[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
Hi Tamas, On 06/03/15 21:24, Tamas K Lengyel wrote: > +/* > + * If mem_access is in use it might have been the reason why > get_page_from_gva > + * failed to fetch the page, as it uses the MMU for the permission checking. > + * Only in these cases we do a software-based type check and fetch the page > if > + * we indeed found a conflicting mem_access setting. > + */ > +static int check_type_get_page(vaddr_t gva, unsigned long flag, > + struct page_info** page) > +{ > + long rc; > + paddr_t ipa; > + unsigned long maddr; > + unsigned long mfn; > + xenmem_access_t xma; > + p2m_type_t t; > + > + rc = gva_to_ipa(gva, &ipa); I though a bit more about this call. gva_to_ipa only checks if the mapping has read-permission. That would allow a guest to write on read-only mapping. You have to pass the flags to gva_to_ipa in order to avoid re-introducing XSA-98 [1] Regards, [1] http://xenbits.xen.org/xsa/advisory-98.html -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |