Intercepting memory operations of a guest

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Intercepting memory operations of a guest

Sina Bahram
Hi all,

Sorry for any cross posting. I sent this to the xen-devel list and the
xen-research list as well.

I'm wanting to modify some xen source code for the purposes of some
research, exploration, and testing of some security concepts.

I have a few questions after looking through the source.

All of the below applies to 32-bit guests.

#1: Is there anyway possible to trap/insert some code at/hook into, any
modification of a PV guest's page table. Anything like a hypercall handler I
can plugin to, a function or series of functions that always gets called,
something I can provide a call back to, or anything else?

#2: For some research purposes, I plan on replicating portions of the page
table of a guest, only those pages of the guest's kernel. I hope to do this
by the supervisory bit being set; however, I welcome any suggestions of a
better approach to detecting when kernel pages are being modified?

In general, to explain any questions I haven't specifically asked above; I'm
looking for the appropriate place in xen to intercept any writes, reads, and
executes of a guest's memory.

Also, would such activities be easier or more difficult with hvm guests?
Since xen has to provide hvm guests an individual CR3, would such a place be
much easier to hook into because of any abstraction layers that already
exist for such things?

The only reason I picked pv guests was that the semantics of what is a
kernel page and what is not might not be as easy to determine in an hvm
guest, but perhaps this is not the case?

Thanks for any assistance.

Take care,
Sina


_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel