[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] changing attributes of a page!

I have started Dom0 with dom0_shadow=1. So it must be running with a
read-only page table. I thought p2m is responsible for updating the
dom0's page-table. I have looked at _sh_propagate() but I couldn't
find any option to change page attributes like RWX.

Best Regards
Mohamad Rezaei
-------------------
ICT Research Center
Amirkabir University of Technology



On Mon, Jan 9, 2012 at 1:39 PM, Tim Deegan <tim@xxxxxxx> wrote:
> Hi,
>
> At 10:22 +0330 on 09 Jan (1326104566), Mohamad Rezaei wrote:
>> Hi,
>>
>> I am trying to change attributes of a page from Dom0.
>
> Do you mean a page of dom0's memory?
>
>> The reason is
>> that I want to make a kernel module completely read-only to other
>> parts of kernel. I will update it from hypervisor itself. I have tried
>> to do this by this code:
>>
>> // I have the mfn of the page in Dom0's address space.
>> void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) {
>> Â Â unsigned long gfn = mfn_to_gfn(p2m->domain,mfn);
>> Â Â p2m_type_t p2mt;
>> Â Â p2m_access_t p2ma;
>> Â Â p2m_lock(p2m);
>> Â Â p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query);
>> Â Â p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx);
>> Â Â p2m_unlock(p2m);
>> }
>
> That looks plausible for a HVM guest, but dom0 is a PV guest and doesn't
> have a p2m table, so you're likely to crash Xen if you try to to this
> to dom0.
>
> Do you have a serial console set up on your test machine? ÂIt's _very_
> useful for finding out why the system crashed, since Xen will usually
> print a backtrace when it crashes.
>
>> But whenever it runs Dom0 restarts. I am not even sure this is the
>> right way to do this. I am grateful for any help!
>
> To do this to dom0 you could
> Â(a) get dom0 to make the memory read-only in its own pagetables; and
> Â(b) enforce that read-only property in the PTE validation code in mm.c
>
> Or you could run dom0 under shadow pagetables and enforce the read-only
> property in _sh_propagate(). ÂThat will have a performace hit, though.
>
> Cheers,
>
> Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.