| |
|
 |
|
 |
|
|
|
| |
|
|
xen-ia64-devel
RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush
>From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx]
>Sent: 2006年5月11日 17:06
>>
>> No one talks about trusting domU. I'm not digging into xen/x86's code
>> to see how they prevent such malicious behavior by passing an
>incorrect
>> virtual address at domain unmap request. Maybe the solution is there,
>> maybe not. Anyway it's a common security issue, not specific to ia64.
>No, it is specific to ia64, because x86 purges the tlb.
>Our main problem is purge time: it is a simple instruction on x86
>(reloading
>cr3, maybe through IPI), while a lot of works on ia64.
>
No, it's common. Xen/x86 also relies on passed gva to purge entries
in writable page table. If domain deliberately passes an incorrect hva
related to granted entry, xen/x86 will also populate incorrect pte entry.
Later even after tlb is purged, domain is still possible to access ungranted
pages since stale entry is still in pgtable.
That's why I say flush_tlb_mask should really flush TLB only. Software
structure (vhpt for ia64, writable pgtable for x86) is manipulated earlier
by __gnttab_unmap_grant_ref where above security issue may apply.
Thanks,
Kevin
_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush, (continued)
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush,
Tian, Kevin <=
|
|
|
| |
|
Home