[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 25/34] x86/mm/shadow: make it build with !CONFIG_HVM



>>> On 21.08.18 at 10:29, <roger.pau@xxxxxxxxxx> wrote:
> On Fri, Aug 17, 2018 at 04:12:43PM +0100, Wei Liu wrote:
>> @@ -2723,12 +2736,13 @@ static int sh_remove_all_mappings(struct domain *d, 
>> mfn_t gmfn, gfn_t gfn)
>>                 && (page->count_info & PGC_count_mask) <= 3
>>                 && ((page->u.inuse.type_info & PGT_count_mask)
>>                     == (is_xen_heap_page(page) ||
>> -                       is_ioreq_server_page(d, page)))) )
>> +                       (is_hvm_domain(d) && is_ioreq_server_page(d, 
>> page))))) )
> 
> Isn't this a separate bugfix? is_ioreq_server_page shouldn't be called
> for PV domains at all (same below).

There's a shadow_mode_external() just out of context here. Along the
lines of my previous reply, this one too should be forced to constant
false when !HVM.

Without this, i.e. if the code was somehow reachable for PV guests,
this would have been a security issue.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.