From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: Writes to guests' page table pages + mem_events Date: Mon, 4 Nov 2013 17:40:50 +0000 Message-ID: <5277DC22.9060005@citrix.com> References: <5277DA22.4090600@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <5277DA22.4090600@gmail.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Razvan Cojocaru Cc: "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org On 04/11/13 17:32, Razvan Cojocaru wrote: > Hello, > > looking at pages 6 and 7 of this document: > > http://www-archive.xenproject.org/files/summit_3/XenSummit_Shadow2.pdf > > I see that instructions writing to the page table pages of a guest are > emulated by Xen. > > Does this mean that, assuming that I make a page table page read-only, I > will _not_ receive a mem_event if the guest tries to write to said page? > > > Thanks. A PV guest never has write access to its pagetables. A PV guest able to modify its own pagetables without audit from Xen would be a serious security vulnerability. An HVM guest completely controls its own pagetables, and protection is provided by HAP. Shadow is a little more awkward where a guest has pagetables which it believes it owns but doesn't. A shadow guest will fault on pagetable access but Xen will fix up. ~Andrew > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel