[Xen-devel] Accessing memory of a different domain

[Axel Tanner <axs@xxxxxxxxxxxxxx>]

In the context of security and intrusion
detection, I would be interested in reading & understanding kernel
structures of a 'production domain' (i.e. unprivileged domain -> domainN)
from the privileged domain (-> domain0).

Now, as far as I can see currently,
assuming that I know the virtual address Xv of an interesting kernel struct
in domainN, this could be translated by domainN into a machine physical
address Xm via the virt_to_machine() macro.
The domain0 could then take this machine
address to get access to the corresponding page via map_domain_mem(), and
thereby be able to read the value in address Xm.

But then, for most interesting structs,
this single value will not be sufficient, but the struct will contain pointers,
which are given as virtual addresses of domainN - and as far as I can see,
the domain0 won't be able to follow these addresses, since it does not
have the virt_to_machine() translation of domainN - correct? 

Is there a way to resolve this?

Well, I am still a newbie with Xen,
so please bear with me ...

Finally, I also saw some notes in the
xen-devel list about  'grant tables', which seem related to my question
- but as far as I understand, are not yet working. Would they be of help
here?

Many thanks for any help!
Axel