* System Call Interception
@ 2006-11-19 19:10 Neha Sood
2006-11-20 10:54 ` Petersson, Mats
2006-11-20 16:38 ` Anthony Liguori
0 siblings, 2 replies; 6+ messages in thread
From: Neha Sood @ 2006-11-19 19:10 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 800 bytes --]
Hi there,
I have a question related to intercepting guest OS system calls in Xen to provide logging mechanism. As a part of my project, i have to log all the system calls issued by the guest OS in the Xen hypervisor for secure logging. I am new to Xen and have been reading the source code. I have read about Fast Handler for system call. What is the fast handler and how the system call works in Xen. Could you please provide me some starting point how to do that?
Will it be a very difficult to log guest OS system calls in Xen ? If no, how to start with and what are files have to be changed.
I would really appreciate your help.
Thanks,
Neha
---------------------------------
Sponsored Link
Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate new house payment
[-- Attachment #1.2: Type: text/html, Size: 967 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: System Call Interception
2006-11-19 19:10 System Call Interception Neha Sood
@ 2006-11-20 10:54 ` Petersson, Mats
2006-11-20 16:38 ` Anthony Liguori
1 sibling, 0 replies; 6+ messages in thread
From: Petersson, Mats @ 2006-11-20 10:54 UTC (permalink / raw)
To: Neha Sood, xen-devel
> -----Original Message-----
> From: xen-devel-bounces@lists.xensource.com
> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Neha Sood
> Sent: 19 November 2006 19:10
> To: xen-devel@lists.xensource.com
> Subject: [Xen-devel] System Call Interception
>
>
> Hi there,
>
> I have a question related to intercepting guest OS system
> calls in Xen to provide logging mechanism. As a part of my
> project, i have to log all the system calls issued by the
> guest OS in the Xen hypervisor for secure logging. I am new
> to Xen and have been reading the source code. I have read
> about Fast Handler for system call. What is the fast handler
> and how the system call works in Xen. Could you please
> provide me some starting point how to do that?
>
> Will it be a very difficult to log guest OS system calls in
> Xen ? If no, how to start with and what are files have to be changed.
It may be difficult, seeing as Xen doesn't actually deal with OS system
calls per se. There is also, in the Linux kernel at least, a mechanism
for logging already, so what's wrong with that one?
Note that unless you trust the kernel itself, no logging mechanism that
relies on knowing how the kernel operates will be reliable. Consider
that there is a method of getting kernel priviliges from user-mode
somehow, the code could then install it's own kernel trap mechanism that
bypasses the regular mechanism of logging.
What if someone just redefines the regular kernel-trap interrupt number?
The syscall function is completely ignored by xen, and that is the
preferred way in modern kernels.
Not to mention the problems with "fully virtualized" OS's...
--
Mats
>
> I would really appreciate your help.
>
> Thanks,
> Neha
>
>
>
> ________________________________
>
> Sponsored Link
>
> Mortgage rates near 39yr lows. $510,000 Mortgage for
> $1,698/mo - Calculate new house payment
> <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-1
6416&moid=4119>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: System Call Interception
2006-11-19 19:10 System Call Interception Neha Sood
2006-11-20 10:54 ` Petersson, Mats
@ 2006-11-20 16:38 ` Anthony Liguori
2006-11-22 19:58 ` Mathieu Ropert
1 sibling, 1 reply; 6+ messages in thread
From: Anthony Liguori @ 2006-11-20 16:38 UTC (permalink / raw)
To: Neha Sood, xen-devel
Neha Sood wrote:
>
> Hi there,
>
> I have a question related to intercepting guest OS system calls in Xen
> to provide logging mechanism. As a part of my project, i have to log all
> the system calls issued by the guest OS in the Xen hypervisor for secure
> logging. I am new to Xen and have been reading the source code. I have
> read about Fast Handler for system call. What is the fast handler and
> how the system call works in Xen. Could you please provide me some
> starting point how to do that?
On i386 at least, syscalls are delivered directly to the guest (they
aren't intercepted by Xen).
I'm not sure if the same is true on x86-64 but at any rate, the first
thing to do would be to make sure Xen intercepts syscalls. You will
have to find some mechanism to "log" these events which will likely
involved a ring queue and some sort of daemon in dom0.
However, as Mats suggests, are you sure this is really what you want to
do? The audit infrastructure in Linux is designed just to do this sort
of thing...
Regards,
Anthony Liguori
> Will it be a very difficult to log guest OS system calls in Xen ? If no,
> how to start with and what are files have to be changed.
>
> I would really appreciate your help.
>
> Thanks,
> Neha
>
> ------------------------------------------------------------------------
> Sponsored Link
>
> Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo -
> Calculate new house payment
> <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-16416&moid=4119>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Re: System Call Interception
2006-11-20 16:38 ` Anthony Liguori
@ 2006-11-22 19:58 ` Mathieu Ropert
2006-11-23 15:52 ` Adrian Chadd
0 siblings, 1 reply; 6+ messages in thread
From: Mathieu Ropert @ 2006-11-22 19:58 UTC (permalink / raw)
To: Anthony Liguori; +Cc: Neha Sood, xen-devel
Anthony Liguori wrote:
> Neha Sood wrote:
>>
>> Hi there,
>>
>> I have a question related to intercepting guest OS system calls in
>> Xen to provide logging mechanism. As a part of my project, i have to
>> log all the system calls issued by the guest OS in the Xen hypervisor
>> for secure logging. I am new to Xen and have been reading the source
>> code. I have read about Fast Handler for system call. What is the
>> fast handler and how the system call works in Xen. Could you please
>> provide me some starting point how to do that?
>
> On i386 at least, syscalls are delivered directly to the guest (they
> aren't intercepted by Xen).
>
> I'm not sure if the same is true on x86-64 but at any rate, the first
> thing to do would be to make sure Xen intercepts syscalls. You will
> have to find some mechanism to "log" these events which will likely
> involved a ring queue and some sort of daemon in dom0.
All syscalls go through Xen on x86-64 (as guest runs in ring3), so you
can insert some logs in the handling code (xen/arch/x86/x86_64/entry.S).
But as stated before, would be much easier to do it in the guest kernel
code for most OS. Now if you talk about logging calls from a
non-modified guest (using HVM), it should be theorically possible but i
don't where you should insert your code (probably in the interrupt
handling code somewhere in xen/arch/x86/hvm, can't be more precise
though, don't know this part very well).
About the "fast" system call, it's a new feature added on x86-64 (and i
think on the lastest x86 CPUs) to handle what it names says "fast system
calls". It's used as an alternative to the software interrupts
(generated by the "int" instruction) to handle system call faster than
the usual way. They are entered via the "syscall" instruction and exited
with "sysret" (some processors also implements the "sysenter" and
"sysexit" instructions, check Intel/AMD manuals for more detail).
Regards,
Mathieu
>
> However, as Mats suggests, are you sure this is really what you want
> to do? The audit infrastructure in Linux is designed just to do this
> sort of thing...
>
> Regards,
>
> Anthony Liguori
>
>> Will it be a very difficult to log guest OS system calls in Xen ? If
>> no, how to start with and what are files have to be changed.
>>
>> I would really appreciate your help.
>>
>> Thanks,
>> Neha
>>
>> ------------------------------------------------------------------------
>> Sponsored Link
>>
>> Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo -
>> Calculate new house payment
>> <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-16416&moid=4119>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Re: System Call Interception
2006-11-22 19:58 ` Mathieu Ropert
@ 2006-11-23 15:52 ` Adrian Chadd
0 siblings, 0 replies; 6+ messages in thread
From: Adrian Chadd @ 2006-11-23 15:52 UTC (permalink / raw)
To: xen-devel
> >On i386 at least, syscalls are delivered directly to the guest (they
> >aren't intercepted by Xen).
Also note that not all syscalls on all OSes are implemented the same
way - eg stuff like getpid()/gettimeofday() might end up mapping to
some data hiding away in a page mapped to all processes. I'm not sure
Xen would even get involved in that (besides, perhaps, being involved
in page mapping?)
I forget which OSes I've seen do this by using dynamic linking magic;
solaris maybe?
Adrian
^ permalink raw reply [flat|nested] 6+ messages in thread
* System Call Interception
@ 2006-11-19 6:53 Neha Sood
0 siblings, 0 replies; 6+ messages in thread
From: Neha Sood @ 2006-11-19 6:53 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 751 bytes --]
Hi there,
I have a question related to intercepting guest OS system calls in Xen to provide logging mechanism.
As a part of my project, i have to log all the system calls issued by the guest OS in the Xen hypervisor for
secure logging. I am new to Xen and have been reading the source code. I have read about Fast Handler for system call. What is the fast handler and how the system call works in Xen. Could you please provide me some starting point how to do that?
Will it be a very difficult to log guest OS system calls in Xen ? If no, how to start with and what are files have to be changed.
I would really appreciate your help.
Thanks,
Neha
Send instant messages to your online friends http://uk.messenger.yahoo.com
[-- Attachment #1.2: Type: text/html, Size: 983 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-11-23 15:52 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-19 19:10 System Call Interception Neha Sood
2006-11-20 10:54 ` Petersson, Mats
2006-11-20 16:38 ` Anthony Liguori
2006-11-22 19:58 ` Mathieu Ropert
2006-11-23 15:52 ` Adrian Chadd
-- strict thread matches above, loose matches on Subject: below --
2006-11-19 6:53 Neha Sood
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.