[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-ia64-devel] domU address space



Kouya Shimura wrote:
> tgingold@xxxxxxx writes:
>>> Do we have checks when inserting guest TLB for PV dom? Seems not,
>> 
>> Yes, we do.  See vcpu.c:check_xen_space_overlap
> 
> It's only for xen area (region 7).  domU can use full 60 bit VA on
> other region in spite of IMPL_VA_MSB = 50. 

Yes, Shimura san, thanks! So the hole is still there.

> 
> Eddie,
> Ideally we should check it.
> But current xen implementation requires full 64bit VA and there is no
> such an Itanium2 with IMPL_VA_MSB <60. (except VTi) So mis-using TLB
> cannot be. (i.e. unimplemented VA fault never be happened) 

Yes. That is why we are lucky so far :) While from architecture point of
view
we need to fix it.

> 
> If we support xen on xen, it should be fixed in order to prevent a
> guest xen crashing. :) 

Yes, thanks! Besides running Xen on Xen, there is issue here with 
current solution. If we don;t check guest VA bits at emulating guest TLB
insertion time per architecture requirement, i.e. check IMPL_VA_MSB, 
a malicious guest can mis-lead hypervisor to die if the guest use 
same VA (but in different region) with hypervisor if rid of this region
is same
with region 7. We can simply fix this in check_xen_space_overlap as temp
solution, or implement a full solution to check IMPL_VA_MSB.

I prefer later one since it is not complicated to check VA bits #.
Converting
(alt)tlb_miss to unimplemented VA bits fault can be another task since
it only infect guest itself (not Xen).

thx, eddie

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.