Xen devel - Feb 2011 - How to create shadow page table of my own?

Hi, guys
Recently I have been doing some research & I''ve got in trouble.
I have altered the kernel of domU and put the code section and data section of
selinux security server which locate ~/security/selinux/ss into two seperate
sections in the final vmlinux image(see below)


objdump -h vmlinux


vmlinux:     file format elf32-i386


Sections:
Idx Name          Size      VMA       LMA       File off  Algn
  0 .text         0048eb08  c0100000  00100000  00001000  2**6
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
  1sim_k_text    0000b7cc  c058f000  0058f000  00490000  2**4
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
........................................
 16 .data         000400c8  c0760000  00760000  00661000  2**12
                  CONTENTS, ALLOC, LOAD, RELOC, DATA
 17sim_k_data    0000007c  c07a1000  007a1000  006a2000  2**5
                  CONTENTS, ALLOC, LOAD, DATA
.....................................


And now I want to create shadow page table of my own for this two sections so
that when the kernel use the security server of selinux, it will use my own SPT
to access code & data rather than the auto-generated SPT for the kernel.
So, where should I begin to achieve my goal, how can I maintain my SPT in the
hypervisor.
Help me through the jungle, please!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 06:53 +0000 on 21 Feb (1298271222), ?????? wrote:
> And now I want to create shadow page table of my own for this two
> sections so that when the kernel use the security server of selinux,
> it will use my own SPT to access code & data rather than the
> auto-generated SPT for the kernel.
> 
> So, where should I begin to achieve my goal, how can I maintain my SPT
> in the hypervisor.  
The shadow pagetable code lives in xen/arch/x86/mm/shadow/.  It shadows
pagetable pages, not address spaces, so if you want to maintain separate
sets of shadow pagetables you might have to duplicate a lot of state. 

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 2011-02-21，"Tim Deegan" <Tim.Deegan@citrix.com> wrote:
>At 06:53 +0000 on 21 Feb (1298271222), ?????? wrote:
>> And now I want to create shadow page table of my own for this two
>> sections so that when the kernel use the security server of selinux,
>> it will use my own SPT to access code & data rather than the
>> auto-generated SPT for the kernel.
>> 
>> So, where should I begin to achieve my goal, how can I maintain my SPT
>> in the hypervisor.  
>
>The shadow pagetable code lives in xen/arch/x86/mm/shadow/.  It shadows
>pagetable pages, not address spaces, so if you want to maintain separate
>sets of shadow pagetables you might have to duplicate a lot of state. 
>
>Tim.
>
Thanks for your reply, TimI deliberately make those two sections align for the
page in order to make SPT creation simple, see that? The sim_k_text & data
all start at a new page. The text section occupied 13 pages & data occupied
1 page although the size of data is only 0x7c.I know in the hvm, the virtual
address is translated to the physical address first, then translated to the
machine address. For my constructed address space, I want to create SPT to
convert virtual address to machine address directly & eliminate the need for
any guest level page table for this address space, is it possible?For now what I
consider is pass the starting address & size to the xen.You said I need to
duplicate a lot of state, where I need to modify? what should I do to the kernel
shadow page table to make that when I need to use security server, I can switch
to my SPT?

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 13:57 +0000 on 21 Feb (1298296632), ?????? wrote:
> I deliberately make those two sections align for the page in order to
> make SPT creation simple, see that? The sim_k_text & data all start at
> a new page. The text section occupied 13 pages & data occupied 1 page
> although the size of data is only 0x7c.
Yes I saw that.  
> I know in the hvm, the virtual address is translated to the physical
> address first, then translated to the machine address. For my
> constructed address space, I want to create SPT to convert virtual
> address to machine address directly & eliminate the need for any guest
> level page table for this address space, is it possible?
Sure it''s possible.  You can put anything you like into the shadow
pagetables.  But you need first to think about _exactly_ what behaviour
you want.  If two VCPUs have the same CR3 value will you ever need them
to have different shadow pagetables?  That''s not possible with the
current Xen shadow pagetables because they share one set of shadows
among all a domain''s VCPUs.

What should happen if Xen emulates an instruction that accesses the
secure area?  The emulator doesn''t use the shadow pagetables so you
will have to find and fix the other paths that map VAs to MAs.

Have you got access to a machine that supports AMD NPT or Intel EPT?  If
so it might be easier to have a per-VCPU EPT/NPT table that you add and
remove mappings as you go in and out of "secure" mode.
> For now what I consider is pass the starting address & size to the xen.
> 
> You said I need to duplicate a lot of state, where I need to modify?
xen/arch/x86/mm/shadow/*.c .  It''s pretty complex code but there are
some comments in there.  But as I said it would probably be easier to
use the EPT/NPT code if you can.

Cheer,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 2011-02-21，"Tim Deegan" <Tim.Deegan@citrix.com> wrote:
>At 13:57 +0000 on 21 Feb (1298296632), ?????? wrote:
>> I deliberately make those two sections align for the page in order to
>> make SPT creation simple, see that? The sim_k_text & data all start
at
>> a new page. The text section occupied 13 pages & data occupied 1
page
>> although the size of data is only 0x7c.
>
>Yes I saw that.  
>
>> I know in the hvm, the virtual address is translated to the physical
>> address first, then translated to the machine address. For my
>> constructed address space, I want to create SPT to convert virtual
>> address to machine address directly & eliminate the need for any
guest
>> level page table for this address space, is it possible?
>
>Sure it's possible.  You can put anything you like into the shadow
>pagetables.  But you need first to think about _exactly_ what behaviour
>you want.  If two VCPUs have the same CR3 value will you ever need them
>to have different shadow pagetables?  That's not possible with the
>current Xen shadow pagetables because they share one set of shadows
>among all a domain's VCPUs.
>
>What should happen if Xen emulates an instruction that accesses the
>secure area?  The emulator doesn't use the shadow pagetables so you
>will have to find and fix the other paths that map VAs to MAs.
>
>Have you got access to a machine that supports AMD NPT or Intel EPT?  If
>so it might be easier to have a per-VCPU EPT/NPT table that you add and
>remove mappings as you go in and out of "secure" mode.
>
>> For now what I consider is pass the starting address & size to the
xen.
>> 
>> You said I need to duplicate a lot of state, where I need to modify?
>
>xen/arch/x86/mm/shadow/*.c .  It's pretty complex code but there are
>some comments in there.  But as I said it would probably be easier to
>use the EPT/NPT code if you can.
>
>Cheer,
>
>Tim.
>
>-- 
>Tim Deegan <Tim.Deegan@citrix.com>
>Principal Software Engineer, Xen Platform Team
>Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
OK, I'll have a try as you said first. Hopefully it won't take a long
long time:)Thanks a lot. Have a nice day~~

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 2011-02-21，"Tim Deegan" <Tim.Deegan@citrix.com> wrote:
>At 13:57 +0000 on 21 Feb (1298296632), ?????? wrote:
>> I deliberately make those two sections align for the page in order to
>> make SPT creation simple, see that? The sim_k_text & data all start
at
>> a new page. The text section occupied 13 pages & data occupied 1
page
>> although the size of data is only 0x7c.
>
>Yes I saw that.  
>
>> I know in the hvm, the virtual address is translated to the physical
>> address first, then translated to the machine address. For my
>> constructed address space, I want to create SPT to convert virtual
>> address to machine address directly & eliminate the need for any
guest
>> level page table for this address space, is it possible?
>
>Sure it's possible.  You can put anything you like into the shadow
>pagetables.  But you need first to think about _exactly_ what behaviour
>you want.  If two VCPUs have the same CR3 value will you ever need them
>to have different shadow pagetables?  That's not possible with the
>current Xen shadow pagetables because they share one set of shadows
>among all a domain's VCPUs.
>
>What should happen if Xen emulates an instruction that accesses the
>secure area?  The emulator doesn't use the shadow pagetables so you
>will have to find and fix the other paths that map VAs to MAs.
>
>Have you got access to a machine that supports AMD NPT or Intel EPT?  If
>so it might be easier to have a per-VCPU EPT/NPT table that you add and
>remove mappings as you go in and out of "secure" mode.
>
>> For now what I consider is pass the starting address & size to the
xen.
>> 
>> You said I need to duplicate a lot of state, where I need to modify?
>
>xen/arch/x86/mm/shadow/*.c .  It's pretty complex code but there are
>some comments in there.  But as I said it would probably be easier to
>use the EPT/NPT code if you can.
>
>Cheer,
>
>Tim.
I've did some reaserch, found EPT was not appropriate, cauz EPT implements
the translation from GPA to HPA, but what I want is the translation from GVA to
HPA which exactly what the shadow page table did. By using spt I can eliminate
the need for page table of my own address space in the guest, but ept still need
it. So maybe I have to keep researching shadow page table:(A lot of work needs
to be done, WoW !!

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel