Frederic Beck
2009-Jan-29 13:45 UTC
[Xen-devel] Building Xen with structures thread_info/task_struct
Hello I disabled fast system calls, and i''m willing to log the systems calls performed on a VM. In order to understand better what did cause each syscall, i''m trying to link them with the PID of the process that is responsible of the call. To do so i get the ESP register, apply the mask 0xFFFFF000 and so i get the base address for the thread_info structure that defines the calling process. The first member of this structure is a task_struct structure which contains the PID of this process. These two structure are not redefined in x86 implementation of Xen, but they are in ia64 (and of course i''m in x86). I tried to redefine them, but as they are quite big, it''s not straightforward and i always end up with structure for which gcc cannot determine their size (many complex types embedded). I tried to use the kernel headers of Dom0 in which they are defined but i get some troubles. When i include asm/thread_info.h, i get the following error In file included from traps.c:70: /usr/src/linux/include/asm/thread_info.h:10: warning: ‘struct thread_info’ declared inside parameter list /usr/src/linux/include/asm/thread_info.h:10: warning: its scope is only this definition or declaration, which is probably not what you want /usr/src/linux/include/asm/thread_info.h:11: warning: ‘struct task_struct’ declared inside parameter list traps.c: In function ‘do_guest_trap’: traps.c:429: error: storage size of ‘thread_info’ isn’t known traps.c:430: error: storage size of ‘task’ isn’t known traps.c:475: error: invalid application of ‘sizeof’ to incomplete type ‘struct thread_info’ traps.c:476: error: invalid application of ‘sizeof’ to incomplete type ‘struct task_struct’ When i directly include the 32 bits version, asm/thread_info_32.h i don''t have this scope problem anymore but gcc still is not able to determine the size of the structures traps.c: In function ‘do_guest_trap’: traps.c:431: error: storage size of ‘thread_info’ isn’t known traps.c:432: error: storage size of ‘task’ isn’t known traps.c:477: error: invalid application of ‘sizeof’ to incomplete type ‘struct thread_info’ traps.c:478: error: invalid application of ‘sizeof’ to incomplete type ‘struct task_struct’ I''ve never had such problems before, and getting out of ideas. Anyone has an idea/solution ? Thanks Regards Fred _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Bastian Blank
2009-Jan-29 14:38 UTC
Re: [Xen-devel] Building Xen with structures thread_info/task_struct
On Thu, Jan 29, 2009 at 02:45:20PM +0100, Frederic Beck wrote:> I disabled fast system calls, and i''m willing to log the systems calls > performed on a VM. In order to understand better what did cause each > syscall, i''m trying to link them with the PID of the process that is > responsible of the call.Use the audit infrastructure within the Linux kernel. Bastian -- Is truth not truth for all? -- Natira, "For the World is Hollow and I have Touched the Sky", stardate 5476.4. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Frederic Beck
2009-Jan-29 15:09 UTC
Re: [Xen-devel] Building Xen with structures thread_info/task_struct
Le Thu, 29 Jan 2009 15:38:43 +0100, Bastian Blank <bastian@waldi.eu.org> a écrit :> On Thu, Jan 29, 2009 at 02:45:20PM +0100, Frederic Beck wrote: > > I disabled fast system calls, and i''m willing to log the systems > > calls performed on a VM. In order to understand better what did > > cause each syscall, i''m trying to link them with the PID of the > > process that is responsible of the call. > > Use the audit infrastructure within the Linux kernel.I took a quick look, audit should be running on the VM it self, but as i will have different OS running in my VMs (Linux, windows...) I''m not sure that it will permit to do what i want. Anyway, do you have a good pointer for some doc on this, even if I don''t use it for that project it sounds interesting (i installed it and took a look in the panpages, but some best practice, howtos or stuff like that would be nice also). Thanks Fred _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Bastian Blank
2009-Jan-31 11:57 UTC
Re: [Xen-devel] Building Xen with structures thread_info/task_struct
On Thu, Jan 29, 2009 at 04:09:37PM +0100, Frederic Beck wrote:> > Use the audit infrastructure within the Linux kernel. > I took a quick look, audit should be running on the VM it self,It is part of the Linux kernel.> but as > i will have different OS running in my VMs (Linux, windows...) I''m not > sure that it will permit to do what i want.And AFAIK you won''t be able to catch "syscalls" on HVM domains anyway. Bastian -- Those who hate and fight must stop themselves -- otherwise it is not stopped. -- Spock, "Day of the Dove", stardate unknown _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Frederic Beck
2009-Feb-02 09:52 UTC
Re: [Xen-devel] Building Xen with structures thread_info/task_struct
Hello Le Sat, 31 Jan 2009 12:57:04 +0100, Bastian Blank <bastian@waldi.eu.org> a écrit :> On Thu, Jan 29, 2009 at 04:09:37PM +0100, Frederic Beck wrote: > > > Use the audit infrastructure within the Linux kernel. > > I took a quick look, audit should be running on the VM it self, > > It is part of the Linux kernel.Ok, so the one i was looking at does not seem to be the right one. I''ll take a look in the kernel code then.> > as i will have different OS running in my VMs (Linux, windows...) > > I''m not sure that it will permit to do what i want. > > And AFAIK you won''t be able to catch "syscalls" on HVM domains anyway.Well, i thought it was possible, because when i''m running an HVM domain, if i print the values of the registers in do_guest_trap from xen-3.3.0/xen/arch/x86/traps.c it looks like syscalls. Maybe i misunderstood something here. The other solution i was thinking of is adding a module in the kernel which would integrate a new syscall whose role would be to get the info from the stack address and send it back to the hypervisor via an integer in a first time, then maybe later on via a more complex struct if i need more info. In that case, would the hypervisor be able to use that syscall of should i modify something more in the hypervisor ? (like creating an hypercall maybe ?) This is the parts of the Xen architecture i did not get integrally yet. Anyway, i''ll take a look at the kernel audit first. Thanks for the help Regards Fred _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Frederic Beck
2009-Feb-11 15:22 UTC
Re: [Xen-devel] Building Xen with structures thread_info/task_struct
Hello I finally wrote a module and defined two new syscalls to get the PID and the comm from the thread_info structure (well it''s from the task_struct contained in the thread_info one). The syscalls are dynamically added in the sys_call_table. My module works and in user mode i can call my syscalls with the function syscall. However, it seems that this function is not defined in Xen (it''s in /usr/include/unistd.h). How can i make that work ? Do I have to add the module source in Xen and try to link it directly into Xen and forget about my module ? But if i do so i will have troubles again with the task_struct or thread_info, which is why i was trying to do it through the module. I''m getting out of ideas. Any clue ? Thanks Regards Fred Le Mon, 2 Feb 2009 10:52:21 +0100, Frederic Beck <frederic.beck@loria.fr> a écrit :> Hello > > Le Sat, 31 Jan 2009 12:57:04 +0100, > Bastian Blank <bastian@waldi.eu.org> a écrit : > > > On Thu, Jan 29, 2009 at 04:09:37PM +0100, Frederic Beck wrote: > > > > Use the audit infrastructure within the Linux kernel. > > > I took a quick look, audit should be running on the VM it self, > > > > It is part of the Linux kernel. > > Ok, so the one i was looking at does not seem to be the right one. > I''ll take a look in the kernel code then. > > > > as i will have different OS running in my VMs (Linux, windows...) > > > I''m not sure that it will permit to do what i want. > > > > And AFAIK you won''t be able to catch "syscalls" on HVM domains > > anyway. > > Well, i thought it was possible, because when i''m running an HVM > domain, if i print the values of the registers in do_guest_trap from > xen-3.3.0/xen/arch/x86/traps.c it looks like syscalls. > > Maybe i misunderstood something here. > > The other solution i was thinking of is adding a module in the kernel > which would integrate a new syscall whose role would be to get the > info from the stack address and send it back to the hypervisor via an > integer in a first time, then maybe later on via a more complex struct > if i need more info. > > In that case, would the hypervisor be able to use that syscall of > should i modify something more in the hypervisor ? (like creating an > hypercall maybe ?) This is the parts of the Xen architecture i did not > get integrally yet. > > Anyway, i''ll take a look at the kernel audit first. > > Thanks for the help > > Regards > Fred > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel