[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Possible to prevent dom0 accessing guest memory?

To: xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Mon, 14 Nov 2016 14:51:34 +0000
Delivery-date: Mon, 14 Nov 2016 14:51:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

Hello,

Please forgive me if this is a naive question but I do not know this
low-level stuff very well.

If the ability of the toolstack to dump a guest's memory (e.g. xl
dump-core) were disabled on the hypervisor side, would there be any
other way to do so from dom0 without rebooting the machine into a
hypervisor that had the capability re-enabled?

I understand dom0 has privileges to map devices to guests; does that
give it a way to read arbitrary memory without need of toolstack
support?

The purpose of my question is in seeing if disk encryption in VMs
can be made slightly more useful. If there were no way for root in
dom0 to read guest memory without rebooting into a different
hypervisor then I think that would be a useful step.

Cheers,
Andy

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Possible to prevent dom0 accessing guest memory?
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH] x86: re-add stack alignment check
Next by Date: [Xen-devel] [PATCH] libxl: QED disks support
Previous by thread: [Xen-devel] [ovmf test] 102220: all pass - PUSHED
Next by thread: Re: [Xen-devel] Possible to prevent dom0 accessing guest memory?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.