| |
|
 |
|
 |
|
|
|
| |
|
|
xen-ia64-devel
Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush
Le Jeudi 11 Mai 2006 11:09, Tian, Kevin a écrit :
> From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx]
>
> >Sent: 2006年5月11日 17:06
> >
> >> No one talks about trusting domU. I'm not digging into xen/x86's code
> >> to see how they prevent such malicious behavior by passing an
> >
> >incorrect
> >
> >> virtual address at domain unmap request. Maybe the solution is there,
> >> maybe not. Anyway it's a common security issue, not specific to ia64.
> >
> >No, it is specific to ia64, because x86 purges the tlb.
> >Our main problem is purge time: it is a simple instruction on x86
> >(reloading
> >cr3, maybe through IPI), while a lot of works on ia64.
>
> No, it's common. Xen/x86 also relies on passed gva to purge entries
> in writable page table. If domain deliberately passes an incorrect hva
> related to granted entry, xen/x86 will also populate incorrect pte entry.
> Later even after tlb is purged, domain is still possible to access
> ungranted pages since stale entry is still in pgtable.
You are correct.
> That's why I say flush_tlb_mask should really flush TLB only. Software
> structure (vhpt for ia64, writable pgtable for x86) is manipulated earlier
> by __gnttab_unmap_grant_ref where above security issue may apply.
Thanks,
Tristan.
_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush, (continued)
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush,
Tristan Gingold <=
|
|
|
| |
|
Home