[Xen-devel] Trap flags, debug and emulation - xen 4.1.1

[Balbir Singh <bsingharora@xxxxxxxxx>]

Hi,

 I've been trying a simple experiment on my intel box (along the lines
 of http://web.archiveorange.com/archive/v/tXSRN8SPX0sXRutnvOCu). I
 have a system with VMX but no EPT, it falls back on shadow page tables
 and I disable super pages. The VM itself is a 32 bit OS. I am using
 xen-4.1.1 on ubuntu.

 Quoting from the link above

 "First, I mark a guest page "not present" inside the shadow page table
 so that I could intercept any operation that involves this page. When
 the guest tries to access that page, it faults and control goes to Xen
 (sh_page_fault function). There, I emulate that operation and return
 the control to guest to execute next instruction. I could get my first
 part working.

 In the second part after emulating the instruction inside Xen, I want
 to perform single-step execution from next instruction onwards so that
 I could monitor further execution of guest from that point.

 To achieve that I did following: After emulating an instruction inside
 Xen and before sending the control back to guest OS, I set the
 EFLAGS's trap bit set by doing following operation:

 regs->eflag |= X86_EFLAGS_TF

 And return the control from sh_page_fault function by saying "return
 EFAULT_FIXED".

 I am doing something very similar. I do get the fault and I can set
 the trap, but I don't see any form of single stepping take place as I
 do not get the TRAP_debug exception back. My exception_bitmap has
 TRAP_no_device, TRAP_page_fault, TRAP_debug and TRAP_int3 set.

 I've tried debugging the issue with xentrace and printks, but sadly I
 could not track down the issue. The CPU does have
 cpu_has_monitor_trap_flag set to true.

 Could anyone give me clues on how to track down why I did not get a
 TRAP_debug exception via a VMEXIT?

 Balbir Singh

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel