Re: memory range R/W triggered breakpoints in kernel ?

[Mateusz Berezecki]

Hello Benjamin

On 3/6/06, Benjamin LaHaise <bcrl@xxxxxxxxx> wrote:
> On Sun, Mar 05, 2006 at 06:00:34PM +0100, Mateusz Berezecki wrote:
> > I was thinking about writing some memory R/W access monitor. The only
> > concern I'm
> > having is whether it is doable, or are there any already existing and
> > working solutions like
> > that for Linux?
>
> Most CPUs implement memory breakpoints of some sort, although they're
> usually limited to specific address instead of ranges.  See gdb's
> watch/awatch/rwatch commands.

Yes but again this is userspace. I was thinking about solution used
back in the old days in SoftICE kernel level debugger.
It had a BPR command (breakpoint on range) which could monitor
up to 400000 bytes of memory range. Unfortunately for me this command
works in very old versions of _that_ other OS.

>
> > which was read/written from certain address. Afterwards the whole page
> > would be marked as non present again.
>
> Use mprotect() and do it in userspace by catching SIGSEGV.  Doing it for
> the kernel is non-trivial and will hit upon arch specific issues like
> double fault handlers.  Given that the same sort of debugging can be done
> in userspace with UML and gdb, there isn't terribly much incentive to do
> the work to make something like this happen.

I thought about UML or maybe even playing with Xen would be better (is
host kernel
transparent to Xen ? ie. does Xen have access to the same hardware as
host kernel?)
but in the end I'd go for kernel page fault handler anyways.

M
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/