[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall

To: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxxxxx>
Date: Tue, 22 Jul 2014 17:44:59 +0100
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Tue, 22 Jul 2014 16:45:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/22/2014 05:39 PM, Andrii Tseglytskyi wrote:
> Hi Julien,

Hi Andrii,

> On Fri, Jul 4, 2014 at 5:35 PM, Julien Grall <julien.grall@xxxxxxxxxx> wrote:
>> Hi Andrii,
>>
>>
>> On 26/06/14 12:07, Andrii Tseglytskyi wrote:
>>>
>>> +long do_translate_pagetable(int cmd,
>>> XEN_GUEST_HANDLE_PARAM(xen_pagetable_addr_t) pgt_addr)
>>> +{
>>> +    struct xen_pagetable_addr pgt;
>>> +    struct mmu_info *mmu = NULL;
>>> +
>>> +    if ( copy_from_guest(&pgt, pgt_addr, 1) )
>>> +        return -EFAULT;
>>> +
>>> +    mmu = mmu_lookup(pgt.reg);
>>> +    if ( !mmu )
>>> +    {
>>> +        pr_mmu("can't get mmu for addr 0x%08x", pgt.reg);
>>> +        return -EINVAL;
>>> +    }
>>> +
>>> +    pgt.maddr = mmu_translate_pagetable(mmu, pgt.paddr);
>>> +
>>> +    return copy_to_guest(pgt_addr, &pgt, 1);
>>> +}
>>> +
>>
>>
>> AFAIU, nothing prevents a malicious guest to call this hypercall and screw
>> the pagetable of the MMU.
> 
> Right. Do you think that some kind of security checks needed here?

You need at least ot check that the domain is allowed to access to the
remote processor.

It may be implemented via the solution we were talking on patch #1.

Regards,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
  - From: Andrii Tseglytskyi

References:
- Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
  - From: Andrii Tseglytskyi

Prev by Date: Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Next by Date: Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Previous by thread: Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Next by thread: Re: [Xen-devel] [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.