Hello, looking at pages 6 and 7 of this document: http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf I see that instructions writing to the page table pages of a guest are emulated by Xen. Does this mean that, assuming that I make a page table page read-only, I will _not_ receive a mem_event if the guest tries to write to said page? Thanks.
On 04/11/13 17:32, Razvan Cojocaru wrote:> Hello, > > looking at pages 6 and 7 of this document: > > http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf > > I see that instructions writing to the page table pages of a guest are > emulated by Xen. > > Does this mean that, assuming that I make a page table page read-only, I > will _not_ receive a mem_event if the guest tries to write to said page? > > > Thanks.A PV guest never has write access to its pagetables. A PV guest able to modify its own pagetables without audit from Xen would be a serious security vulnerability. An HVM guest completely controls its own pagetables, and protection is provided by HAP. Shadow is a little more awkward where a guest has pagetables which it believes it owns but doesn''t. A shadow guest will fault on pagetable access but Xen will fix up. ~Andrew> > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
Andres Lagar-Cavilla
2013-Nov-04 18:05 UTC
Re: Writes to guests'' page table pages + mem_events
> On 04/11/13 17:32, Razvan Cojocaru wrote: >> Hello, >> >> looking at pages 6 and 7 of this document: >> >> http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf >> >> I see that instructions writing to the page table pages of a guest are >> emulated by Xen. >> >> Does this mean that, assuming that I make a page table page read-only, I >> will _not_ receive a mem_event if the guest tries to write to said page? >> >> >> Thanks. > > A PV guest never has write access to its pagetables. A PV guest able to > modify its own pagetables without audit from Xen would be a serious > security vulnerability.Aravindh Puthiyaparambil is trying to implement mem_event for PV: http://lists.xen.org/archives/html/xen-devel/2013-10/msg02623.html A shadow PT based implementation can (hand waving) capture emulated PT writes.> > An HVM guest completely controls its own pagetables, and protection is > provided by HAP. Shadow is a little more awkward where a guest has > pagetables which it believes it owns but doesn''t. A shadow guest will > fault on pagetable access but Xen will fix up.The corollary is that an HVM guest will generate mem_events when writing to its own page tables. Andres> > ~Andrew_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Hi, At 19:32 +0200 on 04 Nov (1383589938), Razvan Cojocaru wrote:> looking at pages 6 and 7 of this document: > > http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf > > I see that instructions writing to the page table pages of a guest are > emulated by Xen. > > Does this mean that, assuming that I make a page table page read-only, I > will _not_ receive a mem_event if the guest tries to write to said page?No, it doesn''t. That document describes the shadow-pagetable mechanism, which is currently incompatible with mem_event (the mem_event hypercalls check that the guest is using HAP). Aravindh is looking into making (some parts of) mem_event work with PV guests in shadow mode; that will prbably use a quite different mechanims, closer to how log-dirty mode works. Cheers, Tim.