WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] read-only pagetable entries

To: xen-devel@xxxxxxxxxxxxxxxxxxx, Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Subject: Re: [Xen-devel] read-only pagetable entries
From: Srujan Kotikela <ksrujandas@xxxxxxxxx>
Date: Tue, 28 Jun 2011 12:54:42 -0500
Cc:
Delivery-date: Tue, 28 Jun 2011 10:59:51 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=JAKeYMuBGbuwCX/4c60bjOLWPbLamLLMlpXkRr8Q160=; b=CzafbJf0HSwrWbhgzh1086sgAbU+AEH7v3++D3+b9VLu5tHfdmy0y59nMkRoKj7/Im 8cCJ/ztMpkzWRj27Djgr+i3Fgp66wOcNYh/vcIqwEYd+n41CzhZp7WkHwTbmf/UhTMiT IPdzfxBA3FUOl8eu3Hh28WzFzoPuI+yLFNEK4=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110620082737.GM17634@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <BANLkTimY71LDc-fyeBjN+q=UFxeXR4Xmpg@xxxxxxxxxxxxxx> <20110620082737.GM17634@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On Mon, Jun 20, 2011 at 3:27 AM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
Hi,

At 21:29 -0500 on 19 Jun (1308518969), Srujan Kotikela wrote:
> I am trying to mark certain page-table entries (pte) of a guest as read-only
> by the guest operating system (complete control by xen). If this pte is
> ever to be changed to READ/WRITE, it should be done by  a custom hypercall
> (called only by a special process). The guest os's request to mark this pte
> READ/WRITE should be denied/ignored by xen.
>
> The approach I am planning is, obtain the (guest) virtual address from the
> process and pass to xen through hypercall, obtain cr3 from the vcpu, compute
> PDE (page directory entry), obtain PT (Page Table) base address, compute
> PTE's (guest) physical address. Then translate PFN to MFN and update the
> entries to READ-ONLY.
>
> However, I feel this process is not sufficient to restrict the OS from
> changing it.

It's certainly not enough to stop the OS from changing it by itself.
You'd need to make that PTE read-only _and_ make all mappings of the PTE
itself read-only _and_ make sure there are no new r/w mappings of it.

I think the right thing to do is to translate the VA you start with into
a PFN and then just call p2m_change_type to mark that PFN read-only.
That way, the PTE the guest sees will still be r/w but all writes to the
address will be dropped.  (That assumes this is a HVM guest, by the
way).

Cheers,

Tim.

--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)



   Hi,

   I am trying to see the working of "p2m_change_type". For this I am passing the PFN of a variable (computed using virt_to_pfn(&variable)) in a kernel module. Then this PFN is being passed to VMM through a hypercall (from a HVM guest). In the hypercall handler, I have the following code (where PFN == GFN) :

   struct vcpu *v = current;
   struct domain *d = v->domain;

    p2m_type_t ot;
    mfn_t mfn;
  
    mfn = gfn_to_mfn(d, gfn , &ot);        //find the old type of the gfn
    printk("MFN  : %lx\n", mfn);
    printk("OT   : %d\n", ot);
   
    p2m_change_type(d, gfn, ot, p2m_ram_ro);

   After this I tried to assign a new value to variable (to test if the write request is being dropped).  But, the DomU hangs within the kernel module (insmod      command is never being completed).

   I assume this is because I am doing it within a kernel module. Now I am going to try passing a user process' variable's address to kernel module and pass it further to hypervisor  and repeat the above process. Before that, I just want to make sure that I am going in the right direction.
  
  Thanks,
   _SDK
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>