[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/7] x86/mm: Further restrict permissions on some virtual mappings



On 02/05/17 19:05, Andrew Cooper wrote:
> As originally reported, the Linear Pagetable slot maps 512GB of ram as RWX,
> where the guest has full read access and a lot of direct or indirect control
> over the written content.  It isn't hard for a PV guest to hide shellcode
> here.
> 
> Therefore, increase defence in depth by auditing our current pagetable
> mappings.
> 
>  * The regular linear, shadow linear, and per-domain slots have no business
>    being executable (but need to be written), so are updated to be NX.
>  * The Read Only mappings of the M2P (compat and regular) don't need to be
>    writeable or executable.
>  * The PV GDT mappings don't need to be executable.
> 
> Reported-by: Jann Horn <jannh@xxxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Acked-by: George Dunlap <george.dunlap@xxxxxxxxxx>


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.