WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-ia64-devel

Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, "Isaku Yamahata" <yamahata@xxxxxxxxxxxxx>
Subject: Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush
From: Tristan Gingold <Tristan.Gingold@xxxxxxxx>
Date: Thu, 11 May 2006 11:20:03 +0200
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 11 May 2006 02:16:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <571ACEFD467F7749BC50E0A98C17CDD8094E7C0D@pdsmsx403>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <571ACEFD467F7749BC50E0A98C17CDD8094E7C0D@pdsmsx403>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5
Le Jeudi 11 Mai 2006 11:09, Tian, Kevin a écrit :
> From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx]
>
> >Sent: 2006年5月11日 17:06
> >
> >> No one talks about trusting domU. I'm not digging into xen/x86's code
> >> to see how they prevent such malicious behavior by passing an
> >
> >incorrect
> >
> >> virtual address at domain unmap request. Maybe the solution is there,
> >> maybe not. Anyway it's a common security issue, not specific to ia64.
> >
> >No, it is specific to ia64, because x86 purges the tlb.
> >Our main problem is purge time: it is a simple instruction on x86
> >(reloading
> >cr3, maybe through IPI), while a lot of works on ia64.
>
> No, it's common. Xen/x86 also relies on passed gva to purge entries
> in writable page table. If domain deliberately passes an incorrect hva
> related to granted entry, xen/x86 will also populate incorrect pte entry.
> Later even after tlb is purged, domain is still possible to access
> ungranted pages since stale entry is still in pgtable.
You are correct.

> That's why I say flush_tlb_mask should really flush TLB only. Software
> structure (vhpt for ia64, writable pgtable for x86) is manipulated earlier
> by __gnttab_unmap_grant_ref where above security issue may apply.

Thanks,
Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

<Prev in Thread] Current Thread [Next in Thread>