WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] System Call Interception

To: "Neha Sood" <neha0405@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: RE: [Xen-devel] System Call Interception
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Mon, 20 Nov 2006 11:54:11 +0100
Delivery-date: Mon, 20 Nov 2006 03:01:36 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061119191018.6306.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AccMDnML6mRo3eHyReGCjkVcvHw/eQAgWwmw
Thread-topic: [Xen-devel] System Call Interception
 

> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Neha Sood
> Sent: 19 November 2006 19:10
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] System Call Interception
> 
> 
> Hi there,
> 
> I have a question related to intercepting guest OS system 
> calls in Xen to provide logging mechanism. As a part of my 
> project, i have to log all the system calls issued by the 
> guest OS in the Xen hypervisor for secure logging. I am new 
> to Xen and have been reading the source code. I have read 
> about Fast Handler for system call. What is the fast handler 
> and how the system call works in Xen. Could you please 
> provide me some starting point how to do that? 
> 
> Will it be a very difficult to log guest OS system calls in 
> Xen ? If no, how to start with and what are files have to be changed.

It may be difficult, seeing as Xen doesn't actually deal with OS system
calls per se. There is also, in the Linux kernel at least, a mechanism
for logging already, so what's wrong with that one? 

Note that unless you trust the kernel itself, no logging mechanism that
relies on knowing how the kernel operates will be reliable. Consider
that there is a method of getting kernel priviliges from user-mode
somehow, the code could then install it's own kernel trap mechanism that
bypasses the regular mechanism of logging. 

What if someone just redefines the regular kernel-trap interrupt number?

The syscall function is completely ignored by xen, and that is the
preferred way in modern kernels. 

Not to mention the problems with "fully virtualized" OS's...

--
Mats
> 
> I would really appreciate your help.
> 
> Thanks,
> Neha
> 
> 
> 
> ________________________________
> 
> Sponsored Link
> 
> Mortgage rates near 39yr lows. $510,000 Mortgage for 
> $1,698/mo - Calculate new house payment 
> <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-1
6416&moid=4119> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>