Though the page is not owned by the issuing domain, the l1 page is, so
the l1e_get_page (if you meant so instead of get_page_from_l1e)
succeeds. There should be a check somewhere else, probably in
x86_emulate or subordinate routines.
On Wed, Oct 26, 2011 at 8:25 PM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> On Wed, 2011-10-26 at 17:46 +0100, Mohammad Hedayati wrote:
>> After mapping a readonly granted page in a PV guest, the guest can try
>> to change his l1 page table entry, faulting into Xen. Here xen
>> emulates the update operation, but first it must check whether the
>> modification is allowed or not (i.e. the grant is readonly or not).
>> I'm looking through the code, but I can't find where this checking is
>> done. Can anyone help?!
>
> I don't think a guest can modify any grant mapping that way, read only
> or otherwise, they have to use the GNTTABOP hypercalls.
>
> The thing which prevents it is that the page is really owned by another
> domain so the get_page_from_l1e in ptwr_emulated_update will fail.
>
> (disclaimer, I'm not really sure about this...)
>
> Ian.
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|