[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Minios-devel] [UNIKRAFT PATCH 0/3] plat/kvm: Make most of the first MB inaccessible
Hey Florian,this patch series looks really good and is well explained. I think it is a good addition because NULL-reference problems are getting much more obvious. For now, we have weird behavior in NULL-reference cases. I would like to include this patch actually early in order to get such bugs found earlier. Since this is applied to our `staging` branch first, it should be totally fine. Thanks, Simon On 30.05.19 22:52, Florian Schmidt wrote: On kvm on x86, we currently use a 1:1 mapping between virtual and physical memory by mapping the first 1GB of virtual memory via one layer-3 page table with large (2MB) pages. As a side effect, all memory addresses below 1GB are accessible, even 0x0 and other very low addresses. This is not in itself a problem (it's valid memory, after all), but it tends to mask bugs where we try to dereference NULL pointers etc. The most straightforward solution, marking the first page table entry as inaccessible, is impractical: most importantly, there are addresses in that range that we want to legitimately access: 0x8b000-0x8ffff is the VGA buffer, and 0x9500 is the address at which QEMU passes the multiboot information from the bootloader. Instead, we create one more page table, this one with 4k granularity, and refer to that one from the first layer-3 entry. I'm aware that this is a potentially disruptive change, because it might uncover additional minor bugs, crashing the system where before it pottered on happily. I might also have forgotten to provide access to area in the first MB that we legitimately want to access. However, I think the first argument is weak, becauase we'd rather find these bugs instead of staying blissfully unaware; and the second argument describes an easily fixable problem by simply changing a line in the page table as a quick patch. In any case, "standard unikraft" (i.e., not testing specific libraries or applications) seems to work well with this patch. Florian Schmidt (3): plat/kvm: Replace numerical flags with defines in pagetable.S plat/kvm: 4k-granularity page table for the first 2MB plat/kvm: set write protect flag in CR0 plat/common/include/x86/cpu_defs.h | 1 + plat/kvm/x86/entry64.S | 2 +- plat/kvm/x86/pagetable.S | 1309 +++++++++++++++++----------- 3 files changed, 796 insertions(+), 516 deletions(-) _______________________________________________ Minios-devel mailing list Minios-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/minios-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |