From: Mark Williamson <mark.williamson@cl.cam.ac.uk>
To: xen-devel@lists.xensource.com
Cc: Matthew Donovan <matthew@atc-nycorp.com>
Subject: Re: Hypervisor to dom0 communication
Date: Fri, 11 Jul 2008 15:47:15 +0100 [thread overview]
Message-ID: <200807111547.15570.mark.williamson@cl.cam.ac.uk> (raw)
In-Reply-To: <60D45469A1AAD311A04C009027B6BF680651E008@SERVER20>
> I am working on a security tool that monitors various components (IDT,
> SSDT, etc) of a domU using VM introspection. Currently, we're using a
> polling method to monitor these in-core structions. We would like to be
> able to use a blocking method instead. I.e. specify "interesting" memory
> ranges and then wait until they are modified.
Sounds sensible.
> How can I get the hypervisor to alert a kernel module loaded in dom0 that
> something has happened? Can the alert include extra information such as
> the address that was modified?
Use a VIRQ to notify the dom0 kernel (search for VIRQ_* in
xen/include/public/xen.h). That's just an event notification, so you need to
include some other means of getting the data. At this point you could just
do a hypercall - which I assume is how you're currently polling so it might
be the most backwards-compatible way.
Another way of doing things would be to set up a shared memory region for your
communication channel and stuff information in there at the same time as
sending the VIRQ to dom0. You could also, if it suited your purposes, do the
VIRQ and shared memory interactions directly from dom0's userspace and avoid
the need for a kernel module altogether. See xen/common/trace.c and
tools/xentrace/* for an example of this being done.
Yet another alternative would be to use the trace buffer itself and convey
information using trace events. The trace buffer currently doesn't guarantee
not to drop messages so you'd need to either modify it to support lossless
semantics somehow or work around this in your code.
Cheers,
Mark
--
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)
next prev parent reply other threads:[~2008-07-11 14:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-10 12:26 Hypervisor to dom0 communication Matthew Donovan
2008-07-11 14:47 ` Mark Williamson [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-11-12 21:12 Razvan Cojocaru
2012-11-13 9:59 ` Ian Campbell
2012-11-13 10:26 ` Razvan Cojocaru
2012-11-13 10:36 ` Ian Campbell
2012-11-13 10:49 ` Razvan Cojocaru
2012-11-13 11:12 ` Ian Campbell
2012-11-13 11:24 ` Razvan Cojocaru
2012-11-15 14:26 ` Steven Maresca
2012-11-15 14:37 ` Razvan Cojocaru
2012-11-16 16:51 ` Razvan Cojocaru
2012-11-15 12:10 ` Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200807111547.15570.mark.williamson@cl.cam.ac.uk \
--to=mark.williamson@cl.cam.ac.uk \
--cc=matthew@atc-nycorp.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).