[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH SpectreV1+L1TF v4 05/11] common/grant_table: block speculative out-of-bound accesses
- To: <nmanthey@xxxxxxxxx>
- From: "Jan Beulich" <jbeulich@xxxxxxxx>
- Date: Tue, 29 Jan 2019 02:46:24 -0700
- Cc: tim@xxxxxxx, sstabellini@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, konrad.wilk@xxxxxxxxxx, George.Dunlap@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, Dario Faggioli <dfaggioli@xxxxxxxx>, mpohlack@xxxxxxxxx, julien.grall@xxxxxxx, dwmw@xxxxxxxxxxxx, amazein@xxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, jsteckli@xxxxxxxxx, doebel@xxxxxxxxx
- Delivery-date: Tue, 29 Jan 2019 09:46:38 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
>>> Norbert Manthey <nmanthey@xxxxxxxxx> 01/29/19 9:35 AM >>>
>I am aware that both version use the same base array, and access it via
>different macros, which essentially partition the array based on the
>size of the respective struct. The underlying raw array has the same
>size for both version.
And this is the problem afaics: If a guest has requested its grant table to
be sized as a single page, this page can fit twice as many entries for
v1 than it can fit for v2. Hence the v1 grant reference pointing at the last
entry would point at the last entry in the (not mapped) second page for v2.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
