WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Tracking DomU memory

To: "Petersson, Mats" <Mats.Petersson@xxxxxxx>, Diwaker Gupta <diwaker.lists@xxxxxxxxx>
Subject: RE: [Xen-users] Tracking DomU memory
From: Security Initiative Team <passrete@xxxxxxxxx>
Date: Tue, 9 Jan 2007 17:41:49 -0800 (PST)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 10 Jan 2007 01:37:02 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=KoVzcnw60mEyOs3eeB9iTDsbyxoNjsDhE8wibIy1ebW7AHr2VWovaxz6RQ46iLQwjaYBgiLrmmzq048KSlAyNjnHNKCirLgTnbxLmkz7iuyAj4GXIcHRGCB5UH7E+cjpU3g62ks7sMcVdw9lxmqeoIuF/ZQcVKJXS/9gqvLoEZg=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <907625E08839C4409CE5768403633E0B018E1805@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Is it possible for the "root" user of a guest domain to
update the "text" section of a user-level process in that guest domain?

The text section is mapped as read-only,
but is the "root" user privileged enough  to be able to
update the page-table entry (which will go through Xen)
to make it a writable mapping and then update it?



"Petersson, Mats" <Mats.Petersson@xxxxxxx> wrote:
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> Diwaker Gupta
> Sent: 15 December 2006 22:56
> To: Security Initiative Team
> Cc: Petersson, Mats; xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-users] Tracking DomU memory
>
> I actually want do to something similar, but simpler. I'm only
> interested in keeping track of pages that a guest domain is accessing
> (both reads and writes). I'm _not_ looking for the *exact* memory
> address -- just the physical page being accessed. Can log dirty be
> modified to keep track of read accesses as well?

This isn't far from what I'm doing (except I need to look at one or a
few pages, which makes life somewhat easier).

You'd have to change the page-table writes so that they are written with
"not present", and then update your statistics based on the page-fault.
You'll have to "fix" the fault and then reset the page-table, which is
probably easiest done by using the x86_emulate_memop() function
[alternatively, set the trace-bit in the flags on stack before exiting
the PF-handler, take the trace-interrupt, reset the page-table and
continue].

However, if you're doing this for every memory access of the guest,
you'll not get much work done... :-(

--
mats
>
> Thanks,
> Diwaker
>
> On 10/9/06, Security Initiative Team wrote:
> > My main purpose is to know when a user-level application in DomU
> > is updating its memory.
> > (Tracking changes to the stack segment might be too hard
> due to frequent
> > memory updates, so maybe only the "text" segment).
> >
> > I want to be able to track this from either Dom0 or the
> hypervisor layer,
> > whichever is easier.
> >
> > When is ptwr_emulated_update() used and when is do_mmu_update()
> > used?
> >
> > Thanks,
> > -Criag
> >
> >
> > "Petersson, Mats" wrote:
> >
> > What do you ACTUALLY want to do?
> >
> > log-dirty doesn't log to a file - it keeps track of "dirty"
> pages in a list
> > in memory, but doesn't actually store it in a file [ever, at all].
> >
> > do_mmu_update is possibly a good place to hook into, but it
> depends on what
> > you want to do... [And it's non-trivial code, so beware of
> complications
> > from changing it].
> >
> > You may want to look at ptwr_emulated_update, as that's
> used when the
> > do_mmu_update() hypercall isn't used to update a page-table-entry.
> >
> > --
> > Mats
> >
> >
> > ________________________________
> --
> Web/Blog/Gallery: http://floatingsun.net/blog
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>



__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>