From mboxrd@z Thu Jan 1 00:00:00 1970 From: Francisco Rocha Subject: Re: reserve e820 ram Date: Wed, 18 Apr 2012 18:10:13 +0100 Message-ID: <4F8EF575.6000002@newcastle.ac.uk> References: <20120405103729.GE14774@ocelot.phlegethon.org> <20120411115849.GA14661@ocelot.phlegethon.org> <5E615268CEC26C4E920B9D9911A2307C0345ECC5B6A0@EXCCR03.campus.ncl.ac.uk> <20120418120236.GB7013@ocelot.phlegethon.org> <4F8ED17C.4090203@newcastle.ac.uk> <20120418164351.GS7013@ocelot.phlegethon.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20120418164351.GS7013@ocelot.phlegethon.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Tim Deegan Cc: "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org On 04/18/2012 05:43 PM, Tim Deegan wrote: > > At 15:36 +0100 on 18 Apr (1334763404), Francisco Rocha wrote: > > Hi Tim, > > > > I was thinking about changing my approach. > > > > I think that for now I will leave those pages off because I am > > mostly interested in protecting other areas. > > > > Those accesses for now are inevitable to get the VM to properly > > operate. Now, the question is if it is possible to use page table > > entries to do what I want to do. > > > > The objective would be to use a bit flag that would determine if > > the pages are returned when a call to map_foreign_range is made. > > So, my final objective would be that only pages used for the three > > operations you describe are accessible to Dom0. > > Everything that is not BIOS and related, Qemu or PV backend > > drivers will not be returned. > > > > From what I see in the header files you use 12-bits from a 24-bit > > flag (x86_64). Can we do it? This would again take us to controlling > > access at get_page_from_l1e(), right? > > Are you talking about the count_info and type_info fields? yes, I think > you can probably put a new flag or two in there. > I was thinking about the ones used in page table entries (_PAGE_PRESENT|RW, etc). So, I can do the type of control I want to achieve using type_info, maybe the flags I was thinking about are not the best option for what I want. > > Choosing which pages > qemu can map will be interesting, though -- it needs to map anything the > VM uses for I/O. But maybe you can just define the things you protect > and declare taht they can't be used for I/O. That sounds easier. :) > The objective is to protect the kernel and its data structures. That is why I was considering the flags I previously mentioned. There is one denominated _PAGE_GUEST_KERNEL. I see that we have them all available. int get_page_from_l1e(...) ... struct page_info *page = mfn_to_page(mfn); uint32_t l1f = l1e_get_flags(l1e); ... Which flags do you recommend I use to try this out? > > > Cheers, > > Tim. > > Thank you, Francisco