This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: DOMID_XEN and iomem_access_permitted

To: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] Re: DOMID_XEN and iomem_access_permitted
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Wed, 12 May 2010 21:48:17 +0100
Delivery-date: Wed, 12 May 2010 13:58:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTinh4T3vDyES59tf_S6xxh8yr2irLArzoUNvO374@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcryFBl7kgHkW+w2RcSK+MuhTUe7YwAAFklq
Thread-topic: DOMID_XEN and iomem_access_permitted
User-agent: Microsoft-Entourage/
On 12/05/2010 21:45, "George Dunlap" <George.Dunlap@xxxxxxxxxxxxx> wrote:

> Actually, setting up an empty rangeset for the "xen" domain might be
> the best solution... it works no matter what the answers above are,
> and has fewer special cases in the code.  Looks like it would mainly
> involve actually initializing the rangeset code even for dummy domains
> in domian_create().

Yes, I'll patch it this way, thanks.

> Second question: Is it possible for a domU to crash the host with this
> bug?  It looks like set_foreigndom() will only allow you to use
> DOMID_XEN from domain 0.  If the answer to question 1 above is "yes",
> then I think we can safely say domU can't exploit this bug to cause a
> denial-of-service attack.

Unprivileged domains will be unable to obtain a reference to dom_xen. So
this bug can only trigger from dom0.

 -- Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>