[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] create shadow pages

  • To: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
  • From: ding baozeng <baozengding@xxxxxxxxx>
  • Date: Fri, 5 Nov 2010 19:42:39 +0800
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 05 Nov 2010 04:43:36 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=M/wzoRwmqVUFURpgVRyvg3ZssHZZvU3QdLFlDzbZj8WtHzp2oj5fOnkLomVPGbSg8Z vj0zVWCjHlJJjyyndOLOooVaPlzFQ3zYxM+03qvDZQ+sy21DTucIuZEPLmLDrc4H1dSF y/Pr7IkDLlfNhrCUWd/eq/L2U1zk3Yv05Lp6k=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>


2010/11/5 Tim Deegan <Tim.Deegan@xxxxxxxxxx>
At 01:32 +0000 on 05 Nov (1288920725), ding baozeng wrote:
> I want to create another address space for security analysis. In this
> address space, we could access all the kernel address space, but the
> kernel address space could not access some memory of it.

I'm not sure shadow pagetables are the right place to do this - have you
thought about having your security code in another VM?  
If I put the security code out-of-vm, the overhead is not satisfactory.
Otherwise you
need to stop the kernel mapping the secure memory in its own pagetables,
granting it to other VMs, DMAing to it, &c.  Also what if you want to
use EPT/NPT?

I use the SPT to obtain security effect and the overhead is also small. I would disable EPT. When putting the security code in-vm, I further use the VT-d technology, CR3_TARGET_LIST to decrease the overhead. As we know, when processes switch, it would update CR3, and so trap into xen, which bring up a lot of overhead.  But after  we write the value of CR3  into the CR3_TARGET_LIST, it would not trap into xen when process switch. So I would create another address space to put the security code and put the address of its shadow page into CR3_TARGET_LIST. (when you have time, please take look at the paper in attachment, thx)
> So this
> address space need to create its own shadow pages. In the shadow
> pages, they contain all the mapping that kernel shadow pages have, and
> also contains some mapping for the memory that the kernel could not
> access. The shadow pages are always in memory. So there would be two
> shadows, one for kernel, one for this address space.

If this address space is identified by its own %CR3 value then there
already are
Do you mean when the hvm domain is created, its shadow page for the kernel is built already? I thought spt is empty first, but  when we access the kernel space, the spt entry is built for it. Am I right?
- all you need to do is modify guest_walk_tables to add the
extra mappings whenever %CR3 holds the right value and everything will
work out.

Cheers,

Tim.

> First, I want to
> copy the kernel shadow pages and then make some change to create the
> shadow pages we need.  As we know, the kernel shadow pages is built
> dynamically, then how to copy it and make it in memory always?

--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.