| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Re: System Call Interception
Anthony Liguori wrote:
Neha Sood wrote:
Hi there,
I have a question related to intercepting guest OS system calls in
Xen to provide logging mechanism. As a part of my project, i have to
log all the system calls issued by the guest OS in the Xen hypervisor
for secure logging. I am new to Xen and have been reading the source
code. I have read about Fast Handler for system call. What is the
fast handler and how the system call works in Xen. Could you please
provide me some starting point how to do that?
On i386 at least, syscalls are delivered directly to the guest (they
aren't intercepted by Xen).
I'm not sure if the same is true on x86-64 but at any rate, the first
thing to do would be to make sure Xen intercepts syscalls. You will
have to find some mechanism to "log" these events which will likely
involved a ring queue and some sort of daemon in dom0.
All syscalls go through Xen on x86-64 (as guest runs in ring3), so you
can insert some logs in the handling code (xen/arch/x86/x86_64/entry.S).
But as stated before, would be much easier to do it in the guest kernel
code for most OS. Now if you talk about logging calls from a
non-modified guest (using HVM), it should be theorically possible but i
don't where you should insert your code (probably in the interrupt
handling code somewhere in xen/arch/x86/hvm, can't be more precise
though, don't know this part very well).
About the "fast" system call, it's a new feature added on x86-64 (and i
think on the lastest x86 CPUs) to handle what it names says "fast system
calls". It's used as an alternative to the software interrupts
(generated by the "int" instruction) to handle system call faster than
the usual way. They are entered via the "syscall" instruction and exited
with "sysret" (some processors also implements the "sysenter" and
"sysexit" instructions, check Intel/AMD manuals for more detail).
Regards,
Mathieu
However, as Mats suggests, are you sure this is really what you want
to do? The audit infrastructure in Linux is designed just to do this
sort of thing...
Regards,
Anthony Liguori
Will it be a very difficult to log guest OS system calls in Xen ? If
no, how to start with and what are files have to be changed.
I would really appreciate your help.
Thanks,
Neha
------------------------------------------------------------------------
Sponsored Link
Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo -
Calculate new house payment
<http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-16416&moid=4119>
------------------------------------------------------------------------
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home