Generating Log of Guest Physical Addresses from a Kernel Function and Perform Analysis at Runtime

Brock brock at polynubstudios.com
Thu Sep 26 06:05:57 EDT 2019


On Thu, 2019-09-26 at 15:45 +0900, Sahibzada Irfanullah wrote:
> Thank you very for your help. I have checked the ftrace, and perf. I
> think it won't work for me.I am not analyzing/tracing the the kernel.
> I want to develop my own dynamic tool like Pin Tool  (or moudule
> which can be loaded/unloaded at run time dynamically), so that I can
> easily tune/modify for different purposes , and to get any type of
> specific information from the kernel/KVM, espcecially in the context
> of virtualization (guest and/or host memory management). That's why I
> take a start from generating the log of guest physical addresses from
> the kernel by saving it to the file; with the passage of time, I will
> add the funcationalities to it.
> Thank you.  
I'm not sure if it's hardware addresses but you can get kernel/user/kvm
page fault information with:
perf record -a -e kvm:kvm_page_fault -e exceptions:page_fault_kernel -e
exceptions:page_fault_user -- sleep 30

An example output from my machine running an Ubuntu 18.04 guest:
kvm:kvm_page_fault:
   0.72%  address 40d26a78 error_code 181
   0.54%  address 46a09d00 error_code 181
   0.36%  address 2b10ef08 error_code 181
   0.36%  address 4a361000 error_code 181
   0.36%  address 4b0a2000 error_code 181
   ...<snipped>
exceptions:page_fault_kernel
   1.20%  address=0x17d0b30fe000s ip=filldir64 error_code=0x2
   1.20%  address=0x17d0b30ff000s ip=filldir64 error_code=0x2
   1.20%  address=0x17d0b3100000s ip=filldir64 error_code=0x2
   0.40%  address=0x55ac27551b46s ip=do_sys_poll error_code=0x2
   0.20%  address=0x55ac27de2000s ip=copy_user_generic_string
error_code=0x0
   0.20%  address=0x55ac27de3000s ip=copy_user_generic_string
error_code=0x0
   ...<snipped>
exceptions:page_fault_user
   0.12%  address=0xf8553529000s ip=0x7f7dc0d3c5dcs error_code=0x6
   0.12%  address=0xf855352a000s ip=0x7f7dc0d3c617s error_code=0x6
   0.12%  address=0xf855352b000s ip=0x7f7dc0d3c617s error_code=0x6
   0.12%  address=0xf855352c000s ip=0x7f7dc0d3c617s error_code=0x6
   0.12%  address=0xf855352d000s ip=0x7f7dc0d3c617s error_code=0x6
   ...<snipped>

The number (0.12%) at the start is how many times the address was seen
in the total number of samples in this case pagefaults that hit that
address I would guess.

You can find events you're interested in with `perf list` or
`cat /sys/kernel/debug/tracing/available_events`

Seems like you really want to develop your own module though but this
may still help see if there is existing kernel infrastructure you can
leverage.

Regards Brock.

> On Thu, 26 Sep 2019 at 03:05, Ruben Safir <ruben at mrbrklyn.com> wrote:
> > On Wed, Sep 25, 2019 at 07:08:14PM +0200, Greg KH wrote:
> > > On Wed, Sep 25, 2019 at 10:21:18AM -0400, Ruben Safir wrote:
> > > > On 9/25/19 5:38 AM, Greg KH wrote:
> > > > > On Wed, Sep 25, 2019 at 04:00:08PM +0900, Sahibzada
> > Irfanullah wrote:
> > > > >> I am sorry if I am bothering you.
> > > > >> I have read this article
> > > > >> <
> > http://amsekharkernel.blogspot.com/2012/01/what-are-ways-of-communication-bw-user.html>
> > ;,
> > > > >> I have to ask that will Netlink socket work for my task;
> > Storing the
> > > > >> contents of "gpa" variable (which is present in the
> > > > >> handle_ept_violation()functino in vmx.c ) into a file.
> > > > > 
> > > > > Try using ftrace and tracing in general first, before messing
> > around
> > > > > with netlink.  ftrace does not require any kernel changes at
> > all, why
> > > > > would you _not_ want to try that?  :)
> > > > 
> > > > The kernel has GPS data in it?
> > > 
> > > Of course it does, why wouldn't it? :)
> > > 
> > 
> > 
> > So when the Nazi's and current Nazi's want to put me in the oven
> > that
> > they can't track me.
> > 
> > Or put it this way, if it doesn't make the hardware GO, why would
> > it be
> > in the kernel?
> > 
> > My computer doesn't even have a GPS...and it is going to stay that
> > way.
> > 
> > 
> > 
> > _______________________________________________
> > Kernelnewbies mailing list
> > Kernelnewbies at kernelnewbies.org
> > https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> 
> 




More information about the Kernelnewbies mailing list