Xen devel - Jun 2011 - Read-only locking of Guest Memory pages

Hi,

Does Xen provide any mechanism to set read-only access/lock on guest''s
pages?

--
Srujan D. Kotikela


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi, 

At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela
wrote:
> Does Xen provide any mechanism to set read-only access/lock on
guest''s
> pages?
Yes, Xen has lots of code that makes guest memory read-only for various
reasons, and one of them might be suitable.  What''s your overall goal?

(BTW, you might want to read 
http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Hi Tim,

I am trying to implement a secure architecture where a process''
(selected)
memory pages have to be set as read-only. The process will send the virtual
address of pages required (through a custom hypercall) to be set read-only.
I need to compute the physical address of the pages and set them read-only.


--
Srujan D. Kotikela


On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan <Tim.Deegan@citrix.com> wrote:
> Hi,
>
> At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > Does Xen provide any mechanism to set read-only access/lock on
guest''s
> > pages?
>
> Yes, Xen has lots of code that makes guest memory read-only for various
> reasons, and one of them might be suitable.  What''s your overall
goal?
>
> (BTW, you might want to read
> http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
>
> Cheers,
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@citrix.com>
> Principal Software Engineer, Xen Platform Team
> Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Tue, Jun 14, 2011 at 5:38 PM, Srujan Kotikela <ksrujandas@gmail.com>
wrote:
> Hi Tim,
>
> I am trying to implement a secure architecture where a process''
(selected)
> memory pages have to be set as read-only. The process will send the virtual
> address of pages required (through a custom hypercall) to be set read-only.
> I need to compute the physical address of the pages and set them read-only.
The process can already ask the operating system to do that.  Why does
the hypervisor need to be involved?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela
wrote:
> Hi Tim,
> 
> I am trying to implement a secure architecture where a process''
(selected)
> memory pages have to be set as read-only. The process will send the virtual
> address of pages required (through a custom hypercall) to be set read-only.
> I need to compute the physical address of the pages and set them read-only.
Thanks.  In that case I suspect the memory event hypercalls are what you
need.  They allow access rights on guest frames to be set from a tool in
dom0.  They only work on EPT, though. 

Tim.
> On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan <Tim.Deegan@citrix.com>
wrote:
> 
> > Hi,
> >
> > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > > Does Xen provide any mechanism to set read-only access/lock on
guest''s
> > > pages?
> >
> > Yes, Xen has lots of code that makes guest memory read-only for
various
> > reasons, and one of them might be suitable.  What''s your
overall goal?
> >
> > (BTW, you might want to read
> > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> >
> > Cheers,
> >
> > Tim.
> >
> > --
> > Tim Deegan <Tim.Deegan@citrix.com>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> >
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

In this case, the Guest OS is untrusted. We are trying to secure the process
using Xen.
--
Srujan D. Kotikela


On Wed, Jun 15, 2011 at 4:34 AM, George Dunlap <dunlapg@umich.edu> wrote:
> On Tue, Jun 14, 2011 at 5:38 PM, Srujan Kotikela
<ksrujandas@gmail.com>
> wrote:
> > Hi Tim,
> >
> > I am trying to implement a secure architecture where a
process''
> (selected)
> > memory pages have to be set as read-only. The process will send the
> virtual
> > address of pages required (through a custom hypercall) to be set
> read-only.
> > I need to compute the physical address of the pages and set them
> read-only.
>
> The process can already ask the operating system to do that.  Why does
> the hypervisor need to be involved?
>
>  -George
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

I have read that xen traps all the updates to page tables from guest os. How
does this work in case of hvm and/or no EPT?
Also isn''t it true that xen maintains these page tables as read only?
Correct me, if I am wrong.

--
Srujan D. Kotikela


On Wed, Jun 15, 2011 at 5:05 AM, Tim Deegan <Tim.Deegan@citrix.com> wrote:
> At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela wrote:
> > Hi Tim,
> >
> > I am trying to implement a secure architecture where a
process''
> (selected)
> > memory pages have to be set as read-only. The process will send the
> virtual
> > address of pages required (through a custom hypercall) to be set
> read-only.
> > I need to compute the physical address of the pages and set them
> read-only.
>
> Thanks.  In that case I suspect the memory event hypercalls are what you
> need.  They allow access rights on guest frames to be set from a tool in
> dom0.  They only work on EPT, though.
>
> Tim.
>
> > On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan
<Tim.Deegan@citrix.com>
> wrote:
> >
> > > Hi,
> > >
> > > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela wrote:
> > > > Does Xen provide any mechanism to set read-only access/lock
on
> guest''s
> > > > pages?
> > >
> > > Yes, Xen has lots of code that makes guest memory read-only for
various
> > > reasons, and one of them might be suitable.  What''s your
overall goal?
> > >
> > > (BTW, you might want to read
> > > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> > >
> > > Cheers,
> > >
> > > Tim.
> > >
> > > --
> > > Tim Deegan <Tim.Deegan@citrix.com>
> > > Principal Software Engineer, Xen Platform Team
> > > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> > >
>
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
>
>
> --
> Tim Deegan <Tim.Deegan@citrix.com>
> Principal Software Engineer, Xen Platform Team
> Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

At 07:38 -0500 on 16 Jun (1308209893), Srujan Kotikela
wrote:
> I have read that xen traps all the updates to page tables from guest os.
How
> does this work in case of hvm and/or no EPT?
> Also isn''t it true that xen maintains these page tables as read
only?
If Xen is using HAP (EPT or NPT), then no; the guest pagetables are not
treated specially.  If it''s using shadow pagetables, then it''s
mostly
true -- some pagetables are not read-only and some updates don''t cause
traps, but most are and do.

Cheers,

Tim.
> On Wed, Jun 15, 2011 at 5:05 AM, Tim Deegan <Tim.Deegan@citrix.com>
wrote:
> 
> > At 11:38 -0500 on 14 Jun (1308051493), Srujan Kotikela wrote:
> > > Hi Tim,
> > >
> > > I am trying to implement a secure architecture where a
process''
> > (selected)
> > > memory pages have to be set as read-only. The process will send
the
> > virtual
> > > address of pages required (through a custom hypercall) to be set
> > read-only.
> > > I need to compute the physical address of the pages and set them
> > read-only.
> >
> > Thanks.  In that case I suspect the memory event hypercalls are what
you
> > need.  They allow access rights on guest frames to be set from a tool
in
> > dom0.  They only work on EPT, though.
> >
> > Tim.
> >
> > > On Tue, Jun 14, 2011 at 3:14 AM, Tim Deegan
<Tim.Deegan@citrix.com>
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > At 14:52 -0500 on 13 Jun (1307976734), Srujan Kotikela
wrote:
> > > > > Does Xen provide any mechanism to set read-only
access/lock on
> > guest''s
> > > > > pages?
> > > >
> > > > Yes, Xen has lots of code that makes guest memory read-only
for various
> > > > reasons, and one of them might be suitable.  What''s
your overall goal?
> > > >
> > > > (BTW, you might want to read
> > > > http://wiki.xensource.com/xenwiki/AskingXenDevelQuestions)
> > > >
> > > > Cheers,
> > > >
> > > > Tim.
> > > >
> > > > --
> > > > Tim Deegan <Tim.Deegan@citrix.com>
> > > > Principal Software Engineer, Xen Platform Team
> > > > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> > > >
> >
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.xensource.com
> > > http://lists.xensource.com/xen-devel
> >
> >
> > --
> > Tim Deegan <Tim.Deegan@citrix.com>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)
> >
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel