WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-3.2-testing] x86: Fix GRANT_PTE_FLAGS.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.2-testing] x86: Fix GRANT_PTE_FLAGS.
From: "Xen patchbot-3.2-testing" <patchbot-3.2-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Nov 2008 12:20:34 -0800
Delivery-date: Thu, 06 Nov 2008 12:20:26 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1225804511 0
# Node ID 2d5d030ea5501e797848d5269cb8801a927bcdc4
# Parent  9f8ba7a4c8afc21f3ba2978040cdb6537d02bfb3
x86: Fix GRANT_PTE_FLAGS.

Since page table entries created through e.g. GNTTABOP_map_grant_ref
are being passed through adjust_guest_l1e(), they must not generally
get _PAGE_USER set - this will be taken care of by adjust_guest_l1e(),
and it will ensure that these don't get _PAGE_GLOBAL set
inadvertently.

Due to the implied security aspect here (_PAGE_GLOBAL getting set on
kernel pages for x86-64), I'd like to ask that this also be applied to
older maintained branches.

At the same time, set _PAGE_NX for pte-s created for grants (as long
as hardware supports it), since it should be only data pages that
remote
domains are being given access to.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
xen-unstable changeset:   18748:4ec25db9326a7e7f64a8471cbfd7b5852484757c
xen-unstable date:        Mon Nov 03 10:32:54 2008 +0000
---
 xen/include/asm-x86/page.h        |    3 +++
 xen/include/asm-x86/x86_32/page.h |    3 ---
 xen/include/asm-x86/x86_64/page.h |    3 ---
 3 files changed, 3 insertions(+), 6 deletions(-)

diff -r 9f8ba7a4c8af -r 2d5d030ea550 xen/include/asm-x86/page.h
--- a/xen/include/asm-x86/page.h        Tue Nov 04 13:14:45 2008 +0000
+++ b/xen/include/asm-x86/page.h        Tue Nov 04 13:15:11 2008 +0000
@@ -327,6 +327,9 @@ void setup_idle_pagetable(void);
 #define __PAGE_HYPERVISOR_NOCACHE \
     (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED)
 
+#define GRANT_PTE_FLAGS \
+    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB)
+
 #ifndef __ASSEMBLY__
 
 static inline int get_order_from_bytes(paddr_t size)
diff -r 9f8ba7a4c8af -r 2d5d030ea550 xen/include/asm-x86/x86_32/page.h
--- a/xen/include/asm-x86/x86_32/page.h Tue Nov 04 13:14:45 2008 +0000
+++ b/xen/include/asm-x86/x86_32/page.h Tue Nov 04 13:15:11 2008 +0000
@@ -29,9 +29,6 @@ extern unsigned int PAGE_HYPERVISOR_NOCA
 extern unsigned int PAGE_HYPERVISOR_NOCACHE;
 #endif
 
-#define GRANT_PTE_FLAGS \
-    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB)
-
 /*
  * Disallow unused flag bits plus PAT/PSE, PCD, PWT and GLOBAL.
  * Permit the NX bit if the hardware supports it.
diff -r 9f8ba7a4c8af -r 2d5d030ea550 xen/include/asm-x86/x86_64/page.h
--- a/xen/include/asm-x86/x86_64/page.h Tue Nov 04 13:14:45 2008 +0000
+++ b/xen/include/asm-x86/x86_64/page.h Tue Nov 04 13:15:11 2008 +0000
@@ -124,9 +124,6 @@ typedef l4_pgentry_t root_pgentry_t;
 #define PAGE_HYPERVISOR         (__PAGE_HYPERVISOR         | _PAGE_GLOBAL)
 #define PAGE_HYPERVISOR_NOCACHE (__PAGE_HYPERVISOR_NOCACHE | _PAGE_GLOBAL)
 
-#define GRANT_PTE_FLAGS \
-    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB|_PAGE_USER)
-
 #define USER_MAPPINGS_ARE_GLOBAL
 #ifdef USER_MAPPINGS_ARE_GLOBAL
 /*

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.2-testing] x86: Fix GRANT_PTE_FLAGS., Xen patchbot-3.2-testing <=