[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] read-only pagetable entries

  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: Srujan Kotikela <ksrujandas@xxxxxxxxx>
  • Date: Sun, 19 Jun 2011 21:29:29 -0500
  • Delivery-date: Sun, 19 Jun 2011 19:30:07 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=sD1IxyYNeG6OUyN1k07PKWlHEyuwdDe2a9QcA2qOZkFUmQwE8ojZ6Dc3iOEHnPG+gf s/5fTAHN+Fuo4hvct3xUbRgqHlbOiiEMDGcSAfE70rX2Jf2VsZWcLhnVHh3JnY4LU4ZJ SMxX7nP7zpk/29jsWUJhKrgHbOpUNPjCnKg4s=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>


I am trying to mark certain page-table entries (pte) of a guest as read-only by the guest operating system (complete control by xen). If this pte is ever to be changed to READ/WRITE, it should be done by  a custom hypercall (called only by a special process). The guest os's request to mark this pte READ/WRITE should be denied/ignored by xen. 

The approach I am planning is, obtain the (guest) virtual address from the process and pass to xen through hypercall, obtain cr3 from the vcpu, compute PDE (page directory entry), obtain PT (Page Table) base address, compute PTE's (guest) physical address. Then translate PFN to MFN and update the entries to READ-ONLY. 

However, I feel this process is not sufficient to restrict the OS from changing it. So I would like to know your suggestions/changes in my approach.

Srujan D. Kotikela
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.