WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Hypervisor to dom0 communication

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Hypervisor to dom0 communication
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Fri, 11 Jul 2008 15:47:15 +0100
Cc: Matthew Donovan <matthew@xxxxxxxxxxxxxx>
Delivery-date: Fri, 11 Jul 2008 07:47:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <60D45469A1AAD311A04C009027B6BF680651E008@SERVER20>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <60D45469A1AAD311A04C009027B6BF680651E008@SERVER20>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.9
> I am working on a security tool that monitors various components (IDT,
> SSDT, etc) of a domU using VM introspection.  Currently, we're using a
> polling method to monitor these in-core structions.  We would like to be
> able to use a blocking method instead.  I.e. specify "interesting" memory
> ranges and then wait until they are modified.

Sounds sensible.

> How can I get the hypervisor to alert a kernel module loaded in dom0 that
> something has happened?  Can the alert include extra information such as
> the address that was modified?

Use a VIRQ to notify the dom0 kernel (search for VIRQ_* in 
xen/include/public/xen.h).  That's just an event notification, so you need to 
include some other means of getting the data.  At this point you could just 
do a hypercall - which I assume is how you're currently polling so it might 
be the most backwards-compatible way.

Another way of doing things would be to set up a shared memory region for your 
communication channel and stuff information in there at the same time as 
sending the VIRQ to dom0.  You could also, if it suited your purposes, do the 
VIRQ and shared memory interactions directly from dom0's userspace and avoid 
the need for a kernel module altogether.  See xen/common/trace.c and 
tools/xentrace/* for an example of this being done.

Yet another alternative would be to use the trace buffer itself and convey 
information using trace events.  The trace buffer currently doesn't guarantee 
not to drop messages so you'd need to either modify it to support lossless 
semantics somehow or work around this in your code.

Cheers,
Mark

-- 
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>