[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [RFC] x86_64 and protection


  • To: "Mathieu Ropert" <mro@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
  • Date: Fri, 24 Mar 2006 09:04:03 -0800
  • Delivery-date: Fri, 24 Mar 2006 17:05:51 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcZPYg9FdcWqX6ZlT4avTOHt2pU+6gAAChQQ
  • Thread-topic: [Xen-devel] [RFC] x86_64 and protection

Mathieu Ropert wrote:
> Hi,
> 
> i'm trying to understand how protection with Xen on x86_64 has kernel
> and user code run on the same privilege level.
> 
> Things i'm wondering:
> - As all kernel pages must mapped with USER bit, how do i make sure
> user process can't access them? Unmap all before switching to user
> mode? - How Xen makes the difference between a kernel and a user
> process? I think it use a software flag or something to handle
> syscall instruction properly (ie: processing hypercall or give
> control to kernel syscalls management depending on the caller).

Xen is aware of the mode (kernel vs. user) of the guests controlling the
page tables used for each mode. The user ones don't have the translation
for the kernel. Look at the code around toggle_guest_mode().

> 
> Some documentations on this would be great for future attempts to port
> other OS to Xen.

I'm writing a paper on this for OLS. The deadline is 4/1, and that means
the paper is not ready today ;-). 

See http://www.linuxsymposium.org/2006/view_abstract.php?content_key=86
for the abstract.

Jun
---
Intel Open Source Technology Center

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.