[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Accessing memory of a different domain

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
From: Axel Tanner <axs@xxxxxxxxxxxxxx>
Date: Tue, 22 Mar 2005 12:12:13 +0100
Delivery-date: Tue, 22 Mar 2005 11:19:13 +0000
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

In the context of security and intrusion detection, I would be interested in reading & understanding kernel structures of a 'production domain' (i.e. unprivileged domain -> domainN) from the privileged domain (-> domain0).

Now, as far as I can see currently, assuming that I know the virtual address Xv of an interesting kernel struct in domainN, this could be translated by domainN into a machine physical address Xm via the virt_to_machine() macro.
The domain0 could then take this machine address to get access to the corresponding page via map_domain_mem(), and thereby be able to read the value in address Xm.

But then, for most interesting structs, this single value will not be sufficient, but the struct will contain pointers, which are given as virtual addresses of domainN - and as far as I can see, the domain0 won't be able to follow these addresses, since it does not have the virt_to_machine() translation of domainN - correct?

Is there a way to resolve this?

Well, I am still a newbie with Xen, so please bear with me ...

Finally, I also saw some notes in the xen-devel list about 'grant tables', which seem related to my question - but as far as I understand, are not yet working. Would they be of help here?

Many thanks for any help!
Axel

Prev by Date: Re: [Xen-devel] [PATCH] libxen-3.0 (libxc rewrite)
Next by Date: RE: [Xen-devel] PAE support revisited
Previous by thread: [Xen-devel] Distro for Xen?
Next by thread: [Xen-devel] [PATCH] tool xfrd x86-64 compilation fix.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.