|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush
Le Jeudi 11 Mai 2006 11:09, Tian, Kevin a écrit : > From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx] > > >Sent: 2006年5月11日 17:06 > > > >> No one talks about trusting domU. I'm not digging into xen/x86's code > >> to see how they prevent such malicious behavior by passing an > > > >incorrect > > > >> virtual address at domain unmap request. Maybe the solution is there, > >> maybe not. Anyway it's a common security issue, not specific to ia64. > > > >No, it is specific to ia64, because x86 purges the tlb. > >Our main problem is purge time: it is a simple instruction on x86 > >(reloading > >cr3, maybe through IPI), while a lot of works on ia64. > > No, it's common. Xen/x86 also relies on passed gva to purge entries > in writable page table. If domain deliberately passes an incorrect hva > related to granted entry, xen/x86 will also populate incorrect pte entry. > Later even after tlb is purged, domain is still possible to access > ungranted pages since stale entry is still in pgtable. You are correct. > That's why I say flush_tlb_mask should really flush TLB only. Software > structure (vhpt for ia64, writable pgtable for x86) is manipulated earlier > by __gnttab_unmap_grant_ref where above security issue may apply. Thanks, Tristan. _______________________________________________ Xen-ia64-devel mailing list Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-ia64-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |