Hello! I have a slight problem in my guest port with the WP bit in CR0. The original kernel maps certain kernel pages to user-mode read-only and relies on the kernel being able to modify these despite the read-only bit being set in the pages. This in turn requires that the WP bit is unset in CR0. Unfortunately, Xen doesn''t allow the WP bit to be zeroed because Xen wants to share pages read-only with the guest OS. I''m taking this up because a) I would like to know if I''ve understood the reason for this limitation b) I''d like to discuss if the restriction could be lifted First, from browsing the Xen code, it seems that the only pages being shared read-only with the guest is the phys-to-machine translation table. Is this true, or is it needed for something else as well? To allow WP being unset, maybe something like the following could be done. As long as WP is unchanged everything works as it does now. When the WP bit is set, - A copy is made of the pages mapped read-only and one of the copies is kept in the Xen-protected area - On updates to the phys-to-machine pages, Xen updates both copies but only uses the "private" for it''s own use - If the guest overwrites something in the "public" area, it will only suffer by itself. The problem I see with this approach is that the space needed for the phys-to-machine pages doubles if WP is set. Comments? // Simon _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 14 Jun 2006, at 13:52, Simon Kagstrom wrote:> I have a slight problem in my guest port with the WP bit in CR0. The > original kernel maps certain kernel pages to user-mode read-only and > relies on the kernel being able to modify these despite the read-only > bit being set in the pages. This in turn requires that the WP bit is > unset in CR0.We can''t support this. We rely on write protection for all sorts of things (e.g., prevent guest write access to page tables). You''ll have to temporarily make the mapping writable, or make a kernel-private writable mapping. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
At Wed, 14 Jun 2006 14:00:16 +0100, Keir Fraser wrote:> On 14 Jun 2006, at 13:52, Simon Kagstrom wrote: > > > I have a slight problem in my guest port with the WP bit in CR0. The > > original kernel maps certain kernel pages to user-mode read-only and > > relies on the kernel being able to modify these despite the read-only > > bit being set in the pages. This in turn requires that the WP bit is > > unset in CR0. > > We can''t support this. We rely on write protection for all sorts of > things (e.g., prevent guest write access to page tables). You''ll have > to temporarily make the mapping writable, or make a kernel-private > writable mapping.Thanks for the explanation. Would the WP flag work in a HVM setting? // Simon _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 15 Jun 2006, at 09:00, Simon Kagstrom wrote:>> We can''t support this. We rely on write protection for all sorts of >> things (e.g., prevent guest write access to page tables). You''ll have >> to temporarily make the mapping writable, or make a kernel-private >> writable mapping. > > Thanks for the explanation. Would the WP flag work in a HVM setting?It may not be supported right now, but it would be easy to do so if not. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
It should be working in HVM guest. See, for example: ... Memory: 3040444k/3071992k available (1918k kernel code, 30156k reserved, 775k data, 176k init, 2154492k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. Calibrating delay using timer specific routine.. 4803.94 BogoMIPS (lpj=9607882) ... Jun --- Intel Open Source Technology Center -----Original Message----- From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Keir Fraser Sent: Thursday, June 15, 2006 1:09 AM To: Simon Kagstrom Cc: xen-devel list Subject: Re: [Xen-devel] WP flag in CR0, setting On 15 Jun 2006, at 09:00, Simon Kagstrom wrote:>> We can''t support this. We rely on write protection for all sorts of >> things (e.g., prevent guest write access to page tables). You''ll have >> to temporarily make the mapping writable, or make a kernel-private >> writable mapping. > > Thanks for the explanation. Would the WP flag work in a HVM setting?It may not be supported right now, but it would be easy to do so if not. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
I haven''t examined what Linux is doing to validate correct handling of the WP bit, but NetWare operates without setting CR0.WPt, and that is one of the issues with NetWare not working in fully virtualized mode. The shadow paging code does not process the page tables according to CR0.WP == 0 semantics. - Bruce>>> On 6/16/2006 at 6:50 PM, in message<8FFF7E42E93CC646B632AB40643802A82E9441@scsmsx412.amr.corp.intel.com>, "Nakajima, Jun" <jun.nakajima@intel.com> wrote:> It should be working in HVM guest. See, for example: > > ... > Memory: 3040444k/3071992k available (1918k kernel code, 30156kreserved,> 775k data, 176k init, 2154492k highmem) > Checking if this processor honours the WP bit even in supervisormode...> Ok. > Calibrating delay using timer specific routine.. 4803.94 BogoMIPS > (lpj=9607882) > ... > > Jun > --- > Intel Open Source Technology Center > > -----Original Message----- > From: xen-devel-bounces@lists.xensource.com > [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of KeirFraser> Sent: Thursday, June 15, 2006 1:09 AM > To: Simon Kagstrom > Cc: xen-devel list > Subject: Re: [Xen-devel] WP flag in CR0, setting > > > On 15 Jun 2006, at 09:00, Simon Kagstrom wrote: > >>> We can''t support this. We rely on write protection for all sortsof>>> things (e.g., prevent guest write access to page tables). You''llhave>>> to temporarily make the mapping writable, or make a kernel-private >>> writable mapping. >> >> Thanks for the explanation. Would the WP flag work in a HVMsetting?> > It may not be supported right now, but it would be easy to do so ifnot.> > -- Keir > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 17 Jun 2006, at 01:50, Nakajima, Jun wrote:> It should be working in HVM guest. See, for example: > > ... > Memory: 3040444k/3071992k available (1918k kernel code, 30156k > reserved, > 775k data, 176k init, 2154492k highmem) > Checking if this processor honours the WP bit even in supervisor > mode... > Ok. > Calibrating delay using timer specific routine.. 4803.94 BogoMIPS > (lpj=9607882)That shows it honours CR0.WP=1, which is all Linux cares about. Linux never sets CR0.WP=0 so that case is probably not tested. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
At Thu, 15 Jun 2006 09:08:37 +0100, Keir Fraser wrote:> On 15 Jun 2006, at 09:00, Simon Kagstrom wrote: > > Thanks for the explanation. Would the WP flag work in a HVM setting? > > It may not be supported right now, but it would be easy to do so if not.Does Xen itself rely on running with the WP flag set? I''ll go with the HVM supported WP-bit later, but as I don''t have the hardware yet, I wanted to try to just clear the bit in Xen, and that seems to cause problems. Changing diff -r 17fbffb737d9 xen/arch/x86/boot/x86_32.S --- a/xen/arch/x86/boot/x86_32.S Thu Jun 22 21:41:19 2006 +0100 +++ b/xen/arch/x86/boot/x86_32.S Mon Jul 03 13:43:07 2006 +0200 @@ -150,7 +150,7 @@ no_execute_disable: #endif mov $idle_pg_table-__PAGE_OFFSET,%eax mov %eax,%cr3 - mov $0x80050033,%eax /* hi-to-lo: PG,AM,WP,NE,ET,MP,PE */ + mov $0x80040033,%eax /* hi-to-lo: PG,AM,NE,ET,MP,PE */ mov %eax,%cr0 jmp 1f 1: /* Install relocated selectors (FS/GS unused). */ Causes an assertion to trigger when booting the Linux dom0: (XEN) Assertion ''(x & PGT_count_mask) != 0'' failed, line 1430, file mm.c Is this due to how Xen works or is it because Linux uses writable page tables (I have not checked the Linux sources other than the __xen_guest_section). // Simon _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 3 Jul 2006, at 12:50, Simon Kagstrom wrote:> Causes an assertion to trigger when booting the Linux dom0: > > (XEN) Assertion ''(x & PGT_count_mask) != 0'' failed, line 1430, file > mm.c > > Is this due to how Xen works or is it because Linux uses writable page > tables (I have not checked the Linux sources other than the > __xen_guest_section).This occurs because the pagetable protection no longer works. When Linux writes directly to a pagetable it succeeds rather than trapping into Xen where appropriate reference counting and validation would occur. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Possibly Parallel Threads
- panic in buf_hash_remove
- [PATCH 2/4] Enable VirtualPC 2007 run on top of XEN: fxsave emulation
- [PATCH] linux-2.6.18/x86: improve CR0 read/write handling
- [PATCH] Use -MMD -MF in tools/* rather than -Wp,-M...
- Failure to install SNV85 DomU at Xen 3.2 CentOS 5.1 Dom0 (64-bit)