| |
|
 |
|
 |
|
|
|
| |
|
|
xen-ia64-devel
RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush
>From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx]
>Sent: 2006年5月11日 16:04
>>
>> I think the logic here is simple: domain assigns a virtual address to
>map
>> granted frame, and then later domain itself passes in same virtual
>address
>> to unmap granted frame. Xen simply helps domain upon its request.
>However we can't trust domU. This model is too simple from a security
>point
>of view.
No one talks about trusting domU. I'm not digging into xen/x86's code
to see how they prevent such malicious behavior by passing an incorrect
virtual address at domain unmap request. Maybe the solution is there,
maybe not. Anyway it's a common security issue, not specific to ia64.
Please do things step by step. First to purge vhpt entry by gva based
on current grant table arch, and then propose to xen-devel for common
solution later if there.
Thanks,
Kevin
_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, (continued)
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush,
Tian, Kevin <=
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
- RE: [Xen-ia64-devel] PATCH: cleanup of tlbflush, Tian, Kevin
|
|
|
| |
|
Home