[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] RT Xen on ARM - R-Car series

Hello Roger,

On 14.02.19 18:29, Roger Pau Monné wrote:
I meant that with the current interface a user could change the
backing memory behind the virtual address passed in the runstate
register hypercall and expect Xen to write to the new physical memory
area without having to do anything else.

Attempting to do that with my proposed patch can result in hard to
debug guest memory corruption.

It's true.

OSes use atomic operations to update a PTE, so I'm not sure how that
could be problematic. Xen will either get the new or the old address
from the PTE, but never a half-written value.

I did mean using the old address, which I suppose might result in the same 
issues as you mentioned above.

In order to simplify stuff the new interface could require runstate
areas to be page aligned, but I think the check can be relaxed to
simply require runstate areas to not cross a page boundary.

My idea so far is to keep the same `struct vcpu_runstate_info` but harden it 
with `__attribute__((aligned(64)))` right in the interface file vcpu.h. Also 
add some guard asserts verifying that its actual size is less than 64 bytes.
Then, on the new initcall verify if it crosses the page boundary.

Andrii Anisov.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.