ...... regs->eflags |= X86_EFLAGS_RF; exit_qualification = __vmread(EXIT_QUALIFICATION); write_debug(6, exit_qualification | 0xffff0ff0); ...... The problem is the guest os seems trapped into an infinite loop and take the full vcpu capacity, I find the RIP in the VCPU stay the same, EFLAGS value of the VCPU is 0x2 and the guest os can't respond to any movement of mouse or keyboard,. Do I missed some flag when restoring the guest context?Or there are some other reasons that lead to this issue?Could you give me any suggestions? Jone ...... ------=_Part_26655831_445139201.1384074191539 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Hi:

Rece= ntly I try to intercept a given kernel address-syscall address,for example-= of the guest windows 7 to the hypervisor, I set the exception flag in the = EXCEPTION_BITMAP as follows:

vmcs.c

void vmx_do_resume(= vcpu * v)

{

......

&n= bsp; unsigned long intercepts =3D __vmread(EXCEPTION_BITMAP);

<= div> unsigned long mask =3D (1UL <&= lt; TRAP_debug);

intercepts= |=3D mask;

__vmwrite(EXCEP= TION_BITMAP, intercepts)

&nb= sp; v->arch.guest_context.debugreg[0] =3D [Address of a syscall];

<= div> v->arch.guest_context.deb= ugreg[7] |=3D 2;

......

}

I do reveive the VM= exit in the vmx_vmexit_handler in vmx.c then I want to let the = guest os keep going as usual without concerning about the debug breakpoint = so I set some flags as follows:

case TRAP_debug:

......=

regs->eflags |=3D X86_EFLAGS_RF;

&nbs= p; exit_qualification =3D __vmread(EXIT_QUALIFICATION);

write_debug(6, exit_qualification | 0xffff0ff0);=

......

The problem is the guest os seems trapped into = an infinite loop and take the full vcpu capacity, I find the RIP in t= he VCPU stay the same, EFLAGS value of the VCPU is 0x2 and the guest os can= 't respond to any movement of mouse or keyboard,.

&nb= sp; Do I missed some flag when restoring the guest= context?Or there are some other reasons that lead to this issue?Could you = give me any suggestions?

Jone

......

= ------=_Part_26655831_445139201.1384074191539-- --===============8029803079904566026== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============8029803079904566026==--