WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] On x86_64 Xen Implementation

To: BVK Chaitanya <bayapuneni_chaitanya@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] On x86_64 Xen Implementation
From: Andre Przywara <andre.przywara@xxxxxxx>
Date: Mon, 21 Jul 2008 13:17:08 +0200
Cc: Xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 21 Jul 2008 04:17:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <488469EE.4090700@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <488469EE.4090700@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.14 (X11/20080421)
BVK Chaitanya wrote:
Hi,

Xen 3.0 inteface manual says:

On 64-bit systems it is not possible to protect the hypervisor from untrusted guest code running in rings 1 and 2. Guests are therefore restricted to run in ring 3 only. The guest kernel is protected from its applications by context switching between the kernel and currently running application.

Can anybody explain (or provide me pointers) to what x86_64 features make protecting hypervisor from untrusted guest (kernels) impossible? Is x86_64 (by-design) makes x86's 4 rings feature obsolete?

Somewhat. Segmentation support has been mostly dropped in x86_64 long mode (aka 64bit mode). By using paging you can only differentiate between supervisor and user mode. Separating the different rings requires different segment descriptors, which can hold a ring number. Since segmentation limits, offsets and protection flags are (mostly) ignored in 64bit long mode, you actually cannot use the four rings here.

Regards,
Andre.

--
Andre Przywara
AMD-Operating System Research Center (OSRC), Dresden, Germany
Tel: +49 351 277-84917
----to satisfy European Law for business letters:
AMD Saxony Limited Liability Company & Co. KG,
Wilschdorfer Landstr. 101, 01109 Dresden, Germany
Register Court Dresden: HRA 4896, General Partner authorized
to represent: AMD Saxony LLC (Wilmington, Delaware, US)
General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>