Xen project Mailing List

[Xen-devel] writable pagetable

To: "Ian Pratt" <Ian.Pratt@xxxxxxxxxxxx>, "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>

From: "James Harper" <JamesH@xxxxxxxxxxxxxxxx>

Date: Thu, 9 Sep 2004 12:33:54 +1000

Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 09 Sep 2004 03:36:54 +0100

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

Thread-index: AcSWELFN2nOxUC8UTUShKz6LjCWYugABJlVQ

Thread-topic: [Xen-devel] writable pagetable

On the subject of writable pagetables, is it a performance thing? I've always said 'no' because I don't know what it does and went with the philosophy of "if it ain't broke...". James > -----Original Message----- > From: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:xen-devel- > admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Ian Pratt > Sent: Thursday, 9 September 2004 11:52 > To: Keir Fraser > Cc: Kip Macy; Ian Pratt; xen-devel@xxxxxxxxxxxxxxxxxxxxx; > Ian.Pratt@xxxxxxxxxxxx > Subject: Re: [Xen-devel] Re: Xen reboots when trying to start new domain > > > Kip, > > Out of interest, why have you needed to give FreeBSD its own > domain builder rather than use the 'generic ELF' one that Linux > and NetBSD share? (Plan9 has gone with its own builder as it uses > an a.out image format). > > > Okay, I pushed some cleanups to BUILDDOMAIN. In particular we now > > check that the specified pagetable is in fact a valid pagetable :-D > > It's not high on the todo list, but it would be nice to make the > domain builder completely untrusted, and hence be able to > delegate it just the privileges it needs for building a > particular domain. We're not too far away from that. Keir's > changes certainly make it harder for a domain builder to screw up > accidentally. > > BTW: On the subject of safety, changelog watchers will have > noticed significant changes to Xen's 'writable pagetables' > implementation. We weren't intending to make changes like this so > late in the 2,0 release cycle, but it came to our attention that > the Opteron CPU's TLB has a PGD entry cache that isn't coherent > with memory[*]. This meant that it would have potentially been > possible for a malicious or compromised guest OS to contrive a > situation where it got to access pages that didn't belong to it. > > We've now checked in an alternative implementation which should > be safe on both Intel and AMD. > > Ian > > [*] The x86 architecture is woefully underspecified in this > respect. Intel CPUs have a PGD entry cache, but current > implementations have a snooping mechanism that meant that our > previous scheme worked fine. > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/xen-devel ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47&alloc_id808&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.