[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 19/23 v2] arch/x86: check remote MMIO remap permissions
When a domain is mapping pages from a different pg_owner domain, the iomem_access checks are currently only applied to the pg_owner domain, potentially allowing a domain with a more restrictive iomem_access policy to have the pages mapped into its page tables. To catch this, also check the owner of the page tables. The current domain does not need to be checked because the ability to manipulate a domain's page tables implies full access to the target domain, so checking that domain's permission is sufficient. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Cc: Keir Fraser <keir@xxxxxxx> Cc: Jan Beulich <jbeulich@xxxxxxxx> Cc: Tim Deegan <tim@xxxxxxx> --- xen/arch/x86/mm.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 5c6ea2d..ede92bd 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -754,6 +754,19 @@ get_page_from_l1e( return -EINVAL; } + if ( pg_owner != l1e_owner && + !iomem_access_permitted(l1e_owner, mfn, mfn) ) + { + if ( mfn != (PADDR_MASK >> PAGE_SHIFT) ) /* INVALID_MFN? */ + { + MEM_LOG("Domain %u attempted to map I/O space %08lx in domain %u to domain %u", + curr->domain->domain_id, mfn, pg_owner->domain_id, + l1e_owner->domain_id); + return -EPERM; + } + return -EINVAL; + } + if ( !(l1f & _PAGE_RW) || !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) return 0; -- 1.7.11.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |