Address Collision using i386 4G/4G Memory Split

Konstantin Belousov kostikbel at
Tue Dec 18 10:33:38 UTC 2018

On Tue, Dec 18, 2018 at 11:22:53AM +0100, Alexander Lochmann wrote:
> >> Some context: We are doing VM-based tracing in the FreeBSD kernel. For
> >> that, we observe parts of the kernel memory (allocations, accesses,...).
> >> Before 12.0 we simply knew that kernel addresses that we logged were
> >> unique. Moreover, when a memory access to a region of interest happened
> >> we knew that could only be kernel memory.
> >> We know have to ensure that we only record memory accesses that happen
> >> within the kernel.
> >> Our approach is to record the kernels value for the CR3 register, and
> >> record memory accesses if the CR3 registers holds the aforementioned value.
> > You must use CPL to see if the current operation mode is user or kernel.
> > If user, nothing should be done (this would avoid vm86). If kernel, you
> > need to compare current %cr3 with IdlePTD (IdlePTDP for PAE case).
> > 
> Thanks for the advice!  We'll include that in our toolchain.
> Do you use PLs other than 0(=kernel) and 3(=user)?
No, only 0 and 3.  But be careful with vm86 (I am not sure how your VM
reports it to your instrumentation).

More information about the freebsd-stable mailing list