|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [XEN PATCH] xen/common: validate shared memory guest address overlap with guest RAM
Hi Joan, Thank you for the patch. On 14/04/2026 09:59, Joan Bae wrote: Currently, process_shm() does not check whether the guest physical address of a shared memory region overlaps with the domain's allocated RAM banks. Neither process_shm() nor p2m_set_entry() checks for existing mappings, so the RAM mapping is silently overwritten if a user specifies a guest physical address that falls within the guest RAM range. Since construct_domain() loads the kernel after process_shm(), the kernel can end up in shared memory pages. This can cause: - Another domain corrupting the kernel via shared memory write - Silent guest crash with no error message from Xen This seems to be solving one specific issue (RAM clashing with shared memory) but I believe this could also happen with other kind of mappings because, as you said, p2m_set_entry() doesn't check any overlap. So I would rather prefer if we solve the problem once and for all. This would mean modifying p2m_set_entry() (or one of its top caller). Although, we would need to be careful to not break memory hypercalls which may rely on overwriting existing mappings. Cheers, -- Julien Grall
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |