Date: Tue, 18 Dec 2018 11:22:53 +0100 From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-stable@freebsd.org, Horst Schirmeier <horst.schirmeier@tu-dortmund.de> Subject: Re: Address Collision using i386 4G/4G Memory Split Message-ID: <24cb941b-1d27-1621-f437-18ed3b22cc7d@tu-dortmund.de> In-Reply-To: <20181218100159.GE60291@kib.kiev.ua> References: <38ad0d50-c776-9deb-d56b-db8db548cefc@tu-dortmund.de> <20181218052738.GZ60291@kib.kiev.ua> <40f4db11-84cb-9b8d-2eb5-5882ad01d1d8@tu-dortmund.de> <20181218100159.GE60291@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sXHw2nIg3q8q7jCYTZEyHv8BEf46lMiT2 Content-Type: multipart/mixed; boundary="L6ZdTpH16fJuq47p8YUAwJClhfaRYs6G3"; protected-headers="v1" From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-stable@freebsd.org, Horst Schirmeier <horst.schirmeier@tu-dortmund.de> Message-ID: <24cb941b-1d27-1621-f437-18ed3b22cc7d@tu-dortmund.de> Subject: Re: Address Collision using i386 4G/4G Memory Split References: <38ad0d50-c776-9deb-d56b-db8db548cefc@tu-dortmund.de> <20181218052738.GZ60291@kib.kiev.ua> <40f4db11-84cb-9b8d-2eb5-5882ad01d1d8@tu-dortmund.de> <20181218100159.GE60291@kib.kiev.ua> In-Reply-To: <20181218100159.GE60291@kib.kiev.ua> --L6ZdTpH16fJuq47p8YUAwJClhfaRYs6G3 Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: quoted-printable >> Some context: We are doing VM-based tracing in the FreeBSD kernel. For= >> that, we observe parts of the kernel memory (allocations, accesses,...= ). >> Before 12.0 we simply knew that kernel addresses that we logged were >> unique. Moreover, when a memory access to a region of interest happene= d >> we knew that could only be kernel memory. >> We know have to ensure that we only record memory accesses that happen= >> within the kernel. >> Our approach is to record the kernels value for the CR3 register, and >> record memory accesses if the CR3 registers holds the aforementioned v= alue. > You must use CPL to see if the current operation mode is user or kernel= =2E > If user, nothing should be done (this would avoid vm86). If kernel, you= > need to compare current %cr3 with IdlePTD (IdlePTDP for PAE case). >=20 Thanks for the advice! We'll include that in our toolchain. Do you use PLs other than 0(=3Dkernel) and 3(=3Duser)? - Alex --=20 Technische Universit=C3=A4t Dortmund Alexander Lochmann PGP key: 0xBC3EF6FD Otto-Hahn-Str. 16 phone: +49.231.7556141 D-44227 Dortmund fax: +49.231.7556116 http://ess.cs.tu-dortmund.de/Staff/al --L6ZdTpH16fJuq47p8YUAwJClhfaRYs6G3-- --sXHw2nIg3q8q7jCYTZEyHv8BEf46lMiT2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElhZsUHzVP0dbkjCRWT7tBbw+9v0FAlwYyn4ACgkQWT7tBbw+ 9v2ZWQ/9HKwtTN7ztCaHUeiiW235scwYh9nLxXLJpHhwh1qCUre+jIVXMJpSXlkv gSo1b9Uc0EjDaBokRmlPUZek1gw1bcNyZ5acJkqBP6N/5F+g6xlhwANIGrBNtm8u AJX4PXyzMFDBVlSol3pE3xwwMVEVC9/Dc11dFEy9CBCCTiU0FslLMZCSguIAcwD9 M7dh0C0alNgWbanmRz9jRjvXymPAZy6ULx/FJKi2zO6R18qray3O1E5T3WP0xu9y ujYnZ2WBxx7WaFhHw7hAlzAiMHSUxmjXE2gEjnkZS6Pxn7IwcMs7BI9kpaj71o3H mHLFAH/D8t8Fs844PDQ4u8xgZx6+UtQ2umKT845LNA865xP9yD6tA12ACa/3gZyp YwwTjJ2tv2C7E2lLTe8lqmNTdUrWBUvnOu69+YXjIVi/DK019tCjV7H9DkoToc1w UdfB7cRf+u8xzLd+sDxkNIln9zIO6kFKArkRUaUIuzegwQGduZEpI/fEI++/6YDr UBHuPuFCBQE4rv+xZC2QpRvdL4iIvsCDE9VIvwKq6CKwh6tUWsLCjSPFLcPjegtW BSiS1Fc9Jmv4cJq6fIFIGhNaST2hcMNNErMAxTaBJDhsO+Pvu/aYPdFv45P0FI+R p6vk2DuMOCEuSZvEtTwROKh6MEX7b3D16pI6+Q85BCIL88zjw8A= =QXY5 -----END PGP SIGNATURE----- --sXHw2nIg3q8q7jCYTZEyHv8BEf46lMiT2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24cb941b-1d27-1621-f437-18ed3b22cc7d>