Xen project Mailing List

Re: [Xen-devel] PATCH: Allow domains to share instruction pages with each other

To: Michael Abd-El-Malek <mabdelm@xxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>

From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>

Date: Sat, 10 Jan 2009 09:22:24 +0000

Cc:

Delivery-date: Sat, 10 Jan 2009 01:22:52 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: AclzBPJcrplqft+ngUuanR8jXdl5cA==

Thread-topic: [Xen-devel] PATCH: Allow domains to share instruction pages with each other

On 10/01/2009 01:08, "Michael Abd-El-Malek" <mabdelm@xxxxxxxxxxx> wrote: > Allow domains to share instruction pages with each other. > > Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages > shared between domains. That broke my ability to execute a binary > whose pages are mapped from another domain. > > My fix: I removed the NX page flag. I don't see a security problem > with this: if domain A maps a page from domain B, it somehow trusts > it, and can do any additional checks after the page is mapped. But > absolutely disallowing execution of instructions from a mapped page > seems a little too strict. I think NX as default is pretty sensible. If you want to be able to make executable shared mappings via grants, how about we add a flag GNTMAP_executable to gnttab_map_grant_ref? You can use that in create_grant_host_mapping() to zap _PAGE_NX. If that works for you, feel free to make a patch. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.