|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL emulation
Quoting Kouya Shimura <kouya@xxxxxxxxxxxxxx>: > There is a security vulnerability in PAL emulation > since alt-dtlb miss handler of HVM absolutely > inserts a identity-mapped TLB when psr.vm=0. > > HVM guest can access an arbitrary machine physical > memory with this security hole. > > Actually windows 2008 destroys the content of machine > physical address 0x108000. This is a serious problem. Hi, I was not aware that this issue was that serious. Thank you for pointing this out. I think your solution is not the right approach. We already have a mechanism to avoid TLB issues: xencomm, and I think we should re-use it. As we control the PAL (which is always in guest space), I think we should simply xencomm-ize it (Must be done both in the GFW and PV firmware). Tristan. _______________________________________________ Xen-ia64-devel mailing list Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-ia64-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |