BVK Chaitanya wrote:> Hi,
>
> Xen 3.0 inteface manual says:
>
> On 64-bit systems it is not possible to protect the hypervisor from
> untrusted guest code running in rings 1 and 2. Guests are therefore
> restricted to run in ring 3 only. The guest kernel is protected from its
> applications by context switching between the kernel and currently
> running application.
>
> Can anybody explain (or provide me pointers) to what x86_64 features
> make protecting hypervisor from untrusted guest (kernels) impossible? Is
> x86_64 (by-design) makes x86''s 4 rings feature obsolete?
Somewhat. Segmentation support has been mostly dropped in x86_64 long
mode (aka 64bit mode). By using paging you can only differentiate
between supervisor and user mode. Separating the different rings
requires different segment descriptors, which can hold a ring number.
Since segmentation limits, offsets and protection flags are (mostly)
ignored in 64bit long mode, you actually cannot use the four rings here.
Regards,
Andre.
--
Andre Przywara
AMD-Operating System Research Center (OSRC), Dresden, Germany
Tel: +49 351 277-84917
----to satisfy European Law for business letters:
AMD Saxony Limited Liability Company & Co. KG,
Wilschdorfer Landstr. 101, 01109 Dresden, Germany
Register Court Dresden: HRA 4896, General Partner authorized
to represent: AMD Saxony LLC (Wilmington, Delaware, US)
General Manager of AMD Saxony LLC: Dr. Hans-R. Deppe, Thomas McCoy
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel