[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Question related to Single-step execution and Emulation

  • To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Abhinav Srivastava <abhinavs_iitkgp@xxxxxxxxxxx>
  • Date: Tue, 24 Jun 2008 08:44:04 +0530 (IST)
  • Delivery-date: Mon, 23 Jun 2008 20:14:31 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.in; h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=KhRt4ioHF0wnqAyRg9ievDV5RL1yB/n+sPC2G5GIh7cuPHRH8WG8XTNBgWwpaO1zOqZx9hcwPIZCcSQiOvl42UKxF3YCBGbyMQeeDPbNYbD72nWu+G32xpwNQSNC8pfjUbLK83iKZQn3ZhwZaE7wUb0H52d4GaZaY5uYqYNEVTo=;
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hi all,

I am trying to perform single-stepping and instruction emulation both in 
Xen-3.2.1. I am using the following approach:

First, I mark a guest page "not present" inside the shadow page table so that I 
could intercept any operation that involves this page. When the guest tries to 
access that page, it faults and control goes to Xen (sh_page_fault function). 
There, I emulate that operation and return the control to guest to execute next 
instruction. I could get my first part working.

In the second part after emulating the instruction inside Xen, I want to 
perform single-step execution from next instruction onwards so that I could 
monitor further execution of guest from that point.

To achieve that I did following: After emulating an instruction inside Xen and 
before sending the control back to guest OS, I set the EFLAGS's trap bit set by 
doing following operation:

regs->eflag |= X86_EFLAGS_TF

And return the control from sh_page_fault function by saying "return 

My understanding is that with this flag set when guest completes the execution 
of the next instruction, it traps to Xen with exit reason TRAP_debug and 
do_debug handler should be invoked inside x86/traps.c. From there, again I set 
X86_EFLAGS_TF flag to get guest trapped for next instruction and so on. When i 
want it to be end I will set X86_EFLAGS_RF flag.

However, when I perform above-mentioned procedure I get to see a message 
"Trace/breakpoint trap" in my guest OS only once and my do_debug or 
(debugger_trap_entry method with vector = Trap_debug) does not get invoked at 
all inside Xen. Since trap is not coming into Xen, I am not able to get the 
control after execution of instructions.

It seems like with my above-described method, I am injecting TRAP_debug 
exception for the instruction that I emulate inside the Xen. And, eflag is not 
set in the context of next instruction that will be executed inside the guest, 
which should trap with debug exception.

It would be great if someone could explain me what i am doing wrong here and if 
yes what would be the right approach to perform single-step execution in Xen.

Thanks in advance.


      Explore your hobbies and interests. Go to 

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.