Re: [Xen-devel] EPT question - XENMEM_get_access_op
On Fri, Feb 20, 2015 at 4:19 PM, Jan Beulich jbeul...@suse.com wrote: On 20.02.15 at 05:47, bsinghar...@gmail.com wrote: I'm trying to use the memevent channel to extract the permission for a particular text section. I expect to see rx as the permission, instead I am seeing rwx. I have not spent a whole lot of time looking at memaccess[] and p2m-ept.c, but I am puzzled. The OS definitely has this text segment marked as COPY-ON-WRITE, I am a little confused with the permissions returned. Is there a way to get the right thing? What the guest OS specifies doesn't matter here - EPT is not OS (L1) but hypervisor (L2) paging, and hence the permissions there are controlled by the hypervisor. Of course guest memory accesses have to pass both paging levels' access checks in order to be carried out (and not fault). Thanks Jan! Is there a way for a memevents channel consumer to get access to the L1 (OS Page tables). I presume we'll need to walk the page tables, I suspect the current access_op is broken without it and may not be returning anything meaningful in most of the cases Balbir Singh ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] EPT question - XENMEM_get_access_op
On 20.02.15 at 12:44, bsinghar...@gmail.com wrote: On Fri, Feb 20, 2015 at 4:19 PM, Jan Beulich jbeul...@suse.com wrote: On 20.02.15 at 05:47, bsinghar...@gmail.com wrote: I'm trying to use the memevent channel to extract the permission for a particular text section. I expect to see rx as the permission, instead I am seeing rwx. I have not spent a whole lot of time looking at memaccess[] and p2m-ept.c, but I am puzzled. The OS definitely has this text segment marked as COPY-ON-WRITE, I am a little confused with the permissions returned. Is there a way to get the right thing? What the guest OS specifies doesn't matter here - EPT is not OS (L1) but hypervisor (L2) paging, and hence the permissions there are controlled by the hypervisor. Of course guest memory accesses have to pass both paging levels' access checks in order to be carried out (and not fault). Thanks Jan! Is there a way for a memevents channel consumer to get access to the L1 (OS Page tables). Hardly. I presume we'll need to walk the page tables, I suspect the current access_op is broken without it and may not be returning anything meaningful in most of the cases It's not broken in any way, you just seem to have wrong expectations. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] EPT question - XENMEM_get_access_op
On 20.02.15 at 05:47, bsinghar...@gmail.com wrote: I'm trying to use the memevent channel to extract the permission for a particular text section. I expect to see rx as the permission, instead I am seeing rwx. I have not spent a whole lot of time looking at memaccess[] and p2m-ept.c, but I am puzzled. The OS definitely has this text segment marked as COPY-ON-WRITE, I am a little confused with the permissions returned. Is there a way to get the right thing? What the guest OS specifies doesn't matter here - EPT is not OS (L1) but hypervisor (L2) paging, and hence the permissions there are controlled by the hypervisor. Of course guest memory accesses have to pass both paging levels' access checks in order to be carried out (and not fault). Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] EPT question - XENMEM_get_access_op
[snip] On Fri, Feb 20, 2015 at 5:21 PM, Jan Beulich jbeul...@suse.com wrote: Thanks Jan! Is there a way for a memevents channel consumer to get access to the L1 (OS Page tables). Hardly. I presume we'll need to walk the page tables, I suspect the current access_op is broken without it and may not be returning anything meaningful in most of the cases It's not broken in any way, you just seem to have wrong expectations. Probably, because I am interested in the final protection as seen by an application or kernel and I'm trying to find a way to get that information. For me the effective permission set is of interest. Balbir ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] EPT question - XENMEM_get_access_op
On Fri, Feb 20, 2015 at 3:21 PM, Balbir Singh bsinghar...@gmail.com wrote: [snip] On Fri, Feb 20, 2015 at 5:21 PM, Jan Beulich jbeul...@suse.com wrote: Thanks Jan! Is there a way for a memevents channel consumer to get access to the L1 (OS Page tables). Hardly. I presume we'll need to walk the page tables, I suspect the current access_op is broken without it and may not be returning anything meaningful in most of the cases It's not broken in any way, you just seem to have wrong expectations. Probably, because I am interested in the final protection as seen by an application or kernel and I'm trying to find a way to get that information. For me the effective permission set is of interest. Balbir You can get the guest pagetable permissions via LibVMI: http://libvmi.com/api/#func_vmi_pagetable_lookup_extended Cheers, Tamas ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
[Xen-devel] EPT question - XENMEM_get_access_op
I'm trying to use the memevent channel to extract the permission for a particular text section. I expect to see rx as the permission, instead I am seeing rwx. I have not spent a whole lot of time looking at memaccess[] and p2m-ept.c, but I am puzzled. The OS definitely has this text segment marked as COPY-ON-WRITE, I am a little confused with the permissions returned. Is there a way to get the right thing? Balbir Singh. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel