[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] PATCH: Allow domains to share instruction pages with each other
Allow domains to share instruction pages with each other.Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages shared between domains. That broke my ability to execute a binary whose pages are mapped from another domain. My fix: I removed the NX page flag. I don't see a security problem with this: if domain A maps a page from domain B, it somehow trusts it, and can do any additional checks after the page is mapped. But absolutely disallowing execution of instructions from a mapped page seems a little too strict. diff -r 7a87b3dffa69 -r 43693d552e09 xen/include/asm-x86/page.h --- a/xen/include/asm-x86/page.h Sun Dec 28 02:37:15 2008 -0500 +++ b/xen/include/asm-x86/page.h Wed Jan 07 23:35:18 2009 -0500 @@ -317,7 +317,7 @@(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED) #define GRANT_PTE_FLAGS \- (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB) + (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_GNTTAB) #ifndef __ASSEMBLY__ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |