WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Read-only locking of Guest Memory pages

To: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Subject: Re: [Xen-devel] Read-only locking of Guest Memory pages
From: Srujan Kotikela <ksrujandas@xxxxxxxxx>
Date: Thu, 16 Jun 2011 07:38:13 -0500
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 16 Jun 2011 05:41:48 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=AVaCWyWXkNuQqCAx6uS/G7BTupsx6eD0+g9ShGSfs1Q=; b=fHTWG9lh+7+Qaam+ct3UE9L9CaexwEDge1IZFng1//T3WzQB0dHynrpgvAhjIOHB9K GjQZYiIr9VM394B6Kb7CeinBWK+iO84gyC5fRLbFu9jc5JHrSbNvRNKaABSCoPG6UuJH gHm8viBY+vVAMJdKY9D4WfO7QeMxXAaF1CzI0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rbv2Aw9GUmhCmtpDcyUtgZcflvN0fOqUwuzEx9/BgW//y7XqKjLWdLz1WlTDHZvl11 tR9wVhsVsnU36c4M5Mt47NUB7FMDqYUrK5d/+x8yas/oX6RNptFPo97bsK97gboU/Sby HzsWVAzqkB7MmNMKq8slfHiMZr1zu7p/r7raI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110615100531.GD17634@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <BANLkTinp48h5866AcJXmRcmLK1XZ+L8Zpg@xxxxxxxxxxxxxx> <20110614081445.GB11702@xxxxxxxxxxxxxxxxxxxxxxx> <BANLkTimH2qgm0pfjPQ19kiOZE=0ngHg1wg@xxxxxxxxxxxxxx> <20110615100531.GD17634@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I have read that xen traps all the updates to page tables from guest os. How does this work in case of hvm and/or no EPT?
Also isn't it true that xen maintains these page tables as read only? Correct me, if I am wrong. 

--
Srujan D. Kotikela


On Wed, Jun 15, 2011 at 5:05 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela wrote:
> Hi Tim,
>
> I am trying to implement a secure architecture where a process' (selected)
> memory pages have to be set as read-only. The process will send the virtual
> address of pages required (through a custom hypercall) to be set read-only.
> I need to compute the physical address of the pages and set them read-only.

Thanks.  In that case I suspect the memory event hypercalls are what you
need.  They allow access rights on guest frames to be set from a tool in
dom0.  They only work on EPT, though.

Tim.

> On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
>
> > Hi,
> >
> > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > > Does Xen provide any mechanism to set read-only access/lock on guest's
> > > pages?
> >
> > Yes, Xen has lots of code that makes guest memory read-only for various
> > reasons, and one of them might be suitable.  What's your overall goal?
> >
> > (BTW, you might want to read
> > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> >
> > Cheers,
> >
> > Tim.
> >
> > --
> > Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel