Xen project Mailing List

RE: [Xen-devel] Academic Project

From: dinesh chandrasekaran <dinesh_chan8@xxxxxxxxxxx>

Date: Wed, 4 Mar 2009 06:00:40 +0530

Cc: xen developers community <xen-devel@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 03 Mar 2009 16:31:36 -0800

Importance: Normal

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

And i also don't see any application, why should the hypervisor be trusted, but not the dom0?

I claim that the purpose of the proposed technique is due to the following reasons.
1) dom0 is another linux kernel which runs in ring 3 (IA64) along with other guests with more privileges.
2) It runs the management tools (xm) which is the point of user interaction for desktop virtualization.

Hence the goal is to protect the guest memory/state from compromised dom0.

By the way, I'm sorry I use PCIe board and not PCI .

regards,
Dinesh C

> Date: Tue, 3 Mar 2009 23:54:12 +0100
> From: christian@xxxxxxxx
> To: dinesh_chan8@xxxxxxxxxxx
> Subject: Re: [Xen-devel] Academic Project
> CC: xen-devel@xxxxxxxxxxxxxxxxxxx
>
> On Wed, Mar 04, 2009 at 01:24:46AM +0530, dinesh chandrasekaran wrote:
> > Can some one tell me how to go about achieving this.
>
> First: I'm sorry, but i'm pretty sure that what you want to do... will
> never work in a "normal" computer.
> IMO the dom0 usually can access everything and all hardware, but it does
> not matter as soon as it can access some hardware that can do DMA an
> attacker may find an attack vector.
>
> And i also don't see any application, why should the hypervisor be
> trusted, but not the dom0?
>
> > How to allocate real memory (which is behind a PCI device) to guests?
> > I need to modify Xen source to achieve the above.
>
> You want map memory from a PCI device in the address room?
>
> That is no problem, despite that the maximum bar size (that will work on
> many systems) is 256 MB (i have seen a single system were 1 GB was
> working, probably there are others, no idea)
> And by PIO reading you'll get like 10-20 MB/s or something like that.
>
>
> Anyway (shameless plug) for such low level stuff i would not suggest to
> use PCI, but a real interface like HyperTransport.
>
> There is a HTX board, that offers advantages compared to a PCI board.
> http://ra.ziti.uni-heidelberg.de/index.php?page=projects&id=htx
>
>
> Christian
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

MSN Entertainment updates you on the latest blockbusters from Bollywood with MSN News.

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.