[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/2] arm/mem_access: adjust check_and_get_page to not rely on current



Hi Tamas,

On 12/12/16 18:42, Tamas K Lengyel wrote:
On Mon, Dec 12, 2016 at 4:46 AM, Julien Grall <julien.grall@xxxxxxx> wrote:
The translation VA to IPA (guest physical address) is done using hardware.
If the underlying memory of the stage-1 page table is protected, so the
translation will fail. Given that this function is used in hypercall to
retrieve the page associated to a buffer, it means that it will not be
possible to do hypercall when the page table used to find the buffer IPA has
not been touched.

This function specifically works around the case where the page of the
guest pagetable is not accessible due to mem_access, when the hardware
based lookup doesn't work.This function checks what the fault was,
checks the page type and the mem_access rights to determine whether
the fault was legit, or if it was due to mem_access. If it was
mem_access it gets the page without involving the hardware. I'm not
following what you describe afterwards regarding the buffer and what
you mean by "the buffer IPA has not been touched". Care to elaborate?

I am afraid to say that the function does not do what you think and is still using the hardware to do the translation. For instance the function gva_to_ipa is using the hardware to translate a VA to IPA.

This function is called when it is not possible to directly translate a VA to a PA. This may fail for various reason:
        * The underlying memory of the buffer was restricted in stage-2
        * The underlying memory of stage-1 page tables was restricted in stage-2

Whilst the function is solving the former, the latter will not work due to the call to gva_to_ipa. This will fail because the stage-1 PT are not accessible.

One way to trigger it (note I haven't tested myself) is to have the code and data in separate page. The translation will be using distinct stage-1 page table entry. If nobody touches the page table entry before hand (for instance by accessing the buffer), it will still be inaccessible when Xen is calling p2m_mem_access_check_and_get_page.

Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.