Menu
▾
▴
Re: [open-vm-tools-devel] FW: Using iopl() in Posix guests
|
From: Anthony L. <an...@co...> - 2007-09-12 03:03:33
|
Petr Vandrovec wrote: > Adar Dembo wrote: > > >> I'm playing around with guestd in QEMU and I've noticed that iopl/ioperm >> >> aren't used by anything before doing PIO operations. >> >> I figure this works in VMware b/c you guys are intercepting the backdoor >> io port regardless of CPL/IOPL. While this is useful for OSes like >> Windows that have no way to change iopl, it would be nice on Posix >> platforms if you did actually use iopl appropriately. >> >> It's a whole lot easier to just take a vmexit for PIO than it is to >> intercept #gp and try to decode whether it was caused by a ring 3 PIO >> instruction. >> > > Hello Anthony, > there are two reasons why we allow backdoor port to be accessed from > CPL3: > > (1) We want to be able to access it even from non-suid applications - > for example copy/paste daemon runs under normal user account, and so it > cannot do iopl(3). > > (2) When not running in hardware assisted mode binary translation (or > simulation) has to be used for CPL3 level code, which causes huge > performance impact. > > If it is problem for qemu then perhaps creating kernel module to provide > access to backdoor is simplest way to address problem, and it will be > compatible with all VMware products as well. Well, long term, I'd like to move to a virtio based socket. It's hard to say how that would intersect with something like VMCI because I don't know anything about it :-) I think in the interim, a simple root daemon that allows backdoor operations via a domain socket or something would suffice. Then non root users can still issue backdoor operations but the daemon can still use iopl(). Regards, Anthony Liguori > Only restriction is that > some of our backdoors are accessible to CPL0 code only already, so > driver just cannot blindly issue backdoor call with registers it > received from userspace, but that should not be complicated thing to > address. > > For future products we want to use VMCI, which comes with regular kernel > driver, and userspace library which can be accessed without IOPL > elevation or any tricks in the emulation (well, except that it still > does not use regular I/O instructions). Unfortunately latest released > product (WS6) does not provide any interesting service over VMCI, and > VMCI even did not make into this opensource release (you can take a look > at WS6, but that one is *not* GPLed). > > You can add 'monitor_control.restrict_backdoor = "TRUE"' to VM's > configuration file when using VMware, and then you should observe > exactly same behavior you see with QEMU - guestd and everybody else > crashing. > Best regards, > Petr Vandrovec > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > open-vm-tools-devel mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/open-vm-tools-devel > > |
