|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/7] x86/mm: Further restrict permissions on some virtual mappings
On Tue, May 02, 2017 at 07:05:22PM +0100, Andrew Cooper wrote: > As originally reported, the Linear Pagetable slot maps 512GB of ram as RWX, > where the guest has full read access and a lot of direct or indirect control > over the written content. It isn't hard for a PV guest to hide shellcode > here. > > Therefore, increase defence in depth by auditing our current pagetable > mappings. > > * The regular linear, shadow linear, and per-domain slots have no business > being executable (but need to be written), so are updated to be NX. > * The Read Only mappings of the M2P (compat and regular) don't need to be > writeable or executable. > * The PV GDT mappings don't need to be executable. > > Reported-by: Jann Horn <jannh@xxxxxxxxxx> > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |