From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?GB2312?B?zuLI8Q==?= <19890121wr@gmail.com> Subject: Re: Fwd: about page table Date: Tue, 13 Sep 2011 09:32:34 +0800 Message-ID: References: <20110912101047.GB79171@ocelot.phlegethon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Return-path: In-Reply-To: <20110912101047.GB79171@ocelot.phlegethon.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Tim Deegan Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hi, Sorry for my posting question in such a bad manner.Actually I want to rebuild a GuestOS including vcpu and memory , and allow dom0 to modify the memory such as page table.In this way, I can experiment some test such as monitor attack and rebuild the attack for the sake of researching.Back to my problem,I have discover a piece of code in Xen to get the mfn from virtual address inside Guest OS.But when I eager to change the mfn that the entry points to.Something went wrong. /*=============================*/ static unsigned long dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) { l3_pgentry_t l3e, *l3t; l2_pgentry_t l2e, *l2t; l1_pgentry_t l1e, *l1t; unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); unsigned long mfn = cr3 >> PAGE_SHIFT; DBGP2("vaddr:%lx domid:%d cr3:%lx pgd3:%lx\n", vaddr, dp->domain_id, cr3, pgd3val); if ( pgd3val == 0 ) { l3t = map_domain_page(mfn); l3t += (cr3 & 0xFE0UL) >> 3; l3e = l3t[l3_table_offset(vaddr)]; mfn = l3e_get_pfn(l3e); unmap_domain_page(l3t); if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) ) return INVALID_MFN; } l2t = map_domain_page(mfn); l2e = l2t[l2_table_offset(vaddr)]; mfn = l2e_get_pfn(l2e); unmap_domain_page(l2t); if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || (l2e_get_flags(l2e) & _PAGE_PSE) ) return INVALID_MFN; l1t = map_domain_page(mfn); l1e = l1t[l1_table_offset(vaddr)]; //--------------------------(1) mfn = l1e_get_pfn(l1e); //--------------------------(1) unmap_domain_page(l1t); return mfn_valid(mfn) ? mfn : INVALID_MFN; } For example,what should I do if I want to modify the mfn that l1e entry points to?Seems that changing the value of l1e is not enough.Now I am working through my way to modify do_mmu_update to make it available inside the Xen and use it to modify the page table.Am I in the right path.Thank you for answering it. Thanks 2011/9/12, Tim Deegan : > Hello, > > Please read http://wiki.xen.org/xenwiki/AskingXenDevelQuestions before > posting again; it's pretty unclear from your email what you're trying to > do and how it fails. > > At 17:16 +0800 on 12 Sep (1315847793), ???? wrote: >> Hi,everyone >> I have been using dbg_pv_va2mfn() function to scan PV dom's page >> table.However,when i intended to modify the page table's entry.Something >> went wrong. >> Should I modify the P2M and M2P table,either?But I kind of lose track of >> how >> things work at P2M and M2P table.Can someone tell me something about these >> tables. >> Or can someone can tell me which function can come in handy,or where to >> look >> in. >> I am in the middle of a project that needs to manipulate the page table >> in >> dom. > > OK, I guess from the code below that you want to change the contents of > a PV guest's pagetables from inside Xen? That's not really allowed -- > since PV guests make their own pagetables you need to have the guest > OS's cooperation. > > If you tell us what the project is, and _why_ you want to do this, we > might be able to suggest a better approach. > > Cheers, > > Tim. > >> For example, >> static unsigned long >> dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val) >> { >> l3_pgentry_t l3e, *l3t; >> l2_pgentry_t l2e, *l2t; >> l1_pgentry_t l1e, *l1t; >> unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3); >> unsigned long mfn = cr3 >> PAGE_SHIFT; >> >> DBGP2("vaddr:%lx domid:%d cr3:%lx pgd3:%lx\n", vaddr, dp->domain_id, >> cr3, pgd3val); >> >> if ( pgd3val == 0 ) >> { >> l3t = map_domain_page(mfn); >> l3t += (cr3 & 0xFE0UL) >> 3; >> l3e = l3t[l3_table_offset(vaddr)]; >> mfn = l3e_get_pfn(l3e); >> unmap_domain_page(l3t); >> if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) ) >> return INVALID_MFN; >> } >> >> l2t = map_domain_page(mfn); >> l2e = l2t[l2_table_offset(vaddr)]; >> mfn = l2e_get_pfn(l2e); >> unmap_domain_page(l2t); >> if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) || >> (l2e_get_flags(l2e) & _PAGE_PSE) ) >> return INVALID_MFN; >> >> l1t = map_domain_page(mfn); >> l1e = >> l1t[l1_table_offset(vaddr)];----------------------------------(1) >> mfn = >> l1e_get_pfn(l1e);----------------------------------------------(2) >> >> unmap_domain_page(l1t); >> >> return mfn_valid(mfn) ? mfn : INVALID_MFN; >> } >> What should i do if i want to change the l1e page table entry.I allocate a >> page using the function alloc_domheap_page,and use l1e_from_page() to >> write >> the l1e entry,but it proved to be wrong,and my system keeps reboot itself. >> Can anyone gives me a hand? >> >> >> Thanks > >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel > >