>>> Konrad Rzeszutek Wilk <konrad.w...@oracle.com> 10/03/16 4:18 PM >>> >2) We could also do some form of restartable patching. That is seed the code >(where we are going to >put a trampoline) with 'CC'. Then do memcpy over the the 'CC' the new >instructions (jump). If the >NMI/MCE handler hits that code it would call the int3 - which we expand now to >take over and check >whether the EIP is in the location which we just seeded with 'CC' - and if so >it can memcpy the >trampoline code in (with a slight twist - we first memcpy the displacement, so >the start of a function >would be say: CC 00 23 00 10 - and then we do a single write to replace 'CC' >with 'E9'). Careful here: How do you mean to return from the int3 handler? You mustn't use IRET there, or else you unmask further NMIs.
Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
