[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages



On Thu, 2015-03-12 at 16:44 +0100, Tamas K Lengyel wrote:
> 
> 
> On Thu, Mar 12, 2015 at 4:40 PM, Julien Grall
> <julien.grall@xxxxxxxxxx> wrote:
>         Hi Ian,
>         
>         On 12/03/15 15:27, Ian Campbell wrote:
>         >> Currently, check_type_get_page emulate only the check for
>         2). So you may
>         >> end up to allow Xen writing in read-only mapping (from the
>         Stage 1 POV).
>         >> This was XSA-98.
>         >
>         > XSA-98 was purely about stage-2 permissions (e.g. read-only
>         grants). The
>         > fact that the resulting patch also checks stage-1
>         permissions is not a
>         > security property AFAICT.
>         
>         XSA-98 was for both... Without checking stage-1 permission a
>         userspace
>         which can issue an hypercall may be able to write into
>         read-only kernel
>         space. Whoops.
> 
> 
> Userspace is able to issue hypercall?

Via ioctls on /proc/xen/privcmd, yes. It's how the toolstack talks to
Xen...




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.