On Thursday, January 18, 2018 at 2:06:08 AM UTC+1, Marek Marczykowski-Górecki wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Sun, Jan 14, 2018 at 03:24:04AM -0800, Vít Šesták wrote: > > But it could be useful to use 32-bit stubdoms for those reasons. They do > > rather I/O-bound work (=> minimal performance penalty) and they don't need > > so much memory to utilize more than 32-bit pointers. (Also, using 32-bit > > pointers can make a minor performance gain.) > > … > > It is possible to use 32-bit stubdom on a 64-bit system? > > That's interesting idea. Simon, what do you think about it? >
I've tried to implement this kind of protection and I'd like to report my failure achieve the result. Someone might be more successful. After all, I am not much experienced with Xen internals (I mostly configure Xen through Qubes). I've found there is a gzipped ELF with ioemu stubdom. Maybe replacing it with a 32b one could do the trick. But I am not sure if it is enough, maybe this would just result in a 32-bit code running in 64-bit PV domain, which is not what we want. (I am not even sure how to check it.) I haven't found any relevant configuration where I could configure the stubdomain mode. But I've decided to try to compile the stubdom and to try it. I've checked out the code and switched to 4.6.6 tag. The code looks promising, some parts seem to be ready for x86_32, despite the fact that it is no longer supported platform for Xen itself. I however have failed the compilation itself, regardless of the target architecture. I have tried debian-9. I needed few additional packages to pass ./configure, that's OK. (I won't name them, because you might miss different packages and because the error messages are pretty clear.) There seem to be some new warnings in GCC that make the compilation to fail, so I had to adjust tools/Rules.mk by adding line `CFLAGS += -Wno-misleading-indentation -Wno-unused-function`. This shifts me to another problem: command `./configure --enable-stubdom --disable-tools --disable-xen --disable-docs --host=x86_64 && make` results in the following error message I am unable to resolve: … make -C seabios-dir all make: Entering directory '/home/user/xen/tools/firmware/seabios-dir-remote' Compile checking out/src/stacks.o src/stacks.c: Assembler messages: src/stacks.c:635: Error: found '(', expected: ')' src/stacks.c:635: Error: junk `(%ebp))' after expression src/stacks.c:636: Warning: indirect call without `*' … Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72d9be30-473b-4840-a240-f29bea8a47ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.