QEMU Hacking (part 2)

I’ve written most of the code for MemCheck.  Enough to start testing and tweaking.  I instrumented the __ld and __st functions to check that memory accesses are within allocated buffers.  Initiallly I thought I would use the memory watchpoint code in QEMU to do the instrumentation, but this turned out fruitless as there is special handling/optimisation for the watchpoints, and to top it off, the helper functions use only physical addresses.

The problem I’ve encountered so far is the use of alloc_pages (__get_free_pages etc) in the kernel.  kmalloc and kmem_cache_alloc use alloc_pages internally.  But these symbols are exported publicly and general code is free to use them also.  Also, alloc_pages returns a struct page *, when I really want virtual addresses.  At first I tried writing a macro for the page -> address translation, but it seems there is an actual function on my kernel build that does it.  I then tried intercepting the 1st call to page_address (the translation code) after alloc_pages to get the virtual address.  This almost worked.

I think the best solution I have is to hack on the kernel sources, so that there is strict seperation between public and private interfaces.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s