Re: [Xen-devel] Read-only locking of Guest Memory pages

To:	Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Subject:	Re: [Xen-devel] Read-only locking of Guest Memory pages
From:	Srujan Kotikela <ksrujandas@xxxxxxxxx>
Date:	Thu, 16 Jun 2011 07:38:13 -0500
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Thu, 16 Jun 2011 05:41:48 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=AVaCWyWXkNuQqCAx6uS/G7BTupsx6eD0+g9ShGSfs1Q=; b=fHTWG9lh+7+Qaam+ct3UE9L9CaexwEDge1IZFng1//T3WzQB0dHynrpgvAhjIOHB9K GjQZYiIr9VM394B6Kb7CeinBWK+iO84gyC5fRLbFu9jc5JHrSbNvRNKaABSCoPG6UuJH gHm8viBY+vVAMJdKY9D4WfO7QeMxXAaF1CzI0=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rbv2Aw9GUmhCmtpDcyUtgZcflvN0fOqUwuzEx9/BgW//y7XqKjLWdLz1WlTDHZvl11 tR9wVhsVsnU36c4M5Mt47NUB7FMDqYUrK5d/+x8yas/oX6RNptFPo97bsK97gboU/Sby HzsWVAzqkB7MmNMKq8slfHiMZr1zu7p/r7raI=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20110615100531.GD17634@xxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<BANLkTinp48h5866AcJXmRcmLK1XZ+L8Zpg@xxxxxxxxxxxxxx> <20110614081445.GB11702@xxxxxxxxxxxxxxxxxxxxxxx> <BANLkTimH2qgm0pfjPQ19kiOZE=0ngHg1wg@xxxxxxxxxxxxxx> <20110615100531.GD17634@xxxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

I have read that xen traps all the updates to page tables from guest os. How does this work in case of hvm and/or no EPT?

Also isn't it true that xen maintains these page tables as read only? Correct me, if I am wrong.

--
Srujan D. Kotikela

On Wed, Jun 15, 2011 at 5:05 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:

At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela wrote:
> Hi Tim,
>
> I am trying to implement a secure architecture where a process' (selected)
> memory pages have to be set as read-only. The process will send the virtual
> address of pages required (through a custom hypercall) to be set read-only.
> I need to compute the physical address of the pages and set them read-only.

Thanks. In that case I suspect the memory event hypercalls are what you
need. They allow access rights on guest frames to be set from a tool in
dom0. They only work on EPT, though.

Tim.

> On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
>
> > Hi,
> >
> > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > > Does Xen provide any mechanism to set read-only access/lock on guest's
> > > pages?
> >
> > Yes, Xen has lots of code that makes guest memory read-only for various
> > reasons, and one of them might be suitable. What's your overall goal?
> >
> > (BTW, you might want to read
> > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> >
> > Cheers,
> >
> > Tim.
> >
> > --
> > Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

--

Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] Read-only locking of Guest Memory pages