[Lguest] Lguest modification.

Sujit Sanjeev sujit771 at gmail.com
Fri Oct 26 05:48:33 EST 2007


Hi Ron,

Thanks a lot for your reply. The 9P solution looks cool, but my requirement
is that the guest should not see these variables
values itself. Sorry for not being clear.

My requirement is that the guest issues a request to the host and the host
uses these variables and does some manipulation
to satisfy the guests's request. Basically, since the guest cannot see these
variables, it should "ask" the host to perform actions on its behalf since
the host can only see those "special" variables.
With 9P, though the in-kernel server will have those values, the guest could
still see their values by say Cat'ing the file.

I was under the impression that I could add a new hypercall, in which the
host does these extra manipulations using those
variables (stored in the host's memory address space) and make the guest
call these hypercalls to get the desired result.
Basically I want to exploit the memory address isolation provided by VMMs
between guests and host.
So in this case, the "special" variables are only in the address space of
the host and not the guest.

Please let me know if my understanding/approach is correct.

Thanks and Regards,
Sujit


On 10/25/07, ron minnich <rminnich at gmail.com> wrote:
>
> On 10/25/07, Sujit Sanjeev <sujit771 at gmail.com> wrote:
>
> > 1. Store some data (variable or constant) in a host protected or
> hypervisor
> > protected memory area, maybe in a page by itself.
>
> you don't need to worry about this 'page' thing if there is not issue
> of guest access.
>
> >
> > 2. If the guest needs the value of this variable, it must make a
> hypercall
> > and the host must return the value. For this I would like to add a new
> > hypercall.
> >     Basically, I don't want the guest getting direct access to that
> > variable, i.e. it should not be stored in the guest's memory address
> space.
>
>
> You might look at a 9p server for this purpose. You could create an
> in-kernel server that manages these variables. The variables can be
> exported to the guest over a 9p-based virtio  connection. The guest
> can mount that 9p connection somewhere in its file system. These
> variables thus end up looking like a file system tree to the guest;
> reading a variable can look like cat'ing a file. See Luchos' mods for
> recent lguest support for in-kernel 9p servers. You could set up a
> virtio server for your variables.
>
> Just, please, don't
> 1. use XML as a data format
> 2. recreate the Xen store. The Xen store, while it seemed a good idea,
> is a whole collection of lessons on what not to do.
>
> ron
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/lguest/attachments/20071025/78fb090a/attachment.htm>


More information about the Lguest mailing list