[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Read-only locking of Guest Memory pages

At 07:38 -0500 on 16 Jun (1308209893), Srujan Kotikela wrote:
> I have read that xen traps all the updates to page tables from guest os. How
> does this work in case of hvm and/or no EPT?
> Also isn't it true that xen maintains these page tables as read only?

If Xen is using HAP (EPT or NPT), then no; the guest pagetables are not
treated specially.  If it's using shadow pagetables, then it's mostly
true -- some pagetables are not read-only and some updates don't cause
traps, but most are and do.

Cheers,

Tim.

> On Wed, Jun 15, 2011 at 5:05 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
> 
> > At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela wrote:
> > > Hi Tim,
> > >
> > > I am trying to implement a secure architecture where a process'
> > (selected)
> > > memory pages have to be set as read-only. The process will send the
> > virtual
> > > address of pages required (through a custom hypercall) to be set
> > read-only.
> > > I need to compute the physical address of the pages and set them
> > read-only.
> >
> > Thanks.  In that case I suspect the memory event hypercalls are what you
> > need.  They allow access rights on guest frames to be set from a tool in
> > dom0.  They only work on EPT, though.
> >
> > Tim.
> >
> > > On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > > > > Does Xen provide any mechanism to set read-only access/lock on
> > guest's
> > > > > pages?
> > > >
> > > > Yes, Xen has lots of code that makes guest memory read-only for various
> > > > reasons, and one of them might be suitable.  What's your overall goal?
> > > >
> > > > (BTW, you might want to read
> > > > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> > > >
> > > > Cheers,
> > > >
> > > > Tim.
> > > >
> > > > --
> > > > Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > > > Principal Software Engineer, Xen Platform Team
> > > > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> > > >
> >
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-devel
> >
> >
> > --
> > Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.