WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] On x86_64 Xen Implementation

To: Xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] On x86_64 Xen Implementation
From: BVK Chaitanya <bayapuneni_chaitanya@xxxxxxxxxxxx>
Date: Mon, 21 Jul 2008 16:20:22 +0530
Cc:
Delivery-date: Mon, 21 Jul 2008 03:47:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509)
Hi,

Xen 3.0 inteface manual says:

On 64-bit systems it is not possible to protect the hypervisor from untrusted guest code running in rings 1 and 2. Guests are therefore restricted to run in ring 3 only. The guest kernel is protected from its applications by context switching between the kernel and currently running application.

Can anybody explain (or provide me pointers) to what x86_64 features make protecting hypervisor from untrusted guest (kernels) impossible? Is x86_64 (by-design) makes x86's 4 rings feature obsolete?


thanks,
--
bvk-chaitanya

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>