Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject

From: Avi Kivity
Date: Wed Mar 24 2010 - 12:16:53 EST

Next message: Joerg Roedel: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Previous message: Brandon Black: "behavior of recvmmsg() on blocking sockets"
In reply to: Peter Zijlstra: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Next in thread: Joerg Roedel: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/24/2010 06:03 PM, Peter Zijlstra wrote:

On Wed, 2010-03-24 at 16:01 +0100, Joerg Roedel wrote:

What I meant was: perf-kernel puts the guest-name into every sample and
perf-userspace accesses /sys/kvm/guest_name/fs/ later to resolve the
symbols. I leave the question of how the guest-fs is exposed to the host
out of this discussion. We should discuss this seperatly.

I'd much prefer a pid like suggested later, keeps the samples smaller.

But that said, we need guest kernel events like mmap and context
switches too, otherwise we simply can't make sense of guest userspace
addresses, we need to know the guest address space layout.

The kernel knows some of the address space layout, qemu knows all of it.

So aside from a filesystem content, we first need mmap and context
switch events to find the files we need to access.

This only works for the guest kernel, we don't know anything about guest processes [1].

And while I appreciate all the security talk, its basically pointless
anyway, the host can access it anyway, everybody agrees on that, but
still you're arguing the case..

root can access anything, but we're not talking about root. The idea is to protect against a guest that has exploited its qemu and is now attacking the host and its fellow guests. uid protection is no good since we want to isolate the guest from host processes belonging to the same uid and from other guests running under the same uid.

[1] We can find out guest pids if we teach the kernel what to dereference, i.e. gs:offset1->offset2->offset3. Of course this varies from kernel to kernel, so we need some kind of bytecode that we can run in perf nmi context. Kind of what we need to run an unwinder for -fomit-frame-pointer.

--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joerg Roedel: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Previous message: Brandon Black: "behavior of recvmmsg() on blocking sockets"
In reply to: Peter Zijlstra: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Next in thread: Joerg Roedel: "Re: [RFC] Unify KVM kernel-space and user-space code into a singleproject"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]