All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Nimgaonkar, Satyajeet" <SatyajeetNimgaonkar@my.unt.edu>
To: Dan Magenheimer <dan.magenheimer@oracle.com>,
	Xen Devel <xen-devel@lists.xensource.com>
Subject: RE: VCPU Structure
Date: Mon, 8 Nov 2010 16:31:26 +0000	[thread overview]
Message-ID: <12871952FC0E29439F861FA745BCDD8503EC99C4@CH1PRD0104MB027.prod.exchangelabs.com> (raw)
In-Reply-To: <fa86f3a6-2433-4595-b249-a10711cb44da@default>


[-- Attachment #1.1: Type: text/plain, Size: 3994 bytes --]

Hi Dan,
            A memory integrity block is a simple hash function that computes the hash of all the memory at prticular instant of time and stores it in a secure memory location. This allows to detect an attack from an adversary who is trying to alter the memory values. At a lter instant of time, the hash of memory is again computed and if the two hash values match then we conclude that no attack was performed and they don't match we conclude that an attack has been performed.
            I hope that explains the functionality that I want to add to the VCPU. Can you please tell me where should I add the trapping code with in the VPCU, I mean which file should I look at. Also please can you tell me where exactly with in xen should I add the special code. I see the VCPU structure is present in xen/include/xen/sched.h. Is it the correct place to look for.
           Thanks.

Regards,
Satyajeet
________________________________
From: Dan Magenheimer [dan.magenheimer@oracle.com]
Sent: Monday, November 08, 2010 7:42 AM
To: Nimgaonkar, Satyajeet; Xen Devel
Subject: RE: [Xen-devel] VCPU Structure

I’m not asking you to describe the Xen functionality.  I am asking you to describe in more detail the modification to the processor functionality/behavior that you are trying to achieve.  I don’t know what a “simple memory integrity block” does and searching for it doesn’t find anything helpful.

Nearly all instructions in the VCPU are executed directly in hardware (by the physical CPU == PCPU).  The only way to change the VCPU behavior is to cause some kind of trap or fault or exception to occur on the PCPU, which gets intercepted by the processor and then control is turned over to privileged software (in this case Xen).  Xen has a lot of code that handles many many different kinds of traps/faults/exceptions.  Your VCPU will need to execute an instruction that causes a trap or fault or exception and then you will need to add code to Xen to recognize your special one and do something special with it.

Does that help?

Dan

From: Nimgaonkar, Satyajeet [mailto:SatyajeetNimgaonkar@my.unt.edu]
Sent: Sunday, November 07, 2010 10:14 PM
To: Dan Magenheimer; Xen Devel
Subject: RE: [Xen-devel] VCPU Structure

Hi,
   I am sorry if I have not provided provided enough information about the functionality that I want to implement. But my problem is that even I new to Xen and trying to understand my way around it. With regards to the functionality that I want to implement, I wish to modify the behavior of the VCPU in xen. As a starting point, I just want to add simple memory integrity block within the VCPU. I am really not sure what would be the best way to do this so I need some suggestions on that too.
   Thanks. I hope that helps too.

Regards,
Satyajeet
________________________________
From: Dan Magenheimer [dan.magenheimer@oracle.com]
Sent: Thursday, November 04, 2010 7:25 PM
To: Nimgaonkar, Satyajeet; Xen Devel
Subject: RE: [Xen-devel] VCPU Structure
I think nobody is responding because you haven’t provided enough information about what it is you are trying to do... and resending the same message doesn’t help.

For example, if you are “extending” the instruction set (e.g. using an illegal opcode to do something useful), that would be very different than trapping memory accesses that meet a certain criteria.

From: Nimgaonkar, Satyajeet [mailto:SatyajeetNimgaonkar@my.unt.edu]
Sent: Thursday, November 04, 2010 2:52 PM
To: Xen Devel; Dan Magenheimer
Subject: [Xen-devel] VCPU Structure

 Hi,
    I want to modify the VCPU structure to implement memory integrity functionality (i.e. memory hash function), such that the VCPU functionality incorporates memory integrity. Also once this is done, I want make sure that the VMs i create (Dom0 and Domu) run on this modified VCPU itself.
    Can anyone please tell me where should I look for to implement this.
    Thank you very much.

Regards,
Satyajeet

[-- Attachment #1.2: Type: text/html, Size: 9595 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

  reply	other threads:[~2010-11-08 16:31 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-04 20:51 VCPU Structure Nimgaonkar, Satyajeet
2010-11-05  1:25 ` Dan Magenheimer
2010-11-08  5:14   ` Nimgaonkar, Satyajeet
2010-11-08 11:42     ` Gianni Tedesco
2010-11-08 13:42     ` Dan Magenheimer
2010-11-08 16:31       ` Nimgaonkar, Satyajeet [this message]
2010-11-08 16:59         ` Dan Magenheimer
2010-11-08 17:58           ` Nimgaonkar, Satyajeet
2010-11-09 17:06             ` Nimgaonkar, Satyajeet
2010-11-09 17:21               ` Dan Magenheimer
2010-11-09 18:21                 ` Ian Jackson
2010-11-10 18:24                   ` Nimgaonkar, Satyajeet
2010-11-11 22:47       ` Kaushik Barde
2010-11-12 17:43         ` Nimgaonkar, Satyajeet
2010-11-12 18:00           ` Gianni Tedesco
2010-11-16 18:37             ` Nimgaonkar, Satyajeet
2010-11-08 16:29     ` Ian Jackson
  -- strict thread matches above, loose matches on Subject: below --
2010-11-03 16:19 VCPU structure Nimgaonkar, Satyajeet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=12871952FC0E29439F861FA745BCDD8503EC99C4@CH1PRD0104MB027.prod.exchangelabs.com \
    --to=satyajeetnimgaonkar@my.unt.edu \
    --cc=dan.magenheimer@oracle.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.