[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] read-only pagetable entries
Hi, At 21:29 -0500 on 19 Jun (1308518969), Srujan Kotikela wrote: > I am trying to mark certain page-table entries (pte) of a guest as read-only > by the guest operating system (complete control by xen). If this pte is > ever to be changed to READ/WRITE, it should be done by a custom hypercall > (called only by a special process). The guest os's request to mark this pte > READ/WRITE should be denied/ignored by xen. > > The approach I am planning is, obtain the (guest) virtual address from the > process and pass to xen through hypercall, obtain cr3 from the vcpu, compute > PDE (page directory entry), obtain PT (Page Table) base address, compute > PTE's (guest) physical address. Then translate PFN to MFN and update the > entries to READ-ONLY. > > However, I feel this process is not sufficient to restrict the OS from > changing it. It's certainly not enough to stop the OS from changing it by itself. You'd need to make that PTE read-only _and_ make all mappings of the PTE itself read-only _and_ make sure there are no new r/w mappings of it. I think the right thing to do is to translate the VA you start with into a PFN and then just call p2m_change_type to mark that PFN read-only. That way, the PTE the guest sees will still be r/w but all writes to the address will be dropped. (That assumes this is a HVM guest, by the way). Cheers, Tim. -- Tim Deegan <Tim.Deegan@xxxxxxxxxx> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |