This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Accessing memory of a different domain

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Accessing memory of a different domain
From: Axel Tanner <axs@xxxxxxxxxxxxxx>
Date: Tue, 22 Mar 2005 12:12:13 +0100
Delivery-date: Tue, 22 Mar 2005 11:19:13 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx

In the context of security and intrusion detection, I would be interested in reading & understanding kernel structures of a 'production domain' (i.e. unprivileged domain -> domainN) from the privileged domain (-> domain0).

Now, as far as I can see currently, assuming that I know the virtual address Xv of an interesting kernel struct in domainN, this could be translated by domainN into a machine physical address Xm via the virt_to_machine() macro.
The domain0 could then take this machine address to get access to the corresponding page via map_domain_mem(), and thereby be able to read the value in address Xm.

But then, for most interesting structs, this single value will not be sufficient, but the struct will contain pointers, which are given as virtual addresses of domainN - and as far as I can see, the domain0 won't be able to follow these addresses, since it does not have the virt_to_machine() translation of domainN - correct?

Is there a way to resolve this?

Well, I am still a newbie with Xen, so please bear with me ...

Finally, I also saw some notes in the xen-devel list about  'grant tables', which seem related to my question - but as far as I understand, are not yet working. Would they be of help here?

Many thanks for any help!
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] Accessing memory of a different domain, Axel Tanner <=