[Lguest] Lguest modification.

Sujit Sanjeev sujit771 at gmail.com
Fri Oct 26 08:49:15 EST 2007


Its exactly the first one that I want, NOT the second option, i.e. I don't
even want the guest to be able
to read its value. So I guess my assumption was correct, i.e. store values
in ordinary host variables and make the
guest call a new hypercall, which I would have added. This hypercall does
not return the values of those variables,
but uses them to perform certain operations and returns the result of the
operations to the guest.

Can the same be done with another level of indirection? i.e. if I want
something to be inaccessible to the host itself,
can I store the values in the address space of the hypervisor? and make the
host make special calls
to the hypervisor? I am assuming that the host cannot alter the data stored
in the address space of the hypervisor.

So here I want to exploit the address space isolation achieved between the
hypervisor and the host similar to the
isolation achieved between the host and the guests.

Thanks again!
Cheers!
Sujit


On 10/25/07, Glauber de Oliveira Costa <glommer at gmail.com> wrote:
>
> On 10/25/07, Sujit Sanjeev <sujit771 at gmail.com> wrote:
> > Hi All,
> >
> > The comments for the file /drivers/lguest/lguest.c mentions:
> >
> > "One way would be to put the "irq_enabled" field in a page by itself,
> and
> > have the Host write-protect it when an interrupt comes in when irqs are
> > disabled.
> >  There will then be a page fault as soon as interrupts are re-enabled. "
> >
> > I want to do something similar, nothing related to interrupts ,but I
> would
> > like to:
> >
> > 1. Store some data (variable or constant) in a host protected or
> hypervisor
> > protected memory area, maybe in a page by itself.
> >
> > 2. If the guest needs the value of this variable, it must make a
> hypercall
> > and the host must return the value. For this I would like to add a new
> > hypercall.
> >     Basically, I don't want the guest getting direct access to that
> > variable, i.e. it should not be stored in the guest's memory address
> space.
> >
> I don't know exactly what you're trying to do, but it seems to me that
> you either:
> a) Want something to be completely invisible to the guest, in which
> case you don't need to put it on a separate page, special address, or
> anything. Just keep in the host structures, and issue a hypercall when
> you need it. It is the way most values are used currently in lguest.
>
> b) Want something visible to the guest. (but not writable), in which
> case you just need to read it when you want. Issuing a hypercall here
> is unnecessary and expensive.
>
> In both scenarios, your 1) and 2) seem mutually excludent.
>
> --
> Glauber de Oliveira Costa.
> "Free as in Freedom"
> http://glommer.net
>
> "The less confident you are, the more serious you have to act."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/lguest/attachments/20071025/b4ca2537/attachment.htm>


More information about the Lguest mailing list