WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] How to check a physical address belonging to a PV guest or n

To: xen-devel@xxxxxxxxxxxxxxxxxxx, Angelos Stavrou <astavrou@xxxxxxx>
Subject: [Xen-devel] How to check a physical address belonging to a PV guest or not?
From: Jiang Wang <jwangzju@xxxxxxxxx>
Date: Tue, 5 May 2009 22:10:10 -0400
Cc:
Delivery-date: Tue, 05 May 2009 19:10:37 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=2Lp50CmPCVPl0DXNEdvCLLAjTHa1qtuMCb9IuqRI4qM=; b=HT8PVj1K/4tNd1YzvBL3Ok3IV0pvjMhc3xHULvz1JBpldrydUuXdL7OQ5H8Q960nVw thpfzOeGSv/hghIV6K5u0naACXdg8Mjym3PCSPZdVZYXY4AMOR1jHqnKv9rH899hF4MB aAJBL75gmQCICOZCSdpd7NahxRuqN4mKoamYY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=DdQABskpcdsxV441XQLoEOJyOci+nvwsZvovO0wa0+ugS+Gog3P1Q0Z+nG7DwiVWwQ vjQRDpanYWnpN717t6swkhSAsJMlrxH53WlNzATFfi06qUBHwqEe21d/2HtQmwJtbxRa qNBH40/+l4JTcobryygpycn2OZ+2FjanUwJA8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi:

I am working on a research project to protect against malicious device
drivers without using IOMMU. Currently, a driver domain is trusted. A
compromised driver can potentially use DMA to access the physical
address that belong to other domains and steal some information. IOMMU
can prevent this. But I think software protection is also feasible.

For example, on x86-32 architecture, the dom0 or domU is running at
ring 1. The access to the IO ports are trapped and then checked
against IO or memory permission. I want to add extra check, which not
only check whether the port (or memory) is allowed to access by a
domain but also check the actual parameter for the IO access. The
hypervisor should somehow know which IO port is for DMA access. It can
then check the physical access for the DMA. If the physical address is
not belonging to the calling PV guest, permission denied.
I have two questions:
1) What is a good way to notify the hypervisor that an IO port (or
memory) is for DMA? Maybe use some booting options? Or configuration
files for domU? Is there any configuration files for dom0? Any
examples?
2) How to check a physical address belonging to a guest or not? I
guess when the device driver in a PV tries to write an IO port, it is
using machine address, right? After the hypervisor gets that address,
how to find out it is legal or not? Use some function to get the mfn
for that address and search it in the dom's machine frame table?
Any suggestions or comments? Thanks.

Regards,

Jiang

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] How to check a physical address belonging to a PV guest or not?, Jiang Wang <=