[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4BAA3AC5.80408@redhat.com>
Date: Wed, 24 Mar 2010 18:16:05 +0200
From: Avi Kivity <avi@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: Joerg Roedel <joro@...tes.org>,
Anthony Liguori <anthony@...emonkey.ws>,
Ingo Molnar <mingo@...e.hu>,
Pekka Enberg <penberg@...helsinki.fi>,
"Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>,
Sheng Yang <sheng@...ux.intel.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
Marcelo Tosatti <mtosatti@...hat.com>,
Jes Sorensen <Jes.Sorensen@...hat.com>,
Gleb Natapov <gleb@...hat.com>, ziteng.huang@...el.com,
Arnaldo Carvalho de Melo <acme@...hat.com>,
Fr?d?ric Weisbecker <fweisbec@...il.com>,
Gregory Haskins <ghaskins@...ell.com>
Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single
project
On 03/24/2010 06:03 PM, Peter Zijlstra wrote:
> On Wed, 2010-03-24 at 16:01 +0100, Joerg Roedel wrote:
>
>
>> What I meant was: perf-kernel puts the guest-name into every sample and
>> perf-userspace accesses /sys/kvm/guest_name/fs/ later to resolve the
>> symbols. I leave the question of how the guest-fs is exposed to the host
>> out of this discussion. We should discuss this seperatly.
>>
> I'd much prefer a pid like suggested later, keeps the samples smaller.
>
> But that said, we need guest kernel events like mmap and context
> switches too, otherwise we simply can't make sense of guest userspace
> addresses, we need to know the guest address space layout.
>
The kernel knows some of the address space layout, qemu knows all of it.
> So aside from a filesystem content, we first need mmap and context
> switch events to find the files we need to access.
>
This only works for the guest kernel, we don't know anything about guest
processes [1].
> And while I appreciate all the security talk, its basically pointless
> anyway, the host can access it anyway, everybody agrees on that, but
> still you're arguing the case..
>
root can access anything, but we're not talking about root. The idea is
to protect against a guest that has exploited its qemu and is now
attacking the host and its fellow guests. uid protection is no good
since we want to isolate the guest from host processes belonging to the
same uid and from other guests running under the same uid.
[1] We can find out guest pids if we teach the kernel what to
dereference, i.e. gs:offset1->offset2->offset3. Of course this varies
from kernel to kernel, so we need some kind of bytecode that we can run
in perf nmi context. Kind of what we need to run an unwinder for
-fomit-frame-pointer.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists