On 09/05/2019 23:34, Tamas K Lengyel wrote: > On Thu, May 9, 2019 at 3:50 PM Razvan Cojocaru > <[email protected]> wrote: >> On 5/10/19 12:31 AM, Andrew Cooper wrote: >>> What we'll have to do is end up in a position where we can have some >>> real %dr settings given by the VMI agent, and some shadow %dr settings >>> which the guest interacts with. Also I should warn you at this point >>> that, because of how the registers work, It will not be possible to have >>> guest-shadowed %dr functioning at the same time as VMI-provided %dr >>> settings. >>> >>> I guess the main usecase here is simply hiding from the guest kernel >>> that debugging activities are in use, and we are ok to break the real >>> use of gdb/other inside the guest? Razvan/Tamas: As your the >>> maintainers, it is your call, ultimately. >> What worries me here is that in that case it becomes easier for a rogue >> application inside the guest to figure out that the guest's being >> monitored, if I understand things correctly. >> >> Of course, a dom0 introspection agent may choose to simply not subscribe >> to DR events, and thus not alter the current flow at all, which makes >> things better. > I agree, ideally none of the VMI events should alter the guests' > ability to do anything it normally can and the VMI events should only > add overhead (and of course the cache side-effects that are > detectable). That said, since the usecase for Mathieu is one where he > can live with the guest not being able to run a debugger, I would > still accept the patch as long as there is an explicit comment > documenting its limitation. We can worry about figuring out how to > make the event transparent iff that becomes needed for some other > usecase.
It is not possible to share use of the debugging facilities, irrespective of whether you wish to hide the sharing from the guest kernel. Depending on exactly what the VMI agent wants to do, it could see about context switching the hidden-active settings behind the back of the kernel, e.g. if one process is debugging itself, but the VMI agent wants to transparently debug another. However, if both the guest and VMI agent want to use the debugging facilities, one is going to have to relinquish use. It should be possible for the VMI agent to cleanly detach its hidden settings. Either way, everything comes down to what behaviour is wanted to start with. ~Andrew _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
