WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] PATCH: Allow domains to share instruction pages with each ot

from [Michael Abd-El-Malek] [Permanent Link][Original]
To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] PATCH: Allow domains to share instruction pages with each other
From: Michael Abd-El-Malek <mabdelm@xxxxxxxxxxx>
Date: Fri, 9 Jan 2009 20:08:34 -0500
Delivery-date: Fri, 09 Jan 2009 17:09:48 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Allow domains to share instruction pages with each other.
Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages shared between domains. That broke my ability to execute a binary whose pages are mapped from another domain.
My fix: I removed the NX page flag. I don't see a security problem with this: if domain A maps a page from domain B, it somehow trusts it, and can do any additional checks after the page is mapped. But absolutely disallowing execution of instructions from a mapped page seems a little too strict. 


diff -r 7a87b3dffa69 -r 43693d552e09 xen/include/asm-x86/page.h
--- a/xen/include/asm-x86/page.h        Sun Dec 28 02:37:15 2008 -0500
+++ b/xen/include/asm-x86/page.h        Wed Jan 07 23:35:18 2009 -0500
@@ -317,7 +317,7 @@
(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED) 

#define GRANT_PTE_FLAGS \
- (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB) 
+    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_GNTTAB)

#ifndef __ASSEMBLY__


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] fix smbios memory device length boundary condition, Bill Rieske
Next by Date:  Re: [Xen-devel] Source Code Help, Furquan Shaikh
Previous by Thread:  [Xen-devel] [PATCH] fix smbios memory device length boundary condition, Bill Rieske
Next by Thread:  Re: [Xen-devel] PATCH: Allow domains to share instruction pages with each other, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy