[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Writes to guests' page table pages + mem_events

On 04/11/13 17:32, Razvan Cojocaru wrote:
> Hello,
> looking at pages 6 and 7 of this document:
> http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf
> I see that instructions writing to the page table pages of a guest are
> emulated by Xen.
> Does this mean that, assuming that I make a page table page read-only, I
> will _not_ receive a mem_event if the guest tries to write to said page?
> Thanks.

A PV guest never has write access to its pagetables.  A PV guest able to
modify its own pagetables without audit from Xen would be a serious
security vulnerability.

An HVM guest completely controls its own pagetables, and protection is
provided by HAP.  Shadow is a little more awkward where a guest has
pagetables which it believes it owns but doesn't.  A shadow guest will
fault on pagetable access but Xen will fix up.


> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.