[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
- To: "Jinsong Liu" <jinsong.liu@xxxxxxxxx>
- From: "Jan Beulich" <JBeulich@xxxxxxxx>
- Date: Wed, 30 Oct 2013 15:27:56 +0000
- Cc: "tim@xxxxxxx" <tim@xxxxxxx>, "keir@xxxxxxx" <keir@xxxxxxx>, "suravee.suthikulpanit@xxxxxxx" <suravee.suthikulpanit@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Eddie Dong <eddie.dong@xxxxxxxxx>, "zhenzhong.duan@xxxxxxxxxx" <zhenzhong.duan@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Will Auld <will.auld@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, "sherry.hurwitz@xxxxxxx" <sherry.hurwitz@xxxxxxx>
- Delivery-date: Wed, 30 Oct 2013 15:28:19 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
>>> On 30.10.13 at 16:21, "Liu, Jinsong" <jinsong.liu@xxxxxxxxx> wrote:
> Andrew Cooper wrote:
>> How about this:
>>
>> 1) Clear a page with ud2s
>> 2) Use the hypervisor msr to write a new hypercall page over this
>> cleared page
>> 3) Immediately try to make a hypercall using this new page
>>
>> What guarantee is there that Xen writing the hypercall page has made
>> its way correctly back to RAM by the time domU tries to execute the
>> hypercall?
>
> Sorry, seems I didn't understand it?
He just gave you an example for what I was telling you in an
abstract way.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|