Re: Writes to guests' page table pages + mem_events

Re: Writes to guests' page table pages + mem_events

[Andres Lagar-Cavilla]

[-- Attachment #1.1: Type: text/plain, Size: 1264 bytes --]

> On 04/11/13 17:32, Razvan Cojocaru wrote:
>> Hello,
>> 
>> looking at pages 6 and 7 of this document:
>> 
>> http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf
>> 
>> I see that instructions writing to the page table pages of a guest are
>> emulated by Xen.
>> 
>> Does this mean that, assuming that I make a page table page read-only, I
>> will _not_ receive a mem_event if the guest tries to write to said page?
>> 
>> 
>> Thanks.
> 
> A PV guest never has write access to its pagetables.  A PV guest able to
> modify its own pagetables without audit from Xen would be a serious
> security vulnerability.
Aravindh Puthiyaparambil is trying to implement mem_event for PV: http://lists.xen.org/archives/html/xen-devel/2013-10/msg02623.html

A shadow PT based implementation can (hand waving) capture emulated PT writes.
> 
> An HVM guest completely controls its own pagetables, and protection is
> provided by HAP.  Shadow is a little more awkward where a guest has
> pagetables which it believes it owns but doesn't.  A shadow guest will
> fault on pagetable access but Xen will fix up.

The corollary is that an HVM guest will generate mem_events when writing to its own page tables.

Andres
> 
> ~Andrew


[-- Attachment #1.2: Type: text/html, Size: 2050 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: Writes to guests' page table pages + mem_events

[Tim Deegan]

Hi, 

At 19:32 +0200 on 04 Nov (1383589938), Razvan Cojocaru wrote:
> looking at pages 6 and 7 of this document:
> 
> http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf
> 
> I see that instructions writing to the page table pages of a guest are
> emulated by Xen.
> 
> Does this mean that, assuming that I make a page table page read-only, I
> will _not_ receive a mem_event if the guest tries to write to said page?

No, it doesn't.  That document describes the shadow-pagetable
mechanism, which is currently incompatible with mem_event (the
mem_event hypercalls check that the guest is using HAP).

Aravindh is looking into making (some parts of) mem_event work with
PV guests in shadow mode; that will prbably use a quite different
mechanims, closer to how log-dirty mode works.


Cheers,

Tim.

Re: Writes to guests' page table pages + mem_events

[Andrew Cooper]

On 04/11/13 17:32, Razvan Cojocaru wrote:
> Hello,
>
> looking at pages 6 and 7 of this document:
>
> http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf
>
> I see that instructions writing to the page table pages of a guest are
> emulated by Xen.
>
> Does this mean that, assuming that I make a page table page read-only, I
> will _not_ receive a mem_event if the guest tries to write to said page?
>
>
> Thanks.

A PV guest never has write access to its pagetables.  A PV guest able to
modify its own pagetables without audit from Xen would be a serious
security vulnerability.

An HVM guest completely controls its own pagetables, and protection is
provided by HAP.  Shadow is a little more awkward where a guest has
pagetables which it believes it owns but doesn't.  A shadow guest will
fault on pagetable access but Xen will fix up.

~Andrew

>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

Writes to guests' page table pages + mem_events

[Razvan Cojocaru]

Hello,

looking at pages 6 and 7 of this document:

http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf

I see that instructions writing to the page table pages of a guest are
emulated by Xen.

Does this mean that, assuming that I make a page table page read-only, I
will _not_ receive a mem_event if the guest tries to write to said page?


Thanks.