|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] xen/arm: Fix P2M root page tables invalidation
Hi Jan, On 16/06/2025 08:35, Jan Beulich wrote: On 16.06.2025 08:56, Michal Orzel wrote:Fix the condition part of the for loop in p2m_invalidate_root() that uses P2M_ROOT_LEVEL instead of P2M_ROOT_PAGES. The goal here is to invalidate all root page tables (that can be concatenated), so the loop must iterate through all these pages. Root level can be 0 or 1, whereas there can be 1,2,8,16 root pages. The issue may lead to some pages not being invalidated and therefore the guest access won't be trapped. We use it to track pages accessed by guest for set/way emulation provided no IOMMU, IOMMU not enabled for the domain or P2M not shared with IOMMU.IOW no security concerns? Copying/pasting what I wrote on the security channel for the record. (This was sent after you asked on xen-devel, sorry I should have done it before hand): We both looked at the code and concluded that it is guarantreed that P2M_ROOT_PAGES >= P2M_ROOT_LEVEL. This means the only issue is an under invalidation. The logic is only used for the benefit of invalidating the guest memory when using cache flush by set/way. Because of the issue, the guest we may not clean & invalidate some RAM belonging to itself. We also don't rely on the p2m_invalidate_root() to ensure any scrubbed pages content have reached memory. So any under invalidation will only impact the guest. Hence why we concluded it wasn't a security issue. Cheers, -- Julien Grall
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |