|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] PV audio drivers for Linux
>>> On 18.01.17 at 16:45, <rakesh.a.ughreja@xxxxxxxxx> wrote: >>From: Jan Beulich [mailto:JBeulich@xxxxxxxx] >>Sent: Wednesday, January 18, 2017 3:39 PM >>>>> On 17.01.17 at 19:01, <rakesh.a.ughreja@xxxxxxxxx> wrote: >>> When the buffer is allocated using __get_free_pages() on the DOM0 >>> OS, I am able to grant the access using gnttab_grant_foreign_access() >>> to DOM1 as well as I am able to map it in the DOM1 virtual space >>> using xenbus_map_ring_valloc(). >> >>A more general remark here: The direction you do the granting is at >>least unusual, and likely to have security implications. It should be >>the frontend to allocate and grant the pages, and the backend to >>map them. See the various existing frontend/backend pairs in the >>Linux tree. > > That's a very important point. Thanks. Can you describe what kind > of security implications happen if we do the buffer allocation on > the backend and grant the access to front end ? The frontend (in the unprivileged domain) may indefinitely hold onto the grants, making it impossible for the privileged domain to recover its memory (other than by killing the guest). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |