[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 00/12] Alternate p2m: support multiple copies of host p2m


Testability is still a potential issue. We have offered to make our internal
Windows test binaries available for intra-domain testing. Tamas has
been working on toolstack support for cross-domain testing with a slightly
earlier patch series, and we hope he will submit that support.

Hi Ed,
the toolstack support for externel monitoring seems to be functioning now. I can post it separately but IMHO it would make most sense to just append it to the series (if you plan to submit it again), or wait till your side gets merged. My branch can be found at https://github.com/tklengyel/xen/tree/altp2m_mine.

I've extended xen-access to exercise this new feature taking into account some of the current limitations. Using the altp2m_write|exec options we create a duplicate view of the default hostp2m, and instead of relaxing the mem_access permissions when we encounter a violation, we swap the view on the violating vCPU while also enabling MTF singlestepping. When the singlestep event fires, we use the response to that event to swap the view back to the restricted altp2m view.

# ./xen-access 6 altp2m_write
xenaccess init
max_gpfn = ff000
starting altp2m_write 6
altp2m view created with id 1
Setting altp2m mem_access permissions.. done! Permissions set on 260171 pages.
Got event from Xen
Got event from Xen
PAGE ACCESS: rw- for GFN 272e (offset 000b98) gla 000000008272eb98 (valid: y; fault in gpt: n; fault with gla: y) (vcpu 0, altp2m view 1)
    Switching back to hostp2m default view!
Got event from Xen
Singlestep: rip=0000000082a1a634, vcpu 0
    Switching altp2m to view 1!
Got event from Xen
PAGE ACCESS: rw- for GFN 272e (offset 000b8c) gla 000000008272eb8c (valid: y; fault in gpt: n; fault with gla: y) (vcpu 0, altp2m view 1)
    Switching back to hostp2m default view!

Some of the more exotic features, such as the gfn remapping, is left as future work for now. We definitely have plans on utilizing it in the near future though and it is exposed via libxc but no toolside test exercises it at the moment.

Cheers!

--

www.novetta.com

Tamas K Lengyel

Senior Security Researcher

7921 Jones Branch Drive

McLean VA 22102

Email  tlengyel@novetta.com

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.