xen-devel

[Top] [All Lists]

[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II

from [Daniel Arai]

[Permanent Link][Original]

To:	Andi Kleen <ak@xxxxxxx>
Subject:	[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II
From:	Daniel Arai <arai@xxxxxxxxxx>
Date:	Wed, 22 Mar 2006 14:43:08 -0800
Cc:	Zachary Amsden <zach@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Pratap Subrahmanyam <pratap@xxxxxxxxxx>, Wim Coekaerts <wim.coekaerts@xxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxx>, Joshua LeVasseur <jtl@xxxxxxxxxx>, Dan Hecht <dhecht@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Jack Lo <jlo@xxxxxxxxxx>, Christopher Li <chrisl@xxxxxxxxxx>, virtualization@xxxxxxxxxxxxxx, Linus Torvalds <torvalds@xxxxxxxx>, Anne Holler <anne@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxxxx>, Jyothy Reddy <jreddy@xxxxxxxxxx>, Kip Macy <kmacy@xxxxxxxxxxx>, Ky Srinivasan <ksrinivasan@xxxxxxxxxx>, Leendert van Doorn <leendert@xxxxxxxxxxxxxx>
Delivery-date:	Thu, 23 Mar 2006 17:56:26 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<200603222239.46604.ak@xxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<200603131759.k2DHxeep005627@xxxxxxxxxxxxxxxxxxx> <200603222105.58912.ak@xxxxxxx> <200603222239.46604.ak@xxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Andi Kleen wrote:

There was one other point I wanted to make but I forgot it now @)



Ah yes the point was that since most of the implementations of the hypercalls
likely need fast access to some per CPU state. How would you plan
to implement that? Should it be covered in the specification?


I can explain how it works, but it's deliberately not part of the specification.

The whole point of the ROM layer is that it abstracts away the actual hypercallmechanism for the guest, and the hypervisor can implement whatever isappropriate for it. This layer allows a VMI guest to run on VMware'shypervisor, as well as on top of Xen.


We reserve the top 64MB of linear address space for the hypervisor.

Part of this reserved space contains data structures that are shared by the VMIROM layer and the hypervisor. Simple VMI interface calls like "read CR 2" areimplemented by reading or writing data from this shared data structure, anddon't require a privilege level change. Things like page table updates go intoa queue in the shared area, so they can easily be batched and processed withonly one actual call into the hypervisor.

Because the guest can manipulate this data page directly, the hypervisor has totreat any information in it as untrusted. This is similar to how the kernel hasto treat syscall arguments. Guest user code can't touch the shared area, so itdoesn't introduce any new kernel security holes. The guest kernel coulddeliberately mess up the shared area contents, but guest kernel code couldcorrupt any arbitrary (virtual) machine state anyway.

Because this level of interface is hidden from the guest, we can (and do) makechanges to it without changing VMI itself, or needing to recompile the guest.We deliberately do not document it. A guest that adheres to the VMI interfacecan move to new versions of the ROM/hypervisor interface (that implement thesame VMI interface) without changes.


Dan.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, (continued) [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Eli Collins [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Rik van Riel [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Andi Kleen [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Chris Wright [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Andi Kleen [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Chris Wright [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Zachary Amsden [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Zachary Amsden [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation, Andi Kleen [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Andi Kleen [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Daniel Arai <= [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Zachary Amsden [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Andi Kleen [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Zachary Amsden [Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Andi Kleen [Xen-devel] [RFC, PATCH 1/24] i386 Vmi documentation, Zachary Amsden

Previous by Date:	[Xen-devel] Re: [RFC, PATCH 5/24] i386 Vmi code patching, Daniel Arai
Next by Date:	[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Zachary Amsden
Previous by Thread:	[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Andi Kleen
Next by Thread:	[Xen-devel] Re: [RFC, PATCH 1/24] i386 Vmi documentation II, Zachary Amsden
Indexes:	[Date] [Thread] [Top] [All Lists]