HW breakpoint on physical address w/ VM
Muli Ben-Yehuda
mulix at mulix.org
Sun Aug 30 07:58:44 IDT 2015
On Sat, Aug 29, 2015 at 10:44:17PM +0300, Elazar Leibovich wrote:
> Oh, and the idea of the KVM patch is, for each physical HW bp, add a
> relevant entry in the spt, and set the hardware breakpoint
> there. This is assuming KVM HW bp works like I think they do.
I'm not sure I follow what you are trying to do. But assuming you are
working on a guest OS where some code running in guest context is
modifying the page tables, assuming you always see the same PTE or the
same range of PTEs being modified, I would just set the PTE mapping
that PTE page to RO in KVM and wait for the inevitable exit. The stack
trace should then point to the culprit. This crude but simple
technique has served me well while writing nom (my operating
system). Several time when it hadn't, it turned out that my network
adapter was DMA'ing directly into memory it wasn't supposed to.
Cheers,
Muli
More information about the Linux-il
mailing list