[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages





On Thu, Mar 12, 2015 at 4:40 PM, Julien Grall <julien.grall@xxxxxxxxxx> wrote:
Hi Ian,

On 12/03/15 15:27, Ian Campbell wrote:
>> Currently, check_type_get_page emulate only the check for 2). So you may
>> end up to allow Xen writing in read-only mapping (from the Stage 1 POV).
>> This was XSA-98.
>
> XSA-98 was purely about stage-2 permissions (e.g. read-only grants). The
> fact that the resulting patch also checks stage-1 permissions is not a
> security property AFAICT.

XSA-98 was for both... Without checking stage-1 permission a userspace
which can issue an hypercall may be able to write into read-only kernel
space. Whoops.

Userspace is able to issue hypercall?
Â

Though it doesn't every possibility...

Regards,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.