|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush
>From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx] >Sent: 2006年5月11日 16:04 >> >> I think the logic here is simple: domain assigns a virtual address to >map >> granted frame, and then later domain itself passes in same virtual >address >> to unmap granted frame. Xen simply helps domain upon its request. >However we can't trust domU. This model is too simple from a security >point >of view. No one talks about trusting domU. I'm not digging into xen/x86's code to see how they prevent such malicious behavior by passing an incorrect virtual address at domain unmap request. Maybe the solution is there, maybe not. Anyway it's a common security issue, not specific to ia64. Please do things step by step. First to purge vhpt entry by gva based on current grant table arch, and then propose to xen-devel for common solution later if there. Thanks, Kevin _______________________________________________ Xen-ia64-devel mailing list Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-ia64-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |