From: Mircea CIRJALIU - MELIU <mcirjaliu@bitdefender.com>
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: "linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jerome Glisse <jglisse@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"aarcange@redhat.com" <aarcange@redhat.com>
Subject: RE: [RFC PATCH v1 1/4] mm/remote_mapping: mirror a process address space
Date: Wed, 11 Dec 2019 17:04:55 +0000 [thread overview]
Message-ID: <DB7PR02MB39792DF9294085D0BE1676E6BB5A0@DB7PR02MB3979.eurprd02.prod.outlook.com> (raw)
In-Reply-To: <20191211155130.gk5qcuahzo2w3qyh@box>
> On Wed, Dec 11, 2019 at 09:29:17AM +0000, Mircea CIRJALIU - MELIU wrote:
> > Use a device to inspect another process address space via page table
> mirroring.
> > Give this device a source process PID via an ioctl(), then use mmap()
> > to analyze the source process address space like an ordinary file.
> > Process address space mirroring is limited to anon VMAs.
> > The device mirrors page tables on demand (faults) and invalidates them
> > by listening to MMU notifier events.
>
> It's way to brief to justify the new interface. Use cases? Why current
> intefaces are not enough?
Its main purpose is virtual machine instrospection.
Could also be used for security software, debuggers, etc.
It gains direct access to another process address space by mirroring its page
tables to the local process address space.
The main difference from ptrace is zero-copy read/write.
The use case looks like this:
fd = open("/dev/mirror-proc", O_RDWR);
/* hook on process 1234 */
ioctl(fd, REMOTE_PROC_MAP, 1234);
addr = mmap(NULL, length, PROT_READ | PROT_WRITE, MAP_SHARED, fd, offset);
/* operate on memory of process 1234 */
munmap(addr, length);
The address space mirroring is done in a VMA with VM_PFNMAP attributes.
The PFNs are installed in the fault handlers and invalidated via MMU notifier.
So no page management structures are involved.
Observe that the introspector process can mmap() very large regions from
the source process address space, sometimes involving holes. If no page is
found at a given address, the introspector gets a SIGBUS.
>
> There's nothing in the description that would convince me to look at the
> code.
>
> --
> Kirill A. Shutemov
prev parent reply other threads:[~2019-12-11 17:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 9:29 Mircea CIRJALIU - MELIU
2019-12-11 15:51 ` Kirill A. Shutemov
2019-12-11 17:04 ` Mircea CIRJALIU - MELIU [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DB7PR02MB39792DF9294085D0BE1676E6BB5A0@DB7PR02MB3979.eurprd02.prod.outlook.com \
--to=mcirjaliu@bitdefender.com \
--cc=aarcange@redhat.com \
--cc=jglisse@redhat.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox