[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.

To: Sergej Proskurin <proskurin@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Mon, 1 Aug 2016 19:15:23 +0100
Delivery-date: Mon, 01 Aug 2016 18:15:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 01/08/16 18:10, Sergej Proskurin wrote:


Hello all,


Hello Sergej,

The following patch series can be found on Github[0] and is part of my
contribution to this year's Google Summer of Code (GSoC)[1]. My project is
managed by the organization The Honeynet Project. As part of GSoC, I am being
supervised by the Xen developer Tamas K. Lengyel <tamas@xxxxxxxxxxxxx>, George
D. Webster, and Steven Maresca.

In this patch series, we provide an implementation of the altp2m subsystem for
ARM. Our implementation is based on the altp2m subsystem for x86, providing
additional --alternate-- views on the guest's physical memory by means of the
ARM 2nd stage translation mechanism. The patches introduce new HVMOPs and
extend the p2m subsystem. Also, we extend libxl to support altp2m on ARM and
modify xen-access to test the suggested functionality.

To be more precise, altp2m allows to create and switch to additional p2m views
(i.e. gfn to mfn mappings). These views can be manipulated and activated as
will through the provided HVMOPs. In this way, the active guest instance in
question can seamlessly proceed execution without noticing that anything has
changed. The prime scope of application of altp2m is Virtual Machine
Introspection, where guest systems are analyzed from the outside of the VM.

Altp2m can be activated by means of the guest control parameter "altp2m" on x86
and ARM architectures.  The altp2m functionality by default can also be used
from within the guest by design. For use-cases requiring purely external access
to altp2m, a custom XSM policy is necessary on both x86 and ARM.

As said on the previous version, altp2m operation *should not* beexposed to ARM guest. Any design written for x86 may not fit exactly forARM (and vice versa), you will need to explain why you think we shouldfollow the same pattern.

Speaking about security, I skimmed through the series and noticed that alot of my previous comments have not been addressed. For instance thereare still no locking on the altp2m operations and a guest could disablealtp2m.


I will give a look to the rest of the series once this is fixed.

Regards,

The current code-base is based on Julien Grall's branch abort-handlers-v2[2].

[0] https://github.com/sergej-proskurin/xen (branch arm-altp2m-v2)
[1] https://summerofcode.withgoogle.com/projects/#4970052843470848
[2] git://xenbits.xen.org/people/julieng/xen-unstable.git (branch 
abort-handlers-v2)


Sergej Proskurin (25):
  arm/altp2m: Add first altp2m HVMOP stubs.
  arm/altp2m: Add HVMOP_altp2m_get_domain_state.
  arm/altp2m: Add struct vttbr.
  arm/altp2m: Move hostp2m init/teardown to individual functions.
  arm/altp2m: Rename and extend p2m_alloc_table.
  arm/altp2m: Cosmetic fixes - function prototypes.
  arm/altp2m: Add altp2m init/teardown routines.
  arm/altp2m: Add HVMOP_altp2m_set_domain_state.
  arm/altp2m: Add altp2m table flushing routine.
  arm/altp2m: Add HVMOP_altp2m_create_p2m.
  arm/altp2m: Add HVMOP_altp2m_destroy_p2m.
  arm/altp2m: Add HVMOP_altp2m_switch_p2m.
  arm/altp2m: Make p2m_restore_state ready for altp2m.
  arm/altp2m: Make get_page_from_gva ready for altp2m.
  arm/altp2m: Extend __p2m_lookup.
  arm/altp2m: Make p2m_mem_access_check ready for altp2m.
  arm/altp2m: Cosmetic fixes - function prototypes.
  arm/altp2m: Add HVMOP_altp2m_set_mem_access.
  arm/altp2m: Add altp2m_propagate_change.
  arm/altp2m: Add altp2m paging mechanism.
  arm/altp2m: Add HVMOP_altp2m_change_gfn.
  arm/altp2m: Adjust debug information to altp2m.
  arm/altp2m: Extend libxl to activate altp2m on ARM.
  arm/altp2m: Extend xen-access for altp2m on ARM.
  arm/altp2m: Add test of xc_altp2m_change_gfn.

 tools/libxl/libxl.h                 |   3 +-
 tools/libxl/libxl_create.c          |   8 +-
 tools/libxl/libxl_dom.c             |   4 +-
 tools/libxl/libxl_types.idl         |   4 +-
 tools/libxl/xl_cmdimpl.c            |  26 +-
 tools/tests/xen-access/xen-access.c | 162 ++++++++-
 xen/arch/arm/Makefile               |   1 +
 xen/arch/arm/altp2m.c               | 675 ++++++++++++++++++++++++++++++++++++
 xen/arch/arm/hvm.c                  | 129 +++++++
 xen/arch/arm/p2m.c                  | 430 ++++++++++++++++++-----
 xen/arch/arm/traps.c                | 126 +++++--
 xen/include/asm-arm/altp2m.h        |  79 ++++-
 xen/include/asm-arm/domain.h        |  16 +
 xen/include/asm-arm/flushtlb.h      |   4 +
 xen/include/asm-arm/p2m.h           |  68 +++-
 xen/include/asm-arm/processor.h     |  16 +
 16 files changed, 1594 insertions(+), 157 deletions(-)
 create mode 100644 xen/arch/arm/altp2m.c


--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.
  - From: Tamas K Lengyel

References:
- [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.
  - From: Sergej Proskurin

Prev by Date: [Xen-devel] [PATCH v2] arm/vm_event: get/set registers
Next by Date: [Xen-devel] [xen-unstable test] 99886: tolerable FAIL - PUSHED
Previous by thread: [Xen-devel] [PATCH v2 24/25] arm/altp2m: Extend xen-access for altp2m on ARM.
Next by thread: Re: [Xen-devel] [PATCH v2 00/25] arm/altp2m: Introducing altp2m to ARM.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.