[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] On x86_64 Xen Implementation



BVK Chaitanya wrote:
Hi,

Xen 3.0 inteface manual says:

On 64-bit systems it is not possible to protect the hypervisor from untrusted guest code running in rings 1 and 2. Guests are therefore restricted to run in ring 3 only. The guest kernel is protected from its applications by context switching between the kernel and currently running application.

Can anybody explain (or provide me pointers) to what x86_64 features make protecting hypervisor from untrusted guest (kernels) impossible? Is x86_64 (by-design) makes x86's 4 rings feature obsolete?

Somewhat. Segmentation support has been mostly dropped in x86_64 long mode (aka 64bit mode). By using paging you can only differentiate between supervisor and user mode. Separating the different rings requires different segment descriptors, which can hold a ring number. Since segmentation limits, offsets and protection flags are (mostly) ignored in 64bit long mode, you actually cannot use the four rings here.

Regards,
Andre.

--
Andre Przywara
AMD-Operating System Research Center (OSRC), Dresden, Germany
Tel: +49 351 277-84917
----to satisfy European Law for business letters:
AMD Saxony Limited Liability Company & Co. KG,
Wilschdorfer Landstr. 101, 01109 Dresden, Germany
Register Court Dresden: HRA 4896, General Partner authorized
to represent: AMD Saxony LLC (Wilmington, Delaware, US)
General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.