Memory Tracing using XEN Hypervisor

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Memory Tracing using XEN Hypervisor

Michael Engstler
Hey,
I have a question regarding memory tracing in XEN,
I'l start by explaining my final goal, and then ask my question:
I want to be able to run a guest VM and intercept all memory read\write operations of VM.
The intercepting code will not be complicated and might be just a simple check.
For example: I might want to intercept all memory read\write operations and log if the VM tried to access a specific memory address (Lets say address 0x7fffffff).

My question is: Can this be done using a modified version of XEN ?
Does the hypervisor actually "see" all the memory read\write operations of the VM ?

I know this might sound "crazy" and not serious but we are a strong team of developers trying to solve a specific problem that requires fast memory tracing capabilities.
We are willing to make the effort and spend the time in order to get the job done.

Thanks a lot.

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: Memory Tracing using XEN Hypervisor

George Dunlap
On Sat, Oct 3, 2015 at 2:33 PM, Michael Engstler
<[hidden email]> wrote:

> Hey,
> I have a question regarding memory tracing in XEN,
> I'l start by explaining my final goal, and then ask my question:
> I want to be able to run a guest VM and intercept all memory read\write
> operations of VM.
> The intercepting code will not be complicated and might be just a simple
> check.
> For example: I might want to intercept all memory read\write operations and
> log if the VM tried to access a specific memory address (Lets say address
> 0x7fffffff).
>
> My question is: Can this be done using a modified version of XEN ?
> Does the hypervisor actually "see" all the memory read\write operations of
> the VM ?
>
> I know this might sound "crazy" and not serious but we are a strong team of
> developers trying to solve a specific problem that requires fast memory
> tracing capabilities.
> We are willing to make the effort and spend the time in order to get the job
> done.

What you're describing is called "introspection", and it can be done
with an UNmodified version of Xen, using the vm_event and mem_event
interfaces.  See tools/tests/xen-access/xen-access.c for some sample
code to get you started.  (Unfortunately it looks like you may have to
do a lot of code reading to infer what the interface looks like, but
that should still be easier than implementing your own interface from
scratch.  Feel free to submit better documentation.)

You probably don't actually want to intercept *all* memory operations
(which would slow down VM execution by probably millions of times),
but instead just memory operations on the specific regions of memory
you care about.

These interfaces are actively used and maintained by at least two
different companies who have proprietary VM introspection products.

 -George

_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: Memory Tracing using XEN Hypervisor

Dario Faggioli-2
On Mon, 2015-10-05 at 11:05 +0100, George Dunlap wrote:

> You probably don't actually want to intercept *all* memory operations
> (which would slow down VM execution by probably millions of times),
> but instead just memory operations on the specific regions of memory
> you care about.
>
> These interfaces are actively used and maintained by at least two
> different companies who have proprietary VM introspection products.
>
Some, hopefully, related and helpful links:

https://blog.xenproject.org/2015/08/04/the-bitdefender-virtual-machine-
introspection-library-is-now-on-github/

https://lccocc2015.sched.org/event/c1ff0bf1251fd79eef22c54369371f44#.Vh
OJmnVStBc
http://xendevsummit2015.sched.org/event/e73b37ed8a7e792b397d59b1294681e
6#.VhOJmnVStBc
http://xendevsummit2015.sched.org/event/c4135bdaf8c8740eee574ff054430a1
a#.VhOJm3VStBc

And, I don't have the link handy right now, but all (well, at least the
xendevsummit ones, I'm sure) the presentations above were video
recorded. You should be able to find the videos on our YouTube channel
(and the LinuxCon one, perhaps, on LinuxFoundation's channel).

Just googling, I think I've seen other videos too (from last year's
XenDevSummit, I think).

Regards,
Dario
--
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)


_______________________________________________
Xen-users mailing list
[hidden email]
http://lists.xen.org/xen-users

signature.asc (188 bytes) Download Attachment