Dear all,
I am interested in a scenario where I want to host two guest OSes above a bare-metal hypervisor on an ARM mobile platform. The total available memory platform is 4GB where I want to expose exclusively 2 GB of continuous RAM to each guest OS. Could you please guide me through my two below concerns:
1- in case I change the FDT (device tree) of each guest OS to reflect exclusively 2 GB of continuous memory, can I be assured that the kernel of the guest OS will only access these 2 GB, and further it is not even aware of the existence of the other 2 GB of the memory on the platform?
2- I prefer that each guest OS manage directly its memory without the intervention of the host hypervisor (in other words the guest physical address reflect the actual hypervisor physical address), in such scenario can I resort to a XenARM-like hypervisor and just disable the second stage translation in the Xen hypervisor code? Would that work or is there actually a better way to do it? Please share your experience
Best wishes.
One of the advantages of stage 2 translation is that it prevents a guest (accidentally or maliciously) accessing the resources of other guests or the Hypervisor. Without it you are relying on the two guests being well behaved. I think it fair to say that it is unlikely that an OS would map in addresses that it believed didn't have anything at them, but certainly not impossible. The question becomes why are you using virtualization to give you two guests in the first place? If, for example, it was for sandboxing then relying on them being well behaved doesn't seem like a great idea.
Second stage translation does not need to be a big overhead, and it doesn't stop you from having flat mapped addresses (i.e. IPA==PA). You said you want to give each guest 2GB of contiguous RAM. The translation table format gives the option of 1GB blocks, so that's just two entries.