In the default mode of operation, Xen enforces read-only access to
page tables and requires guest operating systems to explicitly request
any modifications. Xen validates all such requests and only applies
updates that it deems safe. This is necessary to prevent domains from
adding arbitrary mappings to their page tables.
To aid validation, Xen associates a type and reference count with each
memory page. A page has one of the following mutually-exclusive types
at any point in time: page directory (PD), page table ( PT), local descriptor table (LDT), global descriptor table
(GDT), or writable (RW). Note that a guest OS may always
create readable mappings of its own memory regardless of its current
type.
This mechanism is used to maintain the invariants required for safety;
for example, a domain cannot have a writable mapping to any part of a
page table as this would require the page concerned to simultaneously
be of types PT and RW.
mmu_update(mmu_update_t *req, int count, int *success_count, domid_t domid)
This hypercall is used to make updates to either the domain's
pagetables or to the machine to physical mapping table. It supports
submitting a queue of updates, allowing batching for maximal
performance. Explicitly queuing updates using this interface will
cause any outstanding writable pagetable state to be flushed from the
system.
