For following hypercall page initialise code,  where would the execution jumps 
at syscall? How can I predict what is the execution order of "pop %r11"? Is it 
the fifth instruction/step? I need the order to precisely set up hooks to 
monitor hypercalls.
static void hypercall_page_initialise_ring3_kernel(void *hypercall_page){    
char *p;    int i;
    /* Fill in all the transfer points with template machine code. */    for ( 
i = 0; i < (PAGE_SIZE / 32); i++ )    {        if ( i == __HYPERVISOR_iret )    
        continue;
        p = (char *)(hypercall_page + (i * 32));        *(u8  *)(p+ 0) = 0x51;  
  /* push %rcx */        *(u16 *)(p+ 1) = 0x5341;  /* push %r11 */        *(u8  
*)(p+ 3) = 0xb8;    /* mov  $<i>,%eax */        *(u32 *)(p+ 4) = i;        
*(u16 *)(p+ 8) = 0x050f;  /* syscall */        *(u16 *)(p+10) = 0x5b41;  /* pop 
 %r11 */        *(u8  *)(p+12) = 0x59;    /* pop  %rcx */        *(u8  *)(p+13) 
= 0xc3;    /* ret */    }
    /*     * HYPERVISOR_iret is special because it doesn't return and expects a 
    * special stack frame. Guests jump at this transfer point instead of     * 
calling it.     */    p = (char *)(hypercall_page + (__HYPERVISOR_iret * 32));  
  *(u8  *)(p+ 0) = 0x51;    /* push %rcx */    *(u16 *)(p+ 1) = 0x5341;  /* 
push %r11 */    *(u8  *)(p+ 3) = 0x50;    /* push %rax */    *(u8  *)(p+ 4) = 
0xb8;    /* mov  $__HYPERVISOR_iret,%eax */    *(u32 *)(p+ 5) = 
__HYPERVISOR_iret;    *(u16 *)(p+ 9) = 0x050f;  /* syscall */

From: quizy_jo...@outlook.com
To: xen-de...@lists.xenproject.org
Date: Wed, 2 Mar 2016 03:50:55 +0000
Subject: [Xen-devel] what's inside hypercall page?




I've got the hypercall_page_initialize function as follows. As the size of each 
hypercall page entry is 32B and the initialize function only assigns value to 
the first 8B, is the remaining space empty or initialized afterwards?
static void hypercall_page_initialise_ring1_kernel(void *hypercall_page){    
char *p;    int i;
    /* Fill in all the transfer points with template machine code. */
    for ( i = 0; i < (PAGE_SIZE / 32); i++ )    {        if ( i == 
__HYPERVISOR_iret )            continue;
        p = (char *)(hypercall_page + (i * 32));        *(u8  *)(p+ 0) = 0xb8;  
  /* mov  $<i>,%eax */        *(u32 *)(p+ 1) = i;        *(u16 *)(p+ 5) = 
(HYPERCALL_VECTOR << 8) | 0xcd; /* int  $xx */ //0x82cd        *(u8  *)(p+ 7) = 
0xc3;    /* ret */    }
    /*     * HYPERVISOR_iret is special because it doesn't return and expects a 
    * special stack frame. Guests jump at this transfer point instead of     * 
calling it.     */    p = (char *)(hypercall_page + (__HYPERVISOR_iret * 32));  
  *(u8  *)(p+ 0) = 0x50;    /* push %eax */    *(u8  *)(p+ 1) = 0xb8;    /* mov 
 $__HYPERVISOR_iret,%eax */    *(u32 *)(p+ 2) = __HYPERVISOR_iret;    *(u16 
*)(p+ 6) = (HYPERCALL_VECTOR << 8) | 0xcd; /* int  $xx */ 
//0x82cd}自动判断中文中文(简体)中文(香港)中文(繁体)英语日语朝鲜语德语法语俄语泰语南非语阿拉伯语阿塞拜疆语比利时语保加利亚语加泰隆语捷克语威尔士语丹麦语第维埃语希腊语世界语西班牙语爱沙尼亚语巴士克语法斯语芬兰语法罗语加里西亚语古吉拉特语希伯来语印地语克罗地亚语匈牙利语亚美尼亚语印度尼西亚语冰岛语意大利语格鲁吉亚语哈萨克语卡纳拉语孔卡尼语吉尔吉斯语立陶宛语拉脱维亚语毛利语马其顿语蒙古语马拉地语马来语马耳他语挪威语(伯克梅尔)荷兰语北梭托语旁遮普语波兰语葡萄牙语克丘亚语罗马尼亚语梵文北萨摩斯语斯洛伐克语斯洛文尼亚语阿尔巴尼亚语瑞典语斯瓦希里语叙利亚语泰米尔语泰卢固语塔加路语茨瓦纳语土耳其语宗加语鞑靼语乌克兰语乌都语乌兹别克语越南语班图语祖鲁语自动选择中文中文(简体)中文(香港)中文(繁体)英语日语朝鲜语德语法语俄语泰语南非语阿拉伯语阿塞拜疆语比利时语保加利亚语加泰隆语捷克语威尔士语丹麦语第维埃语希腊语世界语西班牙语爱沙尼亚语巴士克语法斯语芬兰语法罗语加里西亚语古吉拉特语希伯来语印地语克罗地亚语匈牙利语亚美尼亚语印度尼西亚语冰岛语意大利语格鲁吉亚语哈萨克语卡纳拉语孔卡尼语吉尔吉斯语立陶宛语拉脱维亚语毛利语马其顿语蒙古语马拉地语马来语马耳他语挪威语(伯克梅尔)荷兰语北梭托语旁遮普语波兰语葡萄牙语克丘亚语罗马尼亚语梵文北萨摩斯语斯洛伐克语斯洛文尼亚语阿尔巴尼亚语瑞典语斯瓦希里语叙利亚语泰米尔语泰卢固语塔加路语茨瓦纳语土耳其语宗加语鞑靼语乌克兰语乌都语乌兹别克语越南语班图语祖鲁语有道翻译百度翻译必应翻译谷歌翻译谷歌翻译(国内)翻译朗读复制正在查询,请稍候……重试朗读复制复制朗读复制via
 译                                         

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel                                    
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to