This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Readonly memory for guest domain

To: Peter Teoh <htmldeveloper@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Readonly memory for guest domain
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Wed, 12 Sep 2007 08:28:47 +0100
Delivery-date: Wed, 12 Sep 2007 00:25:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <00ca01c7f4db$69d991f0$9a010a0a@eeyore>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acf1Do5azSSQD2EBEdykmAAWy6hiGQ==
Thread-topic: [Xen-devel] Readonly memory for guest domain
User-agent: Microsoft-Entourage/
Xen does not have this general read-only restriction. It does force page tables to be read-only, otherwise a guest could grant itself access to arbitrary memory that it does not own.

 -- Keir

On 12/9/07 02:22, "Peter Teoh" <htmldeveloper@xxxxxxxxx> wrote:

Current Xen design is that the guest domain have readonly access to the memory mapped for them.   Documentation say it is not safe for them to be writable.   Why?
Is it so as to trigger a trap exception whenever writing is made to it?   This is the optimal answer :-).
And since it is not "safe" what checks are done in Xen hypervisor against these "dangers", ie, enumerate the potential dangers?   I cannot think of any, as a newbie in Xen.   My logic is that if the pages have been assigned as owned by a domain, just let it do whatever it wants to, and so therefore should not trigger any privilege trap condition (or VM exit condition, in the HVM case).
In the traditional Linux model, once a memory is mapped for user process, non-root  user included, it can be mapped as writable.   So why is this discrepancy in the case of Xen?
By taking away this readonly restriction, I think Xen hypervisor will have a lot of performance to gain.   
Please share your thoughts?   Apologies for the questions from a newbie.

Xen-devel mailing list

Xen-devel mailing list