|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Blocking CR and MSR writes via mem_access?
On 10/03/14 19:22, Tamas K Lengyel wrote: > > > On Fri, Oct 3, 2014 at 2:37 PM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx > <mailto:andrew.cooper3@xxxxxxxxxx>> wrote: > > On 03/10/14 13:32, Tamas K Lengyel wrote: >> >> On Thu, Oct 2, 2014 at 12:49 PM, Razvan Cojocaru >> <rcojocaru@xxxxxxxxxxxxxxx <mailto:rcojocaru@xxxxxxxxxxxxxxx>> wrote: >> >> Hello, >> >> Currently hvm_memory_event_cr3() and the other >> hvm_memory_event_*() >> functions in hvm.c can pause the VCPU and send a mem_event >> with the new >> value of the respective register, but especially in the case of CR >> events (as opposed to MSR events), this is done _after_ the >> value is set >> (please see hvm_set_cr3() in hvm.c). >> >> It would be interesting from a memory introspection >> application's point >> of view to be able to receive a mem_event _before_ the value >> is set, and >> important to be able to veto the change. >> >> A few questions: >> >> 1. Would it be acceptable to move the CR3 event sending code >> so that a >> mem_access client would receive the event _before_ the write takes >> place? Is this likely to break other mem_event clients that >> might rely >> on the event being received _after_ the value has been set? >> >> >> Yes, it would break existing applications. >> >> >> 2. I see that mem_event responses from all these cases (EPT >> violations, >> CR, MSR) are handled in p2m.c's p2m_mem_access_resume() (seems >> to be >> confirmed by testing). Is this correct? >> >> 3. What would be the sanest, most elegant way to modify Xen so >> that >> after a mem_event reply is being received for one of these >> cases (CR, >> MSR), the write will then be rejected? I'm asking because, as >> always, >> ideally this would also benefit other Xen users and an elegant >> patch is >> always more likely to find its way into mainline than a quick >> hack. >> >> >> You can already block such writes with the existing post-write >> event delivery. If you are continuously watching for writes, you >> know what the previous value was (for CR events it is actually >> delivered to you by Xen as well as per my recent patch). If you >> don't like a particular new value that was set, just reset it to >> the value you had / want. >> >> Tamas > > That doesn't work if you join an event listener between the previous > MSR write and one you wish to veto. > > > Yes, that's correct. That's why I said it works if you continuously > monitor for writes. I think that's a reasonable assumption. We could > also make the MSR write events deliver the previous value as well > similar to how the CR events do it. Anyway, AFAIU the hardware traps > always happen before the write so technically both approaches are > pre-write from the guest's perspective. It is a reasonable assumption in our case too, so at least for now Tamas' suggestion should work for CR post-write events. It would indeed be better if the previous value would be sent for MSR events, the difference being that the MSR event is being sent in hvm_msr_write_intercept() where the old value is not immediately available (this is why I've implemented this event as not honouring HVMPME_onchangeonly when I've initially submitted the patch a few years ago). Thanks, Razvan Cojocaru _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |