At 2011-02-21��"Tim Deegan" <Tim.Deegan@xxxxxxxxxx> wrote:
>At 06:53 +0000 on 21 Feb (1298271222), ?????? wrote:
>> And now I want to create shadow page table of my own for this two
>> sections so that when the kernel use the security server of selinux,
>> it will use my own SPT to access code & data rather than the
>> auto-generated SPT for the kernel.
>>
>> So, where should I begin to achieve my goal, how can I maintain my SPT
>> in the hypervisor.
>
>The shadow pagetable code lives in xen/arch/x86/mm/shadow/. It shadows
>pagetable pages, not address spaces, so if you want to maintain separate
>sets of shadow pagetables you might have to duplicate a lot of state.
>
>Tim.
>
Thanks for your reply, Tim I deliberately make those two sections align for the page in order to make SPT creation simple, see that? The sim_k_text & data all start at a new page. The text section occupied 13 pages & data occupied 1 page although the size of data is only 0x7c. I know in the hvm, the virtual address is translated to the physical address first, then translated to the machine address. For my constructed address space, I want to create SPT to convert virtual address to machine address directly & eliminate the need for any guest level page table for this address space, is it possible? For now what I consider is pass the starting address & size to the xen. You said I need to duplicate a lot of state, where I need to modify? what should I do to the kernel shadow page table to make that when I need to use security server, I can switch to my SPT?
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
| 
Home