Xen project Mailing List

Re: [Xen-devel] [PATCH v2 3/3] [GSOC14] FIX:- Race condition between initializing shared ring and mempaging.

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Dushyant Behl <myselfdushyantbehl@xxxxxxxxx>

Date: Mon, 21 Jul 2014 03:19:56 +0530

Cc: David Scott <dave.scott@xxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>, Andres Lagar Cavilla <andres@xxxxxxxxxxxxxxxx>

Delivery-date: Sun, 20 Jul 2014 21:50:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Ian, Sorry for this extremely late response. On Fri, Jun 27, 2014 at 4:03 PM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote: > On Mon, 2014-06-16 at 23:50 +0530, Dushyant Behl wrote: >> This patch is part of the work done under the gsoc project - >> Lazy Restore Using Memory Paging. >> >> This patch is meant to fix a known race condition bug in mempaging >> ring setup routines. The race conditon was between initializing > > "condition" > >> mem paging and initializing shared ring, earlier the code initialized >> mem paging before removing the ring page from guest's physical map >> which could enable the guest to interfere with the ring initialisation. >> Now the code removes the page from the guest's physical map before >> enabling mempaging so that the guest cannot clobber the ring after >> we initialise it. >> >> Signed-off-by: Dushyant Behl <myselfdushyantbehl@xxxxxxxxx> >> Reviewed-by: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx> >> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> --- >> tools/libxc/xc_mem_paging_setup.c | 24 ++++++++++++++++++++---- >> 1 file changed, 20 insertions(+), 4 deletions(-) >> >> diff --git a/tools/libxc/xc_mem_paging_setup.c >> b/tools/libxc/xc_mem_paging_setup.c >> index 679c606..a4c4798 100644 >> --- a/tools/libxc/xc_mem_paging_setup.c >> +++ b/tools/libxc/xc_mem_paging_setup.c >> @@ -73,6 +73,24 @@ int xc_mem_paging_ring_setup(xc_interface *xch, >> } >> } >> >> + /* >> + * Remove the page from guest's physical map so that the guest will not >> + * be able to break security by pretending to be toolstack for a while. >> + */ >> + if ( xc_domain_decrease_reservation_exact(xch, domain_id, 1, 0, >> ring_page) ) > > ring_page here is a void * mapping of the page, isn't it? Not a > xen_pfn_t[] array of pfns, so surely this isn't right. Yes, you are correct and the invocation should be with ring_pfn. But if I change this with the invocation done below as - if ( xc_domain_decrease_reservation_exact(xch, domain_id, 1, 0, &ring_pfn) ) then the code fails to enable mem paging. Can anyone help as to why this would happen? Thanks and Regards, Dushyant Behl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.