|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3] x86: allow 64-bit PV guest kernels to suppress user mode exposure of M2P
On 24/04/15 15:31, Jan Beulich wrote: > Xen L4 entries being uniformly installed into any L4 table and 64-bit > PV kernels running in ring 3 means that user mode was able to see the > read-only M2P presented by Xen to the guests. While apparently not > really representing an exploitable information leak, this still very > certainly was never meant to be that way. > > Building on the fact that these guests already have separate kernel and > user mode page tables we can allow guest kernels to tell Xen that they > don't want user mode to see this table. We can't, however, do this by > default: There is no ABI requirement that kernel and user mode page > tables be separate. Therefore introduce a new VM-assist flag allowing > the guest to control respective hypervisor behavior: > - when not set, L4 tables get created with the respective slot blank, > and whenever the L4 table gets used as a kernel one the missing > mapping gets inserted, > - when set, L4 tables get created with the respective slot initialized > as before, and whenever the L4 table gets used as a user one the > mapping gets zapped. Is this complete? For backwards compatibility, older kernels will not have m2p_strict set, and the m2p should unconditionally appear in all L4s. If m2p_strict is set then the mapping should be zapped for user L4s. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |