[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/7] x86/mm: Further restrict permissions on some virtual mappings


At 19:05 +0100 on 02 May (1493751922), Andrew Cooper wrote:
> As originally reported, the Linear Pagetable slot maps 512GB of ram as RWX,
> where the guest has full read access and a lot of direct or indirect control
> over the written content.  It isn't hard for a PV guest to hide shellcode
> here.
> Therefore, increase defence in depth by auditing our current pagetable
> mappings.
>  * The regular linear, shadow linear, and per-domain slots have no business
>    being executable (but need to be written), so are updated to be NX.
>  * The Read Only mappings of the M2P (compat and regular) don't need to be
>    writeable or executable.
>  * The PV GDT mappings don't need to be executable.
> Reported-by: Jann Horn <jannh@xxxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Reviewed-by: Tim Deegan <tim@xxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.