WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-ia64-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush

from [Tian, Kevin] [Permanent Link][Original]
To: "Isaku Yamahata" <yamahata@xxxxxxxxxxxxx>
Subject: RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush
From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date: Thu, 11 May 2006 11:25:52 +0800
Cc: Tristan Gingold <Tristan.Gingold@xxxxxxxx>, xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 10 May 2006 20:26:09 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcZ0qFFwGPZTpx8VSWi3DdrPFCwgFAAANOaw
Thread-topic: [Xen-ia64-devel] PATCH: cleanup of tlbflush 
>From: Isaku Yamahata [mailto:yamahata@xxxxxxxxxxxxx]
>Sent: 2006年5月11日 11:07
>
>On Thu, May 11, 2006 at 10:39:52AM +0800, Tian, Kevin wrote:
>
>> >It will get an undesirable result or xen destroys it as a result.
>> >The issue here is that trusting dom0 when unmapping granted pages
>> >may affect a whole system or xen itself potentially.
>>
>> Xen itself will not be affected. The granted frame or mapping virtual
>> address always belong to domain, instead of xen itself.
>
>Xen can be affected potentially.
>It is possible for a domain to return pages to xen
>by XENMEM_decrease_reservation.
>Please consider followings
>1. domain A grants dom0 to map a page.
>2. dom0 maps the page, accesses it and unmaps it lying virtual address.
>3. xen flushes it but the virtual address is wrong.
>   Here dom0 might be able to access the page.
>4. domain A returns the page to xen by
>XENMEM_decrease_reservation.
>5. Xen reuses the page for its own purpose.
>6. dom0 overwrites the page via the true virtual address.
>   Xen's data are destroyed.
>
>Presumably at 4./5. xen can defer freeing the page.
>
>

I agree and there'll be more corner cases where dom0 can corrupt xen. 
But note, the whole xen virtual environment is constructed by both dom0 
and xen hypervisor. If dom0 is already hacked and malicious, the whole 
system is already broken irregardless of whether xen content is 
corrupted. :-) But yes we still need to make it safer.

Thanks,
Kevin

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [PATCH] compilation fix of ia64 hypervisor.c,utils.c (was Re:[Xen-ia64-devel] latest tree building fail.), Alex Williamson
Next by Date:  RE: [PATCH] compilation fix of ia64 hypervisor.c, utils.c (was Re:[Xen-ia64-devel] latest tree building fail.), Akio Takebe
Previous by Thread:  Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tristan Gingold
Next by Thread:  RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy