[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] x86: possible problem with guest_walk_tables()



>>> On 21.03.11 at 13:33, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
> At 11:45 +0000 on 21 Mar (1300707922), Jan Beulich wrote:
>> The PSE handling doesn't check bits 1...8 (or 1...9 for non-PAE guests)
>> being zero, thus allowing bad (not 2Mb/4Mb aligned) large pages to be
>> handled (afaict potentially allowing the guest to access foreign memory).
> 
> I don't think this allows access to foreign memory, since these
> pagetables are in GFN-space. 

Yes, if this is really only GFN space, then it would "just" result in
bad translations getting installed, possibly conflicting with others
(e.g. in cache attributes).

>> Below is a possible fix, but unfortunately it doesn't work for
>> GUEST_PAGING_LEVELS == 2, since _PAGE_INVALID_BITS is zero
>> there.
> 
> What does real hardware do in this case?  IIRC 32-bit non-PAE doesn't
> have an "invlid bit set" error code to use in pagefaults.
> /me supposes he had better check...

The bits are marked reserved (minus the PSE-36 feature), and the
manual doesn't make any distinction between the various paging
modes when it comes to error code bits other than bit 4. I therefore
think that on newer CPUs you would see bit 3 set in this case (minus
errata). Hence I think forcing a page fault in this case would be
correct.

Leaving aside the non-PAE case, does the fix presented look
reasonable?

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.