Hi all,
Recently, I read codes about the shadow page table. I''m wondering
whether the kernel has provided the function to revoke write access of all the
shadows of one domain. If you know one with this function, please tell me about
it. Thanks.
BTW, I have my own idea to implement this. My idea is as follows:
void sh_revoke_write_access_all(struct domain *d)
{
foreach_pinned_shadow(d, sp, t)
{
According to sp->u.sh.type, (like SH_type_l1_32_shadow ......), get
each entry (shadow_l1e_get_flags) of the page table. Changes the flags to read
only and then write the page table entry back (shadow_set_l1e).
When going through the page table, I can use SHADOW_FOREACH_L1E (L2E,
L3E, L4E) macro.
However, I have one question. When dealing with shadow page table L2, L3,
L4, can I use the same way as L1 page table to change flags and set flags ?
}
}
Do you think my idea is possible? Thanks for giving me some suggestions.
Best,
Ming
At 16:18 -0400 on 26 Jul (1343319518), lmingcsce wrote:> Hi all, > Recently, I read codes about the shadow page table. I''m wondering whether the kernel has provided the function to revoke write access of all the shadows of one domain. If you know one with this function, please tell me about it. Thanks. > BTW, I have my own idea to implement this. My idea is as follows: > void sh_revoke_write_access_all(struct domain *d) > { > foreach_pinned_shadow(d, sp, t) > { > > According to sp->u.sh.type, (like SH_type_l1_32_shadow ......), get each entry (shadow_l1e_get_flags) of the page table. Changes the flags to read only and then write the page table entry back (shadow_set_l1e). > When going through the page table, I can use SHADOW_FOREACH_L1E (L2E, L3E, L4E) macro. > However, I have one question. When dealing with shadow page table L2, L3, L4, can I use the same way as L1 page table to change flags and set flags ? > > } > } > Do you think my idea is possible? Thanks for giving me some suggestions.Yes, that should work. But since the shadow pagetables never use superpages, you should only adjust the entries in type_l1* pages; there''s no need to touch L2, L3 or L4. Cheers, Tim.
Thanks. From shadow_blow_tables function of the log dirty mode mechanism, I find it uses this way. However, through debugging foreach_pinned_shadow(d, sp, t), I find that all the pages I get are L2_pae_shadow or L2h_page_shadow, there is no L1 page type. Can you help explain why this happen? If so, how can I get all the L1 page type of one domain? What I want to do is to set all the shadow tables as read only. Best, On Aug 2, 2012, at 6:47 AM, Tim Deegan wrote:>> void sh_revoke_write_access_all(struct domain *d) >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
At 09:35 -0400 on 04 Aug (1344072926), lmingcsce wrote:> From shadow_blow_tables function of the log dirty mode mechanism, I > find it uses this way. However, through debugging > foreach_pinned_shadow(d, sp, t), I find that all the pages I get are > L2_pae_shadow or L2h_page_shadow, there is no L1 page type. > Can you help explain why this happen?shadow_blow_tables() only touches the topmost tables (i.e. on PAE, L2, and on 64-bit, L4). What it does is drop the reference count on the tables (or clear their entries), and lets the reference-counting mechanism take care of clearing and freeing the lower-level tables that they point to.> If so, how can I get all the L1 page type of one domain? What I want > to do is to set all the shadow tables as read only.To get at all the L1 entries, you should use hash_foreach(), with a mask and callbacks that contain all the L1 types. You can copy that from sh_remove_write_access() or sh_remove_all_mappings(), but you''ll need to make a new callback function (in multi.c) to handle each L1 page. Cheers, Tim.