|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] Patchset to protect guest ROM areas from R/W access.
This is a set of patches to protect guest ROM areas by making them actually be read-only. xen_handle_p2m_type_ro.patch: This makes writes to pages with p2m_ram_ro stop falling through to the device model, and instead writes get logged but discarded. xen_hvmop_set_mem_type.patch: This adds a new command, "set_mem_type" to the hvmop hypercall which allows marking ram page ranges as ro, rw, or mmio_dm. ioemu_xen_platform.patch This adds functionality to the xen platform device to enable a guest to set/unset the RO state of ROM. A guest can enable or disable RW access to the ROM range ( 0xc0000-0xfffff ) by writing to the lowermost io port of the xen platform device. This port now provides access to a flags register, which currently only has one flag bit, namely bit 0, to set/clear write access to the ROM range. This patch should apply to both the old ioemu tree or the new upstream-merged git tree. xen_firmware_make_ROM_ro.patch This adds changes to hvmloader and rombios to make use of the above platform_device functionality to write-protect ROM areas. This is somewhat ugly, but unfortunately the virtual bios has grown to rely on being able to self-modify. At a later stage, I'm going to try to remove any self-modifying bits on the rombios and move any such post-load modifications into hvmloader, so that hvmloader can handle the ROM locking, which would be cleaner. Signed-off-by: Trolle Selander <trolle.selander@xxxxxxxxxxxxx> Attachment:
xen_handle_p2m_type_ro.patch Attachment:
xen_hvmop_set_mem_type.patch Attachment:
ioemu_xen_platform.patch Attachment:
xen_firmware_make_ROM_ro.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |