> Done some investingations in the mm code of Xen, i think the
> problem is that linear page tables entries are checked only
> on level 4 entries.
> In my case, my recursive entry is in a L3 table, already
> validated as another type, hence not "valid" for Xen.
Can you explain the pagtable structure a little better please. Does the
L3 contain an entry point at itself (recursive), or at another L3
(foreign)?
I've never come across non-root pagetable linear mappings other than in
the crock that is PAE (3 level) where you have to use 4 entries in an L2
to point to all the L2s due to the limited address space.
What OS are you porting? Was it written for 3-level pagetables, with the
x86 4th level being added on as an afterthought, perhaps with only a
single L4 for the system and just one entry being used?
> Will authorizing L3 or L2 recursive mappings induce a
> security hole or vulnerability?
> If not, I'll try to make a patch to address this issue (any
> hint welcome :)).
I'm sure it can be done safely, but you'd best wrap a damp towel around
your head while thinking about how. I wouldn't want to slow down the
common case...
Ian
> Regards,
> Mathieu
>
> Mathieu Ropert wrote:
>
> > [Previous one didn't hit list after 3 days, trying a
> resend, sorry if
> > both finally show up]
> >
> > Hi,
> >
> > are recursive mappings (ie: a page table entry pointing back to
> > itself) supported by Xen (on x86_64 at least)?
> > I'm asking cause i'm seeing many error logs from get_page_type()
> > telling something like "saw L3_page_table expected
> L2_page_table" or
> > "saw L4_page_table expected L3_page_table" (finally leading to a
> > failing mmu_update, i guess others happens on user
> pagetables switches).
> > Or maybe is there any workaround needed? (I think i saw
> something like
> > setting entry to 0 first then to the recursive entry somewhere, but
> > can't remember where).
> > By the way, i'm using recursive mappings in kernel page directory
> > (which seems ok) and i temporay make user page directory recursive
> > when i map a user PGD in kernel space (mapping user PGD to
> a L4 entry
> > of kernel tables, then using kernel L4 slot and user PGD recursive
> > entry to access user page tables).
> >
> > [edit]
> > Done some little research about the problem. Seems like
> NetBSD use the
> > same thing and works, but there is no x86_64 ports for now. I'm
> > starting to think that may be a x86_64 issue, maybe because
> recursive
> > mappings don't lead to conflicting types with only 2 levels.
> > Xen interface states that a page can only be of one type (PGD, PT,
> > LDT, GDT and R/W). I don't know why there is a need to distinguish
> > page table levels, but i'm afraid this restriction will
> conflit with
> > some MMU implementation on x86_64 like NetBSD and OpenBSD,
> and maybe
> > others (FreeBSD on top of my mind, don't know how much the pmap
> > implementation diverged).
> > [/edit]
> >
> > Regards,
> >
> > Mathieu
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-devel
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home