[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH RFC 6/9] xen, libxc: Request page fault injection via libxc
On 03/07/2014 09:23, Mihai DonÈu wrote: On Wednesday 02 July 2014 18:07:20 Andrew Cooper wrote:On 02/07/14 17:58, Mihai DonÈu wrote:On Wed, 2 Jul 2014 17:00:08 +0100 Andrew Cooper wrote:On 02/07/14 16:51, Jan Beulich wrote:There were times when we wanted to get certain information from the guest but couldn't because it was swapped out. We now handle that situation by injecting a #PF and then let the OS respond as it would under a normal circumstance. After the data is brought in, it traps again into our application and we get what we need, but yes, it requires deep knowledge about the guest OS in order to do it without crashing it. It's doable only if you have the means necessary to inspect its state fully, which is why some of the submitted patches exist.What is the threat model here? It seems to me that the only safe place to organise this is from a device driver in the guest.This patch by itself does not address an in-guest security issue, it merely helps implement a number of guards. For example, if we want to audit all attempts to write into the .text area of an application by other applications (via process_vm_writev() or equivalent) we need to first bring in the complete .text sections of all modules. I forgot to mention before, but this patch can be used to bring in pages from memory mapped files (executables / shared objects). This can indeed be done in a much easier fashion directly from the guest kernel, but we are envisioning a security tool that acts completely from outside the domain and firmly believe that the amount of work needed to do this will be worth it. Ok. So you are looking for a way to force arbitrary pages to be paged in?I cant see how this could ever be safe from outside the VM. At the very best you will have to wait until the correct virtual address space is in context (which is not as easy as relying on cr3), probably wait until the vcpu is executing userspace code, and even then you are still fighting with the guest OS's paging-out algorithm. This certainly isn't something can be done safely as a toolstack hypercall.While I can see what you intend to do with the feature, I still can't see how it would actually work given the infrastructure in this series. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |