2010/11/5 Tim Deegan <Tim.Deegan@xxxxxxxxxx>
At 01:32 +0000 on 05 Nov (1288920725), ding baozeng wrote:I'm not sure shadow pagetables are the right place to do this - have you
> I want to create another address space for security analysis. In this
> address space, we could access all the kernel address space, but the
> kernel address space could not access some memory of it.
thought about having your security code in another VM?
If I put the security code out-of-vm, the overhead is not satisfactory.
need to stop the kernel mapping the secure memory in its own pagetables,
granting it to other VMs, DMAing to it, &c. Also what if you want to
I use the SPT to obtain security effect and the overhead is also small. I would disable EPT. When putting the security code in-vm, I further use the VT-d technology, CR3_TARGET_LIST to decrease the overhead. As we know, when processes switch, it would update CR3, and so trap into xen, which bring up a lot of overhead. But after we write the value of CR3 into the CR3_TARGET_LIST, it would not trap into xen when process switch. So I would create another address space to put the security code and put the address of its shadow page into CR3_TARGET_LIST. (when you have time, please take look at the paper in attachment, thx)
> So thisIf this address space is identified by its own %CR3 value then there
> address space need to create its own shadow pages. In the shadow
> pages, they contain all the mapping that kernel shadow pages have, and
> also contains some mapping for the memory that the kernel could not
> access. The shadow pages are always in memory. So there would be two
> shadows, one for kernel, one for this address space.
Do you mean when the hvm domain is created, its shadow page for the kernel is built already? I thought spt is empty first, but when we access the kernel space, the spt entry is built for it. Am I right?
- all you need to do is modify guest_walk_tables to add the
extra mappings whenever %CR3 holds the right value and everything will
> First, I want to
> copy the kernel shadow pages and then make some change to create the
> shadow pages we need. As we know, the kernel shadow pages is built
> dynamically, then how to copy it and make it in memory always?
Tim Deegan <Tim.Deegan@xxxxxxxxxx
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)