[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Writes to guests' page table pages + mem_events

On 04/11/13 17:32, Razvan Cojocaru wrote:
Hello,

looking at pages 6 and 7 of this document:

http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf

I see that instructions writing to the page table pages of a guest are
emulated by Xen.

Does this mean that, assuming that I make a page table page read-only, I
will _not_ receive a mem_event if the guest tries to write to said page?


Thanks.

A PV guest never has write access to its pagetables.  A PV guest able to
modify its own pagetables without audit from Xen would be a serious
security vulnerability.
Aravindh Puthiyaparambil is trying to implement mem_event for PV: http://lists.xen.org/archives/html/xen-devel/2013-10/msg02623.html

A shadow PT based implementation can (hand waving) capture emulated PT writes.

An HVM guest completely controls its own pagetables, and protection is
provided by HAP.  Shadow is a little more awkward where a guest has
pagetables which it believes it owns but doesn't.  A shadow guest will
fault on pagetable access but Xen will fix up.

The corollary is that an HVM guest will generate mem_events when writing to its own page tables.

Andres

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.