open-vm-tools-devel

Re: [open-vm-tools-devel] FW: Using iopl() in Posix guests

[Petr V. <pe...@vm...>]

Adar Dembo wrote:

> I'm playing around with guestd in QEMU and I've noticed that iopl/ioperm
> 
> aren't used by anything before doing PIO operations.
> 
> I figure this works in VMware b/c you guys are intercepting the backdoor
> io port regardless of CPL/IOPL.  While this is useful for OSes like 
> Windows that have no way to change iopl, it would be nice on Posix 
> platforms if you did actually use iopl appropriately.
> 
> It's a whole lot easier to just take a vmexit for PIO than it is to 
> intercept #gp and try to decode whether it was caused by a ring 3 PIO 
> instruction.

Hello Anthony,
   there are two reasons why we allow backdoor port to be accessed from 
CPL3:

(1) We want to be able to access it even from non-suid applications - 
for example copy/paste daemon runs under normal user account, and so it 
cannot do iopl(3).

(2) When not running in hardware assisted mode binary translation (or 
simulation) has to be used for CPL3 level code, which causes huge 
performance impact.

If it is problem for qemu then perhaps creating kernel module to provide 
access to backdoor is simplest way to address problem, and it will be 
compatible with all VMware products as well.  Only restriction is that 
some of our backdoors are accessible to CPL0 code only already, so 
driver just cannot blindly issue backdoor call with registers it 
received from userspace, but that should not be complicated thing to 
address.

For future products we want to use VMCI, which comes with regular kernel 
driver, and userspace library which can be accessed without IOPL 
elevation or any tricks in the emulation (well, except that it still 
does not use regular I/O instructions).  Unfortunately latest released 
product (WS6) does not provide any interesting service over VMCI, and 
VMCI even did not make into this opensource release (you can take a look 
at WS6, but that one is *not* GPLed).

You can add 'monitor_control.restrict_backdoor = "TRUE"' to VM's 
configuration file when using VMware, and then you should observe 
exactly same behavior you see with QEMU - guestd and everybody else 
crashing.
					Best regards,
						Petr Vandrovec

Re: [open-vm-tools-devel] FW: Using iopl() in Posix guests

[Anthony L. <an...@co...>]

Petr Vandrovec wrote:
> Adar Dembo wrote:
>
>   
>> I'm playing around with guestd in QEMU and I've noticed that iopl/ioperm
>>
>> aren't used by anything before doing PIO operations.
>>
>> I figure this works in VMware b/c you guys are intercepting the backdoor
>> io port regardless of CPL/IOPL.  While this is useful for OSes like 
>> Windows that have no way to change iopl, it would be nice on Posix 
>> platforms if you did actually use iopl appropriately.
>>
>> It's a whole lot easier to just take a vmexit for PIO than it is to 
>> intercept #gp and try to decode whether it was caused by a ring 3 PIO 
>> instruction.
>>     
>
> Hello Anthony,
>    there are two reasons why we allow backdoor port to be accessed from 
> CPL3:
>
> (1) We want to be able to access it even from non-suid applications - 
> for example copy/paste daemon runs under normal user account, and so it 
> cannot do iopl(3).
>
> (2) When not running in hardware assisted mode binary translation (or 
> simulation) has to be used for CPL3 level code, which causes huge 
> performance impact.
>
> If it is problem for qemu then perhaps creating kernel module to provide 
> access to backdoor is simplest way to address problem, and it will be 
> compatible with all VMware products as well.

Well, long term, I'd like to move to a virtio based socket.  It's hard 
to say how that would intersect with something like VMCI because I don't 
know anything about it :-)  I think in the interim, a simple root daemon 
that allows backdoor operations via a domain socket or something would 
suffice.  Then non root users can still issue backdoor operations but 
the daemon can still use iopl().

Regards,

Anthony Liguori

>   Only restriction is that 
> some of our backdoors are accessible to CPL0 code only already, so 
> driver just cannot blindly issue backdoor call with registers it 
> received from userspace, but that should not be complicated thing to 
> address.
>
> For future products we want to use VMCI, which comes with regular kernel 
> driver, and userspace library which can be accessed without IOPL 
> elevation or any tricks in the emulation (well, except that it still 
> does not use regular I/O instructions).  Unfortunately latest released 
> product (WS6) does not provide any interesting service over VMCI, and 
> VMCI even did not make into this opensource release (you can take a look 
> at WS6, but that one is *not* GPLed).
>
> You can add 'monitor_control.restrict_backdoor = "TRUE"' to VM's 
> configuration file when using VMware, and then you should observe 
> exactly same behavior you see with QEMU - guestd and everybody else 
> crashing.
> 					Best regards,
> 						Petr Vandrovec
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> open-vm-tools-devel mailing list
> ope...@li...
> https://lists.sourceforge.net/lists/listinfo/open-vm-tools-devel
>
>