About revoke write access of all the shadows

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* About revoke write access of all the shadows
@ 2012-07-26 20:18 lmingcsce
  2012-08-02 10:47 ` Tim Deegan
  0 siblings, 1 reply; 4+ messages in thread
From: lmingcsce @ 2012-07-26 20:18 UTC (permalink / raw)
  To: xen-devel

Hi all,
Recently, I read codes about the shadow page table. I'm wondering whether the kernel has provided the function to revoke write access of all the shadows of one domain. If you know one with this function, please tell me about it. Thanks.
BTW, I have my own idea to implement this. My idea is as follows: 
void sh_revoke_write_access_all(struct domain *d)
{
    foreach_pinned_shadow(d, sp, t)
    {

       According to sp->u.sh.type, (like SH_type_l1_32_shadow ......), get each entry (shadow_l1e_get_flags) of the page table. Changes the flags to read only and then write the page table entry back (shadow_set_l1e).
       When going through the page table, I can use SHADOW_FOREACH_L1E (L2E, L3E, L4E) macro. 
       However, I have one question. When dealing with shadow page table L2, L3, L4, can I use the same way as L1 page table to change flags and set flags ?

    }
}
Do you think my idea is possible? Thanks for giving me some suggestions.

Best,
Ming 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: About revoke write access of all the shadows
  2012-07-26 20:18 About revoke write access of all the shadows lmingcsce
@ 2012-08-02 10:47 ` Tim Deegan
  2012-08-04 13:35   ` lmingcsce
  0 siblings, 1 reply; 4+ messages in thread
From: Tim Deegan @ 2012-08-02 10:47 UTC (permalink / raw)
  To: lmingcsce; +Cc: xen-devel

At 16:18 -0400 on 26 Jul (1343319518), lmingcsce wrote:
> Hi all,
> Recently, I read codes about the shadow page table. I'm wondering whether the kernel has provided the function to revoke write access of all the shadows of one domain. If you know one with this function, please tell me about it. Thanks.
> BTW, I have my own idea to implement this. My idea is as follows: 
> void sh_revoke_write_access_all(struct domain *d)
> {
>     foreach_pinned_shadow(d, sp, t)
>     {
> 
>        According to sp->u.sh.type, (like SH_type_l1_32_shadow ......), get each entry (shadow_l1e_get_flags) of the page table. Changes the flags to read only and then write the page table entry back (shadow_set_l1e).
>        When going through the page table, I can use SHADOW_FOREACH_L1E (L2E, L3E, L4E) macro. 
>        However, I have one question. When dealing with shadow page table L2, L3, L4, can I use the same way as L1 page table to change flags and set flags ?
> 
>     }
> }
> Do you think my idea is possible? Thanks for giving me some suggestions.

Yes, that should work.  But since the shadow pagetables never use
superpages, you should only adjust the entries in type_l1* pages;
there's no need to touch L2, L3 or L4.

Cheers,

Tim.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: About revoke write access of all the shadows
  2012-08-02 10:47 ` Tim Deegan
@ 2012-08-04 13:35   ` lmingcsce
  2012-08-07  9:40     ` Tim Deegan
  0 siblings, 1 reply; 4+ messages in thread
From: lmingcsce @ 2012-08-04 13:35 UTC (permalink / raw)
  To: Tim Deegan; +Cc: xen-devel

[-- Attachment #1.1: Type: text/plain, Size: 541 bytes --]

Thanks. 
From shadow_blow_tables function of the log dirty mode mechanism, I find it uses this way. However, through debugging foreach_pinned_shadow(d, sp, t), I find that all the pages I get are L2_pae_shadow or L2h_page_shadow, there is no L1 page type. 
Can you help explain why this happen? If so, how can I get all the L1 page type of one domain? What I want to do is to set all the shadow tables as read only.

Best,

On Aug 2, 2012, at 6:47 AM, Tim Deegan wrote:

>> void sh_revoke_write_access_all(struct domain *d)
> 

[-- Attachment #1.2: Type: text/html, Size: 1465 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: About revoke write access of all the shadows
  2012-08-04 13:35   ` lmingcsce
@ 2012-08-07  9:40     ` Tim Deegan
  0 siblings, 0 replies; 4+ messages in thread
From: Tim Deegan @ 2012-08-07  9:40 UTC (permalink / raw)
  To: lmingcsce; +Cc: xen-devel

At 09:35 -0400 on 04 Aug (1344072926), lmingcsce wrote:
> From shadow_blow_tables function of the log dirty mode mechanism, I
> find it uses this way. However, through debugging
> foreach_pinned_shadow(d, sp, t), I find that all the pages I get are
> L2_pae_shadow or L2h_page_shadow, there is no L1 page type.
> Can you help explain why this happen?

shadow_blow_tables() only touches the topmost tables (i.e. on PAE, L2,
and on 64-bit, L4).  What it does is drop the reference count on the
tables (or clear their entries), and lets the reference-counting
mechanism take care of clearing and freeing the lower-level tables that
they point to.

> If so, how can I get all the L1 page type of one domain? What I want
> to do is to set all the shadow tables as read only.

To get at all the L1 entries, you should use hash_foreach(), with a 
mask and callbacks that contain all the L1 types.  You can copy that
from sh_remove_write_access() or sh_remove_all_mappings(), but you'll
need to make a new callback function (in multi.c) to handle each L1
page.

Cheers,

Tim.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2012-08-07  9:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-07-26 20:18 About revoke write access of all the shadows lmingcsce
2012-08-02 10:47 ` Tim Deegan
2012-08-04 13:35   ` lmingcsce
2012-08-07  9:40     ` Tim Deegan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).