[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL

>>> On 20.05.15 at 10:58, <roger.pau@xxxxxxxxxx> wrote:
> After looking into this a little bit more, I'm afraid I don't see a
> straight forward way to check for the permissions of all paging levels.
> Here are the options I've found in order to deal with this:
>  - Use guest_get_eff_l1e and only check for the permissions of the L1
>    entry. Is it possible that the guest places an invalid entry in the
>    linear l1 table without Xen realizing?

No - all page table changes are being validated by Xen.

>  - Add a new function hook somewhere (pv_domain maybe?) that can be
>    used to translate GVA to PFN for PV guests (mimicking what
>    paging_gva_to_gfn does). This would be implemented using
>    guest_walk_X_level, where X is the paging levels of the guest.
>  - Use some glue to be able to call guest_walk_{3/4}_level from
>    paging.c directly, and correctly choose which one to use based on
>    the guest bitness. IMHO this looks quite wacky, and I'm not even
>    sure if it's possible given the amount of preprocessor foo in
>    guest_pt.h.
> I have the first option already implemented, but I would appreciate some
> advice regarding the security implications of it.

I think with all of the options here being unsatisfactory we should
reconsider your original option of restoring previous behavior
(without any mapping) for the PV case. Tim?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.