Hi,
I am trying to change attributes of a page from Dom0. The reason is
that I want to make a kernel module completely read-only to other
parts of kernel. I will update it from hypervisor itself. I have tried
to do this by this code:
// I have the mfn of the page in Dom0''s address space.
void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) {
unsigned long gfn = mfn_to_gfn(p2m->domain,mfn);
p2m_type_t p2mt;
p2m_access_t p2ma;
p2m_lock(p2m);
p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query);
p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx);
p2m_unlock(p2m);
}
But whenever it runs Dom0 restarts. I am not even sure this is the
right way to do this. I am grateful for any help!
Best Regards
Mohamad Rezaei
-------------------
ICT Research Center
Amirkabir University of Technology
Hi, At 10:22 +0330 on 09 Jan (1326104566), Mohamad Rezaei wrote:> Hi, > > I am trying to change attributes of a page from Dom0.Do you mean a page of dom0''s memory?> The reason is > that I want to make a kernel module completely read-only to other > parts of kernel. I will update it from hypervisor itself. I have tried > to do this by this code: > > // I have the mfn of the page in Dom0''s address space. > void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) { > unsigned long gfn = mfn_to_gfn(p2m->domain,mfn); > p2m_type_t p2mt; > p2m_access_t p2ma; > p2m_lock(p2m); > p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query); > p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx); > p2m_unlock(p2m); > }That looks plausible for a HVM guest, but dom0 is a PV guest and doesn''t have a p2m table, so you''re likely to crash Xen if you try to to this to dom0. Do you have a serial console set up on your test machine? It''s _very_ useful for finding out why the system crashed, since Xen will usually print a backtrace when it crashes.> But whenever it runs Dom0 restarts. I am not even sure this is the > right way to do this. I am grateful for any help!To do this to dom0 you could (a) get dom0 to make the memory read-only in its own pagetables; and (b) enforce that read-only property in the PTE validation code in mm.c Or you could run dom0 under shadow pagetables and enforce the read-only property in _sh_propagate(). That will have a performace hit, though. Cheers, Tim.
I have started Dom0 with dom0_shadow=1. So it must be running with a read-only page table. I thought p2m is responsible for updating the dom0's page-table. I have looked at _sh_propagate() but I couldn't find any option to change page attributes like RWX. Best Regards Mohamad Rezaei ------------------- ICT Research Center Amirkabir University of Technology On Mon, Jan 9, 2012 at 1:39 PM, Tim Deegan <tim@xen.org> wrote:> Hi, > > At 10:22 +0330 on 09 Jan (1326104566), Mohamad Rezaei wrote: >> Hi, >> >> I am trying to change attributes of a page from Dom0. > > Do you mean a page of dom0's memory? > >> The reason is >> that I want to make a kernel module completely read-only to other >> parts of kernel. I will update it from hypervisor itself. I have tried >> to do this by this code: >> >> // I have the mfn of the page in Dom0's address space. >> void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) { >> unsigned long gfn = mfn_to_gfn(p2m->domain,mfn); >> p2m_type_t p2mt; >> p2m_access_t p2ma; >> p2m_lock(p2m); >> p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query); >> p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx); >> p2m_unlock(p2m); >> } > > That looks plausible for a HVM guest, but dom0 is a PV guest and doesn't > have a p2m table, so you're likely to crash Xen if you try to to this > to dom0. > > Do you have a serial console set up on your test machine? It's _very_ > useful for finding out why the system crashed, since Xen will usually > print a backtrace when it crashes. > >> But whenever it runs Dom0 restarts. I am not even sure this is the >> right way to do this. I am grateful for any help! > > To do this to dom0 you could > (a) get dom0 to make the memory read-only in its own pagetables; and > (b) enforce that read-only property in the PTE validation code in mm.c > > Or you could run dom0 under shadow pagetables and enforce the read-only > property in _sh_propagate(). That will have a performace hit, though. > > Cheers, > > Tim._______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi, Please don''t top-post. At 14:41 +0330 on 09 Jan (1326120068), Mohamad Rezaei wrote:> I have started Dom0 with dom0_shadow=1. So it must be running with a > read-only page table. I thought p2m is responsible for updating the > dom0''s page-table.PV guests don''t have p2m in the hypervisor -- they take care of their own p2m translations and make pagetables that already point to machihe addresses.> I have looked at _sh_propagate() but I couldn''t > find any option to change page attributes like RWX.Look again. :) That function makes the PTE that the hardware will see. So all you need to do is mask _PAGE_RW out of the sflags when you see an l1 entry where target_mfn is one of the MFNs you''re protecting. Look at how log-dirty is handled, for example. Of course, once you''ve done that, you also need to handle the pagefaults that will happen if the guest writes to that memory! Tim.