changing attributes of a page!

changing attributes of a page!

[Mohamad Rezaei]

Hi,

I am trying to change attributes of a page from Dom0. The reason is
that I want to make a kernel module completely read-only to other
parts of kernel. I will update it from hypervisor itself. I have tried
to do this by this code:

// I have the mfn of the page in Dom0's address space.
void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) {
    unsigned long gfn = mfn_to_gfn(p2m->domain,mfn);
    p2m_type_t p2mt;
    p2m_access_t p2ma;
    p2m_lock(p2m);
    p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query);
    p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx);
    p2m_unlock(p2m);
}

But whenever it runs Dom0 restarts. I am not even sure this is the
right way to do this. I am grateful for any help!

Best Regards
Mohamad Rezaei
-------------------
ICT Research Center
Amirkabir University of Technology

Re: changing attributes of a page!

[Tim Deegan]

Hi, 

At 10:22 +0330 on 09 Jan (1326104566), Mohamad Rezaei wrote:
> Hi,
> 
> I am trying to change attributes of a page from Dom0.

Do you mean a page of dom0's memory? 

> The reason is
> that I want to make a kernel module completely read-only to other
> parts of kernel. I will update it from hypervisor itself. I have tried
> to do this by this code:
> 
> // I have the mfn of the page in Dom0's address space.
> void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) {
>     unsigned long gfn = mfn_to_gfn(p2m->domain,mfn);
>     p2m_type_t p2mt;
>     p2m_access_t p2ma;
>     p2m_lock(p2m);
>     p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query);
>     p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx);
>     p2m_unlock(p2m);
> }

That looks plausible for a HVM guest, but dom0 is a PV guest and doesn't
have a p2m table, so you're likely to crash Xen if you try to to this
to dom0.

Do you have a serial console set up on your test machine?  It's _very_
useful for finding out why the system crashed, since Xen will usually
print a backtrace when it crashes. 

> But whenever it runs Dom0 restarts. I am not even sure this is the
> right way to do this. I am grateful for any help!

To do this to dom0 you could
 (a) get dom0 to make the memory read-only in its own pagetables; and
 (b) enforce that read-only property in the PTE validation code in mm.c

Or you could run dom0 under shadow pagetables and enforce the read-only
property in _sh_propagate().  That will have a performace hit, though. 

Cheers,

Tim.

Re: changing attributes of a page!

[Mohamad Rezaei]

I have started Dom0 with dom0_shadow=1. So it must be running with a
read-only page table. I thought p2m is responsible for updating the
dom0's page-table. I have looked at _sh_propagate() but I couldn't
find any option to change page attributes like RWX.

Best Regards
Mohamad Rezaei
-------------------
ICT Research Center
Amirkabir University of Technology



On Mon, Jan 9, 2012 at 1:39 PM, Tim Deegan <tim@xen.org> wrote:
> Hi,
>
> At 10:22 +0330 on 09 Jan (1326104566), Mohamad Rezaei wrote:
>> Hi,
>>
>> I am trying to change attributes of a page from Dom0.
>
> Do you mean a page of dom0's memory?
>
>> The reason is
>> that I want to make a kernel module completely read-only to other
>> parts of kernel. I will update it from hypervisor itself. I have tried
>> to do this by this code:
>>
>> // I have the mfn of the page in Dom0's address space.
>> void hamed_set_entry(struct p2m_domain *p2m, mfn_t mfn) {
>>     unsigned long gfn = mfn_to_gfn(p2m->domain,mfn);
>>     p2m_type_t p2mt;
>>     p2m_access_t p2ma;
>>     p2m_lock(p2m);
>>     p2m->get_entry(p2m, gfn, &p2mt, &p2ma, p2m_query);
>>     p2m->set_entry(p2m, gfn, mfn, 0, p2mt, p2m_access_rwx);
>>     p2m_unlock(p2m);
>> }
>
> That looks plausible for a HVM guest, but dom0 is a PV guest and doesn't
> have a p2m table, so you're likely to crash Xen if you try to to this
> to dom0.
>
> Do you have a serial console set up on your test machine?  It's _very_
> useful for finding out why the system crashed, since Xen will usually
> print a backtrace when it crashes.
>
>> But whenever it runs Dom0 restarts. I am not even sure this is the
>> right way to do this. I am grateful for any help!
>
> To do this to dom0 you could
>  (a) get dom0 to make the memory read-only in its own pagetables; and
>  (b) enforce that read-only property in the PTE validation code in mm.c
>
> Or you could run dom0 under shadow pagetables and enforce the read-only
> property in _sh_propagate().  That will have a performace hit, though.
>
> Cheers,
>
> Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: changing attributes of a page!

[Tim Deegan]

Hi, 

Please don't top-post. 

At 14:41 +0330 on 09 Jan (1326120068), Mohamad Rezaei wrote:
> I have started Dom0 with dom0_shadow=1. So it must be running with a
> read-only page table. I thought p2m is responsible for updating the
> dom0's page-table.

PV guests don't have p2m in the hypervisor -- they take care of their
own p2m translations and make pagetables that already point to machihe
addresses.

> I have looked at _sh_propagate() but I couldn't
> find any option to change page attributes like RWX.

Look again. :)  That function makes the PTE that the hardware will
see.  So all you need to do is mask _PAGE_RW out of the sflags when you
see an l1 entry where target_mfn is one of the MFNs you're protecting.
Look at how log-dirty is handled, for example. 

Of course, once you've done that, you also need to handle the pagefaults
that will happen if the guest writes to that memory!

Tim.