[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] PATCH: Allow domains to share instruction pages with each other

  • To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Michael Abd-El-Malek <mabdelm@xxxxxxxxxxx>
  • Date: Fri, 9 Jan 2009 20:08:34 -0500
  • Delivery-date: Fri, 09 Jan 2009 17:09:48 -0800
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Allow domains to share instruction pages with each other.
Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages shared between domains. That broke my ability to execute a binary whose pages are mapped from another domain.
My fix: I removed the NX page flag. I don't see a security problem with this: if domain A maps a page from domain B, it somehow trusts it, and can do any additional checks after the page is mapped. But absolutely disallowing execution of instructions from a mapped page seems a little too strict. 


diff -r 7a87b3dffa69 -r 43693d552e09 xen/include/asm-x86/page.h
--- a/xen/include/asm-x86/page.h        Sun Dec 28 02:37:15 2008 -0500
+++ b/xen/include/asm-x86/page.h        Wed Jan 07 23:35:18 2009 -0500
@@ -317,7 +317,7 @@
(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED) 

#define GRANT_PTE_FLAGS \
- (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB) 
+    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_GNTTAB)

#ifndef __ASSEMBLY__


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.