WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] ept: remove execute permission for granted pages' P2

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] ept: remove execute permission for granted pages' P2M entries
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Fri, 28 Aug 2009 09:18:58 +0100
Delivery-date: Fri, 28 Aug 2009 01:19:19 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
When backporting c/s 20026 I noticed that granted pages get execute
permission, which doesn't seem desirable (and has been avoided for PV
guests for quite a while).

Even for p2m_mmio_direct is seems suspicious to allow execution, but me
being less certain here I left it as is for the time being.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

--- 2009-08-18.orig/xen/arch/x86/mm/hap/p2m-ept.c       2009-08-07 
09:20:56.000000000 +0200
+++ 2009-08-18/xen/arch/x86/mm/hap/p2m-ept.c    2009-08-24 10:19:52.000000000 
+0200
@@ -40,15 +40,21 @@ static void ept_p2m_type_to_flags(ept_en
             return;
         case p2m_ram_rw:
         case p2m_mmio_direct:
-        case p2m_grant_map_rw:
             entry->r = entry->w = entry->x = 1;
             return;
         case p2m_ram_logdirty:
         case p2m_ram_ro:
-        case p2m_grant_map_ro:
             entry->r = entry->x = 1;
             entry->w = 0;
             return;
+        case p2m_grant_map_rw:
+            entry->r = entry->w = 1;
+            entry->x = 0;
+            return;
+        case p2m_grant_map_ro:
+            entry->r = 1;
+            entry->w = entry->x = 0;
+            return;
     }
 }
 




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] ept: remove execute permission for granted pages' P2M entries, Jan Beulich <=