<div>Its exactly the first one that I want, NOT the second option, i.e. I don't even want the guest to be able</div>
<div>to read its value. So I guess my assumption was correct, i.e. store values in ordinary host variables and make the</div>
<div>guest call a new hypercall, which I would have added. This hypercall does not return the values of those variables,</div>
<div>but uses them to perform certain operations and returns the result of the operations to the guest. </div>
<div> </div>
<div>Can the same be done with another level of indirection? i.e. if I want something to be inaccessible to the host itself, </div>
<div>can I store the values in the address space of the hypervisor? and make the host make special calls</div>
<div>to the hypervisor? I am assuming that the host cannot alter the data stored in the address space of the hypervisor.</div>
<div> </div>
<div>So here I want to exploit the address space isolation achieved between the hypervisor and the host similar to the</div>
<div>isolation achieved between the host and the guests.</div>
<div> </div>
<div>Thanks again!</div>
<div>Cheers!</div>
<div>Sujit<br><br> </div>
<div><span class="gmail_quote">On 10/25/07, <b class="gmail_sendername">Glauber de Oliveira Costa</b> <<a href="mailto:glommer@gmail.com">glommer@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On 10/25/07, Sujit Sanjeev <<a href="mailto:sujit771@gmail.com">sujit771@gmail.com</a>> wrote:<br>> Hi All,
<br>><br>> The comments for the file /drivers/lguest/lguest.c mentions:<br>><br>> "One way would be to put the "irq_enabled" field in a page by itself, and<br>> have the Host write-protect it when an interrupt comes in when irqs are
<br>> disabled.<br>> There will then be a page fault as soon as interrupts are re-enabled. "<br>><br>> I want to do something similar, nothing related to interrupts ,but I would<br>> like to:<br>><br>
> 1. Store some data (variable or constant) in a host protected or hypervisor<br>> protected memory area, maybe in a page by itself.<br>><br>> 2. If the guest needs the value of this variable, it must make a hypercall
<br>> and the host must return the value. For this I would like to add a new<br>> hypercall.<br>> Basically, I don't want the guest getting direct access to that<br>> variable, i.e. it should not be stored in the guest's memory address space.
<br>><br>I don't know exactly what you're trying to do, but it seems to me that<br>you either:<br>a) Want something to be completely invisible to the guest, in which<br>case you don't need to put it on a separate page, special address, or
<br>anything. Just keep in the host structures, and issue a hypercall when<br>you need it. It is the way most values are used currently in lguest.<br><br>b) Want something visible to the guest. (but not writable), in which
<br>case you just need to read it when you want. Issuing a hypercall here<br>is unnecessary and expensive.<br><br>In both scenarios, your 1) and 2) seem mutually excludent.<br><br>--<br>Glauber de Oliveira Costa.<br>"Free as in Freedom"
<br><a href="http://glommer.net">http://glommer.net</a><br><br>"The less confident you are, the more serious you have to act."<br></blockquote></div><br>