[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Wed, 20 May 2015 10:43:12 +0100
Cc: AndrewCooper <andrew.cooper3@xxxxxxxxxx>, ian.jackson@xxxxxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 20 May 2015 09:43:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 10:12 +0100 on 20 May (1432116766), Jan Beulich wrote:
> >>> On 20.05.15 at 10:58, <roger.pau@xxxxxxxxxx> wrote:
> > After looking into this a little bit more, I'm afraid I don't see a
> > straight forward way to check for the permissions of all paging levels.
> > Here are the options I've found in order to deal with this:
> > 
> >  - Use guest_get_eff_l1e and only check for the permissions of the L1
> >    entry. Is it possible that the guest places an invalid entry in the
> >    linear l1 table without Xen realizing?
> 
> No - all page table changes are being validated by Xen.

Yes, using guest_get_eff_l1e() is safe for Xen.  The only concern is
whether it's safe for the guest -- Xen might not honour an upper-level
read-only mark (which copy_to_guest() would) or a supervisor-mode-only
mark (which it wouldn't).

> >  - Add a new function hook somewhere (pv_domain maybe?) that can be
> >    used to translate GVA to PFN for PV guests (mimicking what
> >    paging_gva_to_gfn does). This would be implemented using
> >    guest_walk_X_level, where X is the paging levels of the guest.
> > 
> >  - Use some glue to be able to call guest_walk_{3/4}_level from
> >    paging.c directly, and correctly choose which one to use based on
> >    the guest bitness. IMHO this looks quite wacky, and I'm not even
> >    sure if it's possible given the amount of preprocessor foo in
> >    guest_pt.h.
> > 
> > I have the first option already implemented, but I would appreciate some
> > advice regarding the security implications of it.
> 
> I think with all of the options here being unsatisfactory we should
> reconsider your original option of restoring previous behavior
> (without any mapping) for the PV case. Tim?

Yeah, I don't think it's worth adding a bunch mode pagetable-walk
machinery just to keep this function clean.  So I suppose we have to
have two paths. in this code.

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Roger Pau Monné

References:
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Roger Pau Monné
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Jan Beulich
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Tim Deegan
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Roger Pau Monné
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Jan Beulich
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Tim Deegan
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Jan Beulich
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Roger Pau Monné
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Roger Pau Monné
- Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
  - From: Jan Beulich

Prev by Date: [Xen-devel] [Patch v2 08/14] genirq: Introduce helper function irq_data_get_affinity_mask()
Next by Date: Re: [Xen-devel] [PATCH v6 02/10] libxl: support SHUTDOWN_soft_reset shutdown reason
Previous by thread: Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
Next by thread: Re: [Xen-devel] [xen-unstable test] 56456: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.