| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] read-only pagetable entries
Hi,
At 21:29 -0500 on 19 Jun (1308518969), Srujan Kotikela wrote:
> I am trying to mark certain page-table entries (pte) of a guest as read-only
> by the guest operating system (complete control by xen). If this pte is
> ever to be changed to READ/WRITE, it should be done by a custom hypercall
> (called only by a special process). The guest os's request to mark this pte
> READ/WRITE should be denied/ignored by xen.
>
> The approach I am planning is, obtain the (guest) virtual address from the
> process and pass to xen through hypercall, obtain cr3 from the vcpu, compute
> PDE (page directory entry), obtain PT (Page Table) base address, compute
> PTE's (guest) physical address. Then translate PFN to MFN and update the
> entries to READ-ONLY.
>
> However, I feel this process is not sufficient to restrict the OS from
> changing it.
It's certainly not enough to stop the OS from changing it by itself.
You'd need to make that PTE read-only _and_ make all mappings of the PTE
itself read-only _and_ make sure there are no new r/w mappings of it.
I think the right thing to do is to translate the VA you start with into
a PFN and then just call p2m_change_type to mark that PFN read-only.
That way, the PTE the guest sees will still be r/w but all writes to the
address will be dropped. (That assumes this is a HVM guest, by the
way).
Cheers,
Tim.
--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home