Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] xen strace analysis

from [Petersson, Mats] [Permanent Link][Original]
To: "Sanjam Garg" <sanjamg@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-devel] xen strace analysis
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Wed, 28 Feb 2007 18:55:23 +0100
Delivery-date: Wed, 28 Feb 2007 09:54:55 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070228173740.40436.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcdbX0zOjWnU9urkRFiEdZRUNiRzvAAAP5tQ
Thread-topic: [Xen-devel] xen strace analysis 
 

> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Sanjam Garg
> Sent: 28 February 2007 17:38
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] xen strace analysis
> 
> Hi
> 
> I  am looking for  a mechanism to gather information about 
> system calls that a guest Operating system  is making. Any 
> references for development of IDS's with Xen would also help.

Xen doesn't have any clue what system calls the guest-OS is making (and
should not know this). Xen itself only gets involved for certain special
operations which, generally, either deal with page-table
(memory-mapping) handling or inter-domain communication (event-channel),
and of course domain life-cycle (creating, destroying, pausing and
unpausing, save and restore, and migration). With a few other
exceptions, everything else is handled within the guest itself. That's
for the para-virtual case. In a fully-virtualized domain, there's even
less knowledge of what's going on in the guest. 

So whilst the hypervisor may be able to surmise from this knowledge that
a guest changed its pagetables around, it's not sufficiently aware of
WHY to say whether that was done because of a fork, mmap or malloc call
for example. It can determine that some communication happened between
the guest and dom0, but not whether it's a file-read or a socket network
operation, etc, etc. 

The only way to know what the guest is doing is to sit inside the
guest-OS and perform something like strace (I think there are some ways
to do a "system-wide strace", so you'd see exactly which system calls
are done by which process). 

--
Mats
> 
> Thanks
> Sanjam
> 
> 
> ________________________________
> 
> Don't pick lemons.
> See all the new 2007 cars 
> <http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE0OGRsc3F2BF9
TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3Y2Fycw-->  at Yahoo! Autos.
<http://autos.yahoo.com/new_cars.html;>
_ylc=X3oDMTE0OGRsc3F2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDb
> mV3Y2Fycw--> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] xen strace analysis, Sanjam Garg
Next by Date:  RE: [Xen-devel] Error in XendCheckpoint: failed to flush file, Graham, Simon
Previous by Thread:  [Xen-devel] xen strace analysis, Sanjam Garg
Next by Thread:  RE: [Xen-devel] xen strace analysis, Sanjam Garg
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy