[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 05/11] common/grant_table: block speculative out-of-bound accesses



>>> Norbert Manthey <nmanthey@xxxxxxxxx> 01/29/19 9:35 AM >>>
>I am aware that both version use the same base array, and access it via
>different macros, which essentially partition the array based on the
>size of the respective struct. The underlying raw array has the same
>size for both version.

And this is the problem afaics: If a guest has requested its grant table to
be sized as a single page, this page can fit twice as many entries for
v1 than it can fit for v2. Hence the v1 grant reference pointing at the last
entry would point at the last entry in the (not mapped) second page for v2.


Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.