[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] read-only pagetable entries

On Mon, Jun 20, 2011 at 3:27 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:

At 21:29 -0500 on 19 Jun (1308518969), Srujan Kotikela wrote:
> I am trying to mark certain page-table entries (pte) of a guest as read-only
> by the guest operating system (complete control by xen). If this pte is
> ever to be changed to READ/WRITE, it should be done by  a custom hypercall
> (called only by a special process). The guest os's request to mark this pte
> READ/WRITE should be denied/ignored by xen.
> The approach I am planning is, obtain the (guest) virtual address from the
> process and pass to xen through hypercall, obtain cr3 from the vcpu, compute
> PDE (page directory entry), obtain PT (Page Table) base address, compute
> PTE's (guest) physical address. Then translate PFN to MFN and update the
> entries to READ-ONLY.
> However, I feel this process is not sufficient to restrict the OS from
> changing it.

It's certainly not enough to stop the OS from changing it by itself.
You'd need to make that PTE read-only _and_ make all mappings of the PTE
itself read-only _and_ make sure there are no new r/w mappings of it.

I think the right thing to do is to translate the VA you start with into
a PFN and then just call p2m_change_type to mark that PFN read-only.
That way, the PTE the guest sees will still be r/w but all writes to the
address will be dropped.  (That assumes this is a HVM guest, by the



Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)


   I am trying to see the working of "p2m_change_type". For this I am passing the PFN of a variable (computed using virt_to_pfn(&variable)) in a kernel module. Then this PFN is being passed to VMM through a hypercall (from a HVM guest). In the hypercall handler, I have the following code (where PFN == GFN) :

   struct vcpu *v = current;
   struct domain *d = v->domain;

    p2m_type_t ot;
    mfn_t mfn;
    mfn = gfn_to_mfn(d, gfn , &ot);        //find the old type of the gfn
    printk("MFN  : %lx\n", mfn);
    printk("OT   : %d\n", ot);
    p2m_change_type(d, gfn, ot, p2m_ram_ro);

   After this I tried to assign a new value to variable (to test if the write request is being dropped).  But, the DomU hangs within the kernel module (insmod      command is never being completed).

   I assume this is because I am doing it within a kernel module. Now I am going to try passing a user process' variable's address to kernel module and pass it further to hypervisor  and repeat the above process. Before that, I just want to make sure that I am going in the right direction.
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.