[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] update_runstate_area and Linux KPTI


While I was looking at some unrelated problem with Xen ARM P2M code, I noticed that the function update_runstate_area is using guest virtual address to update the vCPU runstate. That function will be called when context switch to a vCPU. However, that vCPU may run in userspace context. When KPTI (kernel page table isolation) is used,

In the best case, that address is not mapped into the page-table currently used. Xen will not be able to update the region.

In the worst case, that address is mapped to a different region and Xen will corrupt some bits of the memory.

The code looks fundamentally wrong on Arm, I am entirely not sure about x86.

It look like to me that Xen should always use the guest physical address and therefore translate the virtual address to a physical one in VCPUOP_register_runstate_memory_area. So only the physical address will be used in update_runstate_area making the function much safer.

Any opinion on this approach?


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.