memory mapping

memory mapping

[Grzegorz Milos]

Hi there!

You were in a meeting half an hour ago (or so), so instead of asking in person 
I am writing this email.

I am looking at the memory mapping done from a privileged domain, and I am 
getting a bit lost in the call stack. Could you possibly fill in the missing 
gap (hopefully I did not get everything wrong :) ):

xc_map_foreign_range   (userspace dom0)
ioctl (userspace dom0)

privcmd_ioctl (kernelspace dom0)
direct_remap_area_pages (kernelspace dom0)
__HYPERVISOR_do_mmu_update ?
....

do_mmu_update (Xen)


Also, when dom0 decides to unmap some memory, isn't it that domain just drops 
appropirate entry from its pagetable and Xen is not even informed? This would 
mean that the counter we talked about could not be really made to work that 
easily. 
What if I wanted to force dom0 to drop some mapping. Any simple way of doing 
that?

Thanks
Gregor



-- 
Quidquid latine dictum sit, altum viditur --- Anon

Re: memory mapping

[Grzegorz Milos]

Oops, sorry, that was supposed to be send to Keir directly. Please ignore.

Gregor

> Hi there!
>
> You were in a meeting half an hour ago (or so), so instead of asking in
> person I am writing this email.
>
> I am looking at the memory mapping done from a privileged domain, and I am
> getting a bit lost in the call stack. Could you possibly fill in the
> missing gap (hopefully I did not get everything wrong :) ):
>
> xc_map_foreign_range   (userspace dom0)
> ioctl (userspace dom0)
>
> privcmd_ioctl (kernelspace dom0)
> direct_remap_area_pages (kernelspace dom0)
> __HYPERVISOR_do_mmu_update ?
> ....
>
> do_mmu_update (Xen)
>
>
> Also, when dom0 decides to unmap some memory, isn't it that domain just
> drops appropirate entry from its pagetable and Xen is not even informed?
> This would mean that the counter we talked about could not be really made
> to work that easily.
> What if I wanted to force dom0 to drop some mapping. Any simple way of
> doing that?
>
> Thanks
> Gregor

-- 
Quidquid latine dictum sit, altum viditur --- Anon

Memory mapping

[Frederic Beck]

Hello

I managed to do what i wanted with my module (finally gave up on the
syscall and did everything in the module init), and i foudn the offsets
i was looking for. I later found out that what i've done was already
available via XenAccess (tools/linux-offset-finder).

I have the following offsets:
linux_name = 0x225;
linux_tasks = 0xd0;
linux_mm = 0xe8;
linux_pid = 0x10c;
linux_pgd = 0x24;
linux_addr = 0x84;

After disabling fast system calls handling, i modified  do_guest_trap in
xen/arch/x86/traps.c. I get the user regs to have access to the CPU
registers EAX, EIP and ESP (info i wanna log via the tracing). I take
the ESP and apply the mask 0xFFFFF000 to get the base address of the
thread_info struct.

user_regs = guest_cpu_user_regs();
base_addr = (user_regs->esp & 0xFFFFF000);

Then the first 4 bytes after this base_addr are on a regular system a
pointer to a task_struct where the PId of the current task is stored,
which i wanna get. On a regular OS (i tested on Dom0 or DomU) I can
find easily the PID and print it out. I would like to do the same in
the hypervisor. 

I tried to map the same code without modification, but i begin reading
memory addresses that do not exist and the hypervisor crashes when i
create my DomU. So far, i'm not very surprised, as there must be some
virtual memory handling that i'm missing.

However, i do not understand well how i can do the mapping. how do i
map this kernel address in the hypervisor to read the right memory
address ?

I guess that this mapping will be different for HVM and PV domains ? Is
there a function that dynamically detects what kind of domain the guest
is ?

Moreover, i found out in XenAccess that the right formula to get the
PID would be 
memcpy(&pid, memory + offset + PID_OFFSET - TASKS_OFFSET,4);
I guess that memory is the base adress of the virtual stack. How can i
find that value ? in that case the base_addr i calculated earlier would
be the offset ?

Thanks for the help!

Regards
Fred

Re: Memory mapping

[Frederic Beck]

Well, first of all, i did a wrong copy and paste when i mapped the
code, the mask i apply is 0xFFFFE000.

I checked the control registers, cr0 and cr3 to ensure that paging is
used, i just have to understand now how it is implemented.

Digging right now in several file, prom mm.c to page.h, paging.h to
understand how i can walk through the memory.

Any hint or pointer to documentation would be helpful

Thanks
Fred

Le Mon, 16 Feb 2009 17:58:24 +0100,
Frederic Beck <frederic.beck@loria.fr> a écrit :

> Hello
> 
> I managed to do what i wanted with my module (finally gave up on the
> syscall and did everything in the module init), and i foudn the
> offsets i was looking for. I later found out that what i've done was
> already available via XenAccess (tools/linux-offset-finder).
> 
> I have the following offsets:
> linux_name = 0x225;
> linux_tasks = 0xd0;
> linux_mm = 0xe8;
> linux_pid = 0x10c;
> linux_pgd = 0x24;
> linux_addr = 0x84;
> 
> After disabling fast system calls handling, i modified  do_guest_trap
> in xen/arch/x86/traps.c. I get the user regs to have access to the CPU
> registers EAX, EIP and ESP (info i wanna log via the tracing). I take
> the ESP and apply the mask 0xFFFFF000 to get the base address of the
> thread_info struct.
> 
> user_regs = guest_cpu_user_regs();
> base_addr = (user_regs->esp & 0xFFFFF000);
> 
> Then the first 4 bytes after this base_addr are on a regular system a
> pointer to a task_struct where the PId of the current task is stored,
> which i wanna get. On a regular OS (i tested on Dom0 or DomU) I can
> find easily the PID and print it out. I would like to do the same in
> the hypervisor. 
> 
> I tried to map the same code without modification, but i begin reading
> memory addresses that do not exist and the hypervisor crashes when i
> create my DomU. So far, i'm not very surprised, as there must be some
> virtual memory handling that i'm missing.
> 
> However, i do not understand well how i can do the mapping. how do i
> map this kernel address in the hypervisor to read the right memory
> address ?
> 
> I guess that this mapping will be different for HVM and PV domains ?
> Is there a function that dynamically detects what kind of domain the
> guest is ?
> 
> Moreover, i found out in XenAccess that the right formula to get the
> PID would be 
> memcpy(&pid, memory + offset + PID_OFFSET - TASKS_OFFSET,4);
> I guess that memory is the base adress of the virtual stack. How can i
> find that value ? in that case the base_addr i calculated earlier
> would be the offset ?
> 
> Thanks for the help!
> 
> Regards
> Fred
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Memory Mapping

[Lakshitha Harshan]

[-- Attachment #1.1: Type: text/plain, Size: 245 bytes --]

Hi all,

I want to get the access to task structs in domUs to get the memory
addresses of code segments in each process. So how do I read/map the data
correctly which I get through xc_map_foreign_range or  xc_map_foreign_batch?

Thanks,
Harshan

[-- Attachment #1.2: Type: text/html, Size: 306 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Memory Mapping

[Konrad Rzeszutek Wilk]

On Fri, May 06, 2011 at 08:20:18PM +0530, Lakshitha Harshan wrote:
> Hi all,
> 
> I want to get the access to task structs in domUs to get the memory
> addresses of code segments in each process. So how do I read/map the data
> correctly which I get through xc_map_foreign_range or  xc_map_foreign_batch?

You mean, how do I identify that the blob of memory you mapped is
a task struct? I would suggest you look in the debuggers (gdbsx for example)
and see how they figure this out.