[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages

To: Ian Campbell <ian.campbell@xxxxxxxxxx>
From: Tamas K Lengyel <tklengyel@xxxxxxxxxxxxx>
Date: Thu, 12 Mar 2015 17:02:13 +0100
Cc: wei.liu2@xxxxxxxxxx, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxx, stefano.stabellini@xxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Keir Fraser <keir@xxxxxxx>
Delivery-date: Thu, 12 Mar 2015 16:02:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, Mar 12, 2015 at 4:56 PM, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote:

On Thu, 2015-03-12 at 16:44 +0100, Tamas K Lengyel wrote:
>
>
> On Thu, Mar 12, 2015 at 4:40 PM, Julien Grall
> <julien.grall@xxxxxxxxxx> wrote:
>Â Â Â Â ÂHi Ian,
>
>Â Â Â Â ÂOn 12/03/15 15:27, Ian Campbell wrote:
>Â Â Â Â Â>> Currently, check_type_get_page emulate only the check for
>Â Â Â Â Â2). So you may
>Â Â Â Â Â>> end up to allow Xen writing in read-only mapping (from the
>Â Â Â Â ÂStage 1 POV).
>Â Â Â Â Â>> This was XSA-98.
>Â Â Â Â Â>
>Â Â Â Â Â> XSA-98 was purely about stage-2 permissions (e.g. read-only
>Â Â Â Â Âgrants). The
>Â Â Â Â Â> fact that the resulting patch also checks stage-1
>Â Â Â Â Âpermissions is not a
>Â Â Â Â Â> security property AFAICT.
>
>Â Â Â Â ÂXSA-98 was for both... Without checking stage-1 permission a
>Â Â Â Â Âuserspace
>Â Â Â Â Âwhich can issue an hypercall may be able to write into
>Â Â Â Â Âread-only kernel
>Â Â Â Â Âspace. Whoops.
>
>
> Userspace is able to issue hypercall?

Via ioctls on /proc/xen/privcmd, yes. It's how the toolstack talks to
Xen...

Well, that is not the userspace issuing the hypercall, its a kernel module issuing the hypercall on behalf of a process ;)

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Ian Campbell

References:
- [Xen-devel] [PATCH V13 0/7] Mem_access for ARM
  - From: Tamas K Lengyel
- [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Julien Grall
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Julien Grall
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Julien Grall
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Tamas K Lengyel
- Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] Xen 4.6 Development Update (two months reminder)
Next by Date: Re: [Xen-devel] [PATCH v3 4/4] libxl: add support for vscsi
Previous by thread: Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
Next by thread: Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages
Index(es):
- Date
- Thread

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.