[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] grant table and bogus mfns

Hi,

While developping a frontend, I noticed that if I gave a grant on mfn 0
to a backend (which is bogus), that backend would happily be allowed to
map it, and hence Oops...

This is because mfn 0 is considered as iomem, and in that case
gnttab_map_grant_ref only checks that the target domain is allowed to
access it.  The patch below makes it check that the source domain was
allowed to access it (and then give the target access to it).

Samuel

Signed-Off-By: Samuel Thibault <samuel.thibault@xxxxxxxxxxxxx>

diff -r 4bf62459d45a xen/common/grant_table.c
--- a/xen/common/grant_table.c  Wed Nov 07 11:29:38 2007 +0000
+++ b/xen/common/grant_table.c  Fri Nov 09 15:01:57 2007 +0000
@@ -335,7 +335,8 @@ __gnttab_map_grant_ref(
         if ( iomem_page_test(frame, mfn_to_page(frame)) )
         {
             is_iomem = 1;
-            if ( iomem_permit_access(ld, frame, frame) )
+            if ( !iomem_access_permitted(rd, frame, frame)
+                  || iomem_permit_access(ld, frame, frame) )
             {
                 gdprintk(XENLOG_WARNING, 
                          "Could not permit access to grant frame "

Attachment: patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.