Re: [Qemu-devel] Minos-type integrity checking in QEMU
Hello Shashi! you might wanna take a look at the argos [0] project. they do exactly that kind of stuff. we implemented something quite similar as the base of my masters thesis a technical report is available at [1] although what you need is only covered in a single chapter. btw. i found it to be easier to make the changes in translate.c instead of changing every op in op.c cheers m. [0] http://www.few.vu.nl/argos/ [1] http://seclab.tuwien.ac.at/papers/tqana.pdf Am Mittwoch, den 25.04.2007, 01:16 -0700 schrieb Shashidhar Mysore: Hi, I am trying to incorporate into QEMU (x86) some structures to maintain integrity of data that flows in the processor. Specifically, I want to maintain a bit for every physical memory address and transfer the state information for every address along onto the virtual memory, and also down to the instructions which operate on data, and bit arrays for registers (so that when an operand is fetched from a particular register, we also have the state information for that register). I am trying to build a Minos type architecture ( http://minos.cs.ucdavis.edu/) but in QEMU instead of Bochs. For this, as far as I can see, I need to maintain a set of new structures to shadow the physical memory and make changes to the micro ops defined in target-i386/op.c so that every instruction can track the state and store them for every register used as an operand. I'm not sure if somebody has already implemented such a system on QEMU? I am just beginning to think and work on this, so any pointers/suggestions would be greatly appreciated. Please let me know your views on this. Thanks, -Shashi.
Re: [Qemu-devel] Problem Running QEMU, and passing new commands
Hi, I have successfully integrated the statistical simulation package SimPoint with QEMU. no clue what simpoint is snip I am curious where I would edit QEMU to look for such commands, some point in the code where I can see what command is passed to QEMU, and do something such as if strcmp(command, start_simpoint) == 0 take a look a the monitor.c file in the root directory. register your function with the static term_cmd_t term_cmds[] and take a look at the other commands for an example. qemu-img create -f qcow c.img 3G ./i386-softmmu/qemu -hda c.img -L ./pc-bios/ -nographic with this you just create an empty disk and try to boot it. - i guess this is similar to trying to boot an empty disk in a real system. the -nographic switch prevents you from seeing the unknown boot device error that is presented to you by the bios. so do as with real hardware and install an operating system on that c.img you just created (i'm fairly sure that is mentioned in the good documentation provided on the qemu homepage ;-)) and it loads up to the (qemu) prompt. However, at that point everything freezes. I am running QEMU on a linux host with a dual 64-bit AMD processors, and doing this over an SSH connection. you might try the -vnc option, you can then don't need -nographic nomore and can check the system via any common vncclient. If anyone has any advice on how I can get QEMU to boot to the point where I can enter commands, and how I can monitor these commands within the source code, I would very much appreciate the assistance. i hope the above mentioned helped at least in parts and is not completely wrong. if others think so please corret me. ~Shane Brennan UC Santa Cruz cheers m. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] cvs regression - blue screen INACCESSIBLE_BOOT_DEVICE
Am Dienstag, den 02.01.2007, 23:48 -0800 schrieb Don Kitchen: I just compiled CVS and have experienced a regression with some windows qcow images (2000 pro and server). The images work with cvs I compiled back in July, but current cvs produces blue screen with INACCESSIBLE_BOOT_DEVICE. I'm running under linux, with only option -hda disk. Thanks hello don, when i tried to boot an old w2k installation with a recent qemu i got exactly the same BSOD. what solved the issue over here was the fact that i changed the bios (-L pc-bios/) to the one shipped with qemu cvs (instead of using the very old bios installed by the package management system of my distro) hope this helps cheers m. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Tracing guest memory accesses
Am Montag, den 18.12.2006, 00:56 -0800 schrieb Diwaker Gupta: as far as i remember i had to put the same code into softmmu_header.h to get correct results. i found it easiest to do this in the ld/st macros in these files (~6 places in code) This probably sounds stupid but whats the best way to get debug output? Due to the code generation magic qemu does, simply adding printfs doesn't seem to work well. In particular, all my attempts to add printfs to softmmu_header.h have resulted in broken builds. Are there any global macros I should be using? hello Diwaker! you can always call a function that is defined extern that uses fprintf et. al. i doubt it's the prettiest way but at least it works. cheers m. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Tracing guest memory accesses
Am Samstag, den 16.12.2006, 23:19 -0800 schrieb Diwaker Gupta: On 12/16/06, Daniel Jacobowitz [EMAIL PROTECTED] wrote: On Sat, Dec 16, 2006 at 07:42:46PM -0800, Diwaker Gupta wrote: o do these changes seem correct? As in, do they actually track the read/write memory accesses done by the guest? I was concerned because when I start a guest, I see a whole lot of writes and not as many reads, which seems a little counter intuitive. No. Those are I/O device accesses, not memory accesses. Look at the softmmu code instead. Like I said, I did add some debugging code to softmmu_template.h. The read/writes I'm seeing are being generated by that softmmu debugging code, not the iommu code. Sorry if I wasn't clear. Is there some other softmmu code I should be looking at? as far as i remember i had to put the same code into softmmu_header.h to get correct results. i found it easiest to do this in the ld/st macros in these files (~6 places in code) hope this helps cheers m. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] How to get guestOS's information
Am Donnerstag, den 26.10.2006, 16:23 +0900 schrieb KazuyaMatsunaga: Hello, It is impolite to write an unexpected letter. I am a college student in Japan. I belong to information processing system laboratory, and I work on intrusion detection system. We are developing intrusion detection system using system calls. Now, it operates only on Linux. I would like to operate it in more platforms. I think it is possible to found guest OS’s abnormality by observing it from the hostOS. I would be extremely happy if it could be operated on the Qemu. Do you think that it is possible? Now, my system uses only processID and frequency of system calls. In a word, I would like to know how to get gestOS’s information (processID and frequency of system calls). Any help would be greatly appreciated. Regards, kazuya hello kazuya! some people here commented on the system call problems. i'd like to say some words about processIDs: You might want to consider useing the Page Directory Base Register (PDBR aka cr3 or in qemu-x86 env-cr[3]) to idenify differnet processes. afaik it is then OS-dependant how to get the corresponding PID. I did this for windows and i assume it's a lot easier to do the same for linux/*BSD (as the source is available). Since you probably will need to check for the current process quite often, the shorter access times for this information might come in handy. cheers m. ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Access to QEMU's guest physical memory
Am Mittwoch, den 13.09.2006, 12:05 +0200 schrieb G Portokalidis:
Hello,
I have been in the process of porting Argos to Qemu 0.8.2.
In case you haven't heard of Argos, it's basically Qemu extended to
track network data entering the emulator to identify their illegal use
(exploits, etc).
I am using the softmmu to track all accesses to physical memory to
track which memory addresses are occupied by network data.
I am trying to figure out all the possible ways guest physical memory
is accessed at runtime. Besides the softmmu, i also identified that
DMA also access physical memory using cpu_physical_memory_rw(), in
exec.c.
Do any virtual peripherals access guest physical memory without using
the above call, or is memory altered by Qemu's dynamic translation (or
other components)?
I must be missing something, since i have noticed that when memory is
cluttered with network data (because of using IE for example),
starting a new application reports that values used in jmp
instructions (op_jmp_T0, in op.c) come from the network, while that is
not the case.
It seems that loading a new executable to guest memory is not tracked,
and as a result a page previously used by IE is not cleaned. Another
thought is that maybe the translation writes data to guest physical
memory, but from what i understand of Qemu translation seems to only
touch host memory.
If any of the developers could help, it would be appreciated.
I have spent many hours going through Qemu's code without result.
Thanks in advance, and I hope this is not immediately discarded as
being too long. :-P
Cheers,
George
Hello George,
I've read the ARGOS paper - good paper! I'm not familiar with the argos
source code but I've encountered the situation that windows clears pages
with 8byte (64-bit) wide st operations consisting of all 0s. (even on
32bit win2k), and it gave me a lot of the same stuff you're describing
above when I thought that 32bit windows only does 32bit memwrites. (I
instrumented the ld/st macros in softmmu_{header,template}.h for that
purpose)
if you find anything else please let me know since I'm very interested
in that.
cheers
m.
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH] specify device_name for commit
Hello all!
With this patch only the specified device gets commited.
Since this is my first attempt to send a patch to the list, please let
me know what you think of it.
cheers
m.
Index: monitor.c
===
RCS file: /sources/qemu/qemu/monitor.c,v
retrieving revision 1.54
diff -u -r1.54 monitor.c
--- monitor.c 16 Jul 2006 18:57:03 - 1.54
+++ monitor.c 28 Jul 2006 21:32:45 -
@@ -24,6 +24,7 @@
#include vl.h
#include disas.h
#include dirent.h
+#include block_int.h
//#define DEBUG
//#define DEBUG_COMPLETION
@@ -167,13 +168,15 @@
help_cmd(name);
}
-static void do_commit(void)
+static void do_commit(const char *device)
{
-int i;
-
+int i, all_devices;
+
+all_devices = !strcmp(device, all);
for (i = 0; i MAX_DISKS; i++) {
if (bs_table[i]) {
-bdrv_commit(bs_table[i]);
+ if (all_devices || !strcmp(bs_table[i]-device_name, device))
+ bdrv_commit(bs_table[i]);
}
}
}
@@ -1138,8 +1141,8 @@
static term_cmd_t term_cmds[] = {
{ help|?, s?, do_help,
[cmd], show the help },
-{ commit, , do_commit,
- , commit changes to the disk images (if -snapshot is used) },
+{ commit, s, do_commit,
+ device|all, commit changes to the disk images (if -snapshot is used) },
{ info, s?, do_info,
subcommand, show various information about the system state },
{ q|quit, , do_quit,
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] [PATCH] add 'monitor' and 'mwait' instruction
Am Freitag, den 07.07.2006, 14:30 +0200 schrieb Joachim Henke: Could you please check, if the attached patch works for you? A quick test showed that Linux boots fine with the MONITOR flag set now. This patch adds 'monitor' and 'mwait' as nops, as suggested by Fabrice. hello just tested the patch against 0.8.1 and current cvs and at least here it does not work: still Kernel panic - not syncing: Attempted to kill init! im on a pentium D with ubuntu 6.06server as guest os (debian sarge host) cheers m btw: when i patch mwait.diff in the qemu-src directory patch cannot find the files to patch and asks me for their location - did i do anything wrong? ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] vmware puts up specs for it's disk format
Am Montag, den 03.04.2006, 19:55 -0400 schrieb Jim C. Brown: On Tue, Apr 04, 2006 at 12:23:41AM +0200, Udo 'Robos' Puetz wrote: At least this could be used for qemu to import the vmdk images... Cheers Robos This is already supported, as is creating them and using them directly. (I was amazed when I first found out as well.) afaik they are only supported when the images consist of only 1 file. at least i was not able to run split images (e.g. every 2gb) as always i might be wrong on this cheers maestro ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] vmware puts up specs for it's disk format
Am Dienstag, den 04.04.2006, 09:36 -0400 schrieb Jim C. Brown: On Tue, Apr 04, 2006 at 10:09:06AM +0200, maestro wrote: This is already supported, as is creating them and using them directly. (I was amazed when I first found out as well.) afaik they are only supported when the images consist of only 1 file. at least i was not able to run split images (e.g. every 2gb) as always i might be wrong on this Your right about this - but I talked to one of the vmdk developers, and he said that the lack of support was due to the lack of demand. (It is real easy to use dd to convert split images into single images, so support for this is not really needed.) Basically, if u want split images to be supported in qemu, speak up now. ;) well want them to be supported might be a little too much - i just think if some of the devs are bored this might be a way to save some people from hours/minutes hanging around the irc-channel and/or mailing list. just my 0.02eur cheers maestro ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Keyboard/Mouse issues on WinXP loadvm
Am Mittwoch, den 29.03.2006, 21:26 -0500 schrieb Andrew Barr: The virtual keyboard and mouse appear to be confused after loadvm'ing on Windows XP SP2 (and 2000 SP4 as well) guest (Qemu CVS on Linux host). The control key appears to be stuck down. While looking for something unrelated in the mailing list archives, I found these: http://lists.gnu.org/archive/html/qemu-devel/2005-05/msg00021.html http://lists.gnu.org/archive/html/qemu-devel/2005-05/msg0.html It appears to be describing the exact same problem, but on a Linux guest. The suggested solution was to press Ctrl, Shift, Alt one after the other after restoring the VM. This doesn't appear to work on my Windows guest. Is there another way to fix this? i dont know if it is the exactly same bahavior i encountered: here the keys were totaly messed up (i used cvs version) on #qemu irc-channel a patch for this was posted at the url: http://jma-box.student.umd.edu:8080/ps2.diff this might help - at least it did help fixing my problem. cheers maestro p.s. paul brooks: is this to be going into cvs at some point, or did it already happen and i missed it ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
