[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Problem with using Libvmi or xenaccess with xen


On Mon, Jul 8, 2013 at 9:25 AM, Mina Jafari <ai.minajafari@xxxxxxxxx> wrote:

Hi all,
Can dom0 have enough privilege to access domu's kernel memory using Libvmi functions?
Libvmi use xenaccess functions in fact, and as it is a user space library I'm asking this.

I wanna read system call table of domu through dom0.

Thanks
 
Mina,

Use of LibVMI in this manner should provide the basic foundational components that you require: Domain 0 has implicit privilege to access domU memory as a consequence of being the privileged management domain, and LibVMI operations from dom0 should work without changes to your Xen configuration. I would recommend that you begin observation in dom0 as a path of least resistance.

It is possible to use LibVMI within a domU to examine other domUs, but only via a XSM policy. Such a policy must grant to the observing domU ability to invoke a variety of privileged operations upon the target domU.  This is really only viable with Xen 4.3 and a recent kernel in the observing domU -- the XSM wiki page has more information.

Always keep in mind that you are inspecting untrusted, potentially malicious memory; be very cautious with the data LibVMI provides.

Steve 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.