[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Patchset to protect guest ROM areas from R/W access.


  • To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>
  • From: "Trolle Selander" <trolle.selander@xxxxxxxxx>
  • Date: Thu, 10 Jul 2008 14:40:33 +0100
  • Cc:
  • Delivery-date: Thu, 10 Jul 2008 06:41:03 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=dZoRScisK17qhoyViAv5fJ1muarEMQGBvDJnS2dsHdMD3m0qgyWhYGOR1JRgsDyyzY hfjkx+bFdWzUUJ63kpMH5qi1n8wp0vnsNFCrMFpuLfRDC+SD4vSdtryctT1Zqsi8xeBT 5FcTae0sXwOl3Y/TS4iip4bcYE5xu7NxNM15I=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

This is a set of patches to protect guest ROM areas by making them actually be read-only.

xen_handle_p2m_type_ro.patch:
   This makes writes to pages with p2m_ram_ro stop falling through to the device model, and instead writes get logged but discarded.

xen_hvmop_set_mem_type.patch:
   This adds a new command, "set_mem_type" to the hvmop hypercall which allows marking ram page ranges as ro, rw, or mmio_dm.

ioemu_xen_platform.patch
   This adds functionality to the xen platform device to enable a guest to set/unset the RO state of ROM. A guest can enable
   or disable RW access to the ROM range ( 0xc0000-0xfffff ) by writing to the lowermost io port of the xen platform device. This
   port now provides access to a flags register, which currently only has one flag bit, namely bit 0, to set/clear write access to the ROM range.
   This patch should apply to both the old ioemu tree or the new upstream-merged git tree.

xen_firmware_make_ROM_ro.patch
   This adds changes to hvmloader and rombios to make use of the above platform_device functionality to write-protect ROM areas. This is somewhat ugly, but unfortunately the virtual bios has grown to rely on being able to self-modify. At a later stage, I'm going to try to remove any self-modifying bits on the rombios and move any such post-load modifications into hvmloader, so that hvmloader can handle the ROM locking, which would be cleaner.

Signed-off-by: Trolle Selander <trolle.selander@xxxxxxxxxxxxx>

Attachment: xen_handle_p2m_type_ro.patch
Description: Text Data

Attachment: xen_hvmop_set_mem_type.patch
Description: Text Data

Attachment: ioemu_xen_platform.patch
Description: Text Data

Attachment: xen_firmware_make_ROM_ro.patch
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.