[uml-devel] Kernel access to user memory in SKAS

[uml-devel] Kernel access to user memory in SKAS

[Bryan Parno]

Hi,

	I'm interested in mediating accesses by the UML guest kernel to  
memory used by the UML guest processes.  At present, I'm looking at a  
scenario using SKAS3, so the kernel has an address space distinct  
from that of the user processes.  I guess I'm a bit confused as to  
how the guest kernel actually manages to touch guest process memory  
(e.g., for copying system call arguments).  Looking through /arch/um/ 
kernel/skas/uaccess.c, it appears that all of these accesses devolve  
to performing a strncpy or memcpy, but I don't see a translation from  
an address in the user's address space to one in the kernel's address  
space.  Does this happen somewhere else, or am I misunderstanding  
SKAS?  Looking through the documentation on the site, I was unable to  
find any diagrams or explanations for how the guest kernel actually  
lays out memory in its address space.  Any comments or suggestions  
would be greatly appreciated!


                        Bryan




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] Kernel access to user memory in SKAS

[Jeff Dike]

On Fri, Feb 23, 2007 at 01:36:12PM -0500, Bryan Parno wrote:
> 	I'm interested in mediating accesses by the UML guest kernel to  
> memory used by the UML guest processes.  At present, I'm looking at a  
> scenario using SKAS3, so the kernel has an address space distinct  
> from that of the user processes.  I guess I'm a bit confused as to  
> how the guest kernel actually manages to touch guest process memory  
> (e.g., for copying system call arguments).  Looking through /arch/um/ 
> kernel/skas/uaccess.c, it appears that all of these accesses devolve  
> to performing a strncpy or memcpy, but I don't see a translation from  
> an address in the user's address space to one in the kernel's address  
> space.  Does this happen somewhere else, or am I misunderstanding  
> SKAS? 

So far, you're fine.  What you're missing is, i.e.:

int copy_from_user_skas(void *to, const void __user *from, int n)
{
	if(segment_eq(get_fs(), KERNEL_DS)){
		memcpy(to, (__force void*)from, n);
		return(0);
	}

	return(access_ok(VERIFY_READ, from, n) ?
	       buffer_op((unsigned long) from, n, 0, copy_chunk_from_user, &to):
	       n);
}

The buffer_op case handles userspace memory.  It does the following:
	figures out where in kernel physical memory the userspace data is
	breaks the operation across pages if necessary
	wraps enough state around the operation to be able to handle
page faults and finish it after the page has been faulted in

				Jeff

-- 
Work email - jdike at linux dot intel dot com

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

Re: [uml-devel] Kernel access to user memory in SKAS

[Bryan Parno]

On Feb 23, 2007, at 4:40 PM, Jeff Dike wrote:

> On Fri, Feb 23, 2007 at 01:36:12PM -0500, Bryan Parno wrote:
>> 	I'm interested in mediating accesses by the UML guest kernel to
>> memory used by the UML guest processes.  At present, I'm looking at a
>> scenario using SKAS3, so the kernel has an address space distinct
>> from that of the user processes.  I guess I'm a bit confused as to
>> how the guest kernel actually manages to touch guest process memory
>> (e.g., for copying system call arguments).  Looking through /arch/um/
>> kernel/skas/uaccess.c, it appears that all of these accesses devolve
>> to performing a strncpy or memcpy, but I don't see a translation from
>> an address in the user's address space to one in the kernel's address
>> space.  Does this happen somewhere else, or am I misunderstanding
>> SKAS?
>
> So far, you're fine.  What you're missing is, i.e.:
>
> int copy_from_user_skas(void *to, const void __user *from, int n)
> {
> 	if(segment_eq(get_fs(), KERNEL_DS)){
> 		memcpy(to, (__force void*)from, n);
> 		return(0);
> 	}
>
> 	return(access_ok(VERIFY_READ, from, n) ?
> 	       buffer_op((unsigned long) from, n, 0, copy_chunk_from_user,  
> &to):
> 	       n);
> }
>
> The buffer_op case handles userspace memory.  It does the following:
> 	figures out where in kernel physical memory the userspace data is
> 	breaks the operation across pages if necessary
> 	wraps enough state around the operation to be able to handle
> page faults and finish it after the page has been faulted in
>
> 				Jeff
>
> -- 
> Work email - jdike at linux dot intel dot com
>


   Cool, thanks for the pointer.



                        Bryan



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel