Pass active cr3 info to page_cache_fetch function #4
Comments
|
On the surface, that seems quite simple, but it becomes quite a bit more involved once we think about it: how do you handle address collisions in the disassembler? We would need to keep one CFG copy for each CR3 and we would need to switch between those, I guess. Would you also need one bitmap per CR3? Maybe, we could return from the decoder with a "(CR3 Switch to u64, decoding stopped here: u8*, size_remaining: usize)" tuple, allowing the logic to multiplex between different decoders, but that would be somewhat more involved. |
|
Juggling multiple decoders would be fine if each is assosciated with an address space. In the long term this will be something we'll need as we would want to be able to fuzz code crossing address spaces. |
|
I don't think this is super relevant to our use case for the while being, but I would gladly merge a patch. |
Currently the
page_cache_fetchfunction only receives a virtual address to be retrieved. While this is sufficient for small traces where the target process is known, if we are tracing across processes or between kernel and userspace, we need to know what table to use to translate the virtual address with to grab the underlying page. As this information is carried in the PT buffer, having an "active pt" variable should be very low overhead on thelibxdcside.The text was updated successfully, but these errors were encountered: