>>> Keir Fraser <keir.fraser@xxxxxxxxxxxxx> 31.10.08 18:00 >>>
>On 31/10/08 16:23, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>
>>>>> Keir Fraser <keir.fraser@xxxxxxxxxxxxx> 31.10.08 17:17 >>>
>>> On 31/10/08 16:13, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>>>
>>>>> GRANT_PTE_FLAGS should include _PAGE_GUEST_KERNEL then?
>>>>
>>>> No, it should uniformly include neither _PAGE_USER nor _PAGE_GUEST_KERNEL.
>>>> _PAGE_USER gets set when GNTMAP_application_map is specified, and
>>>> based on this setting of _PAGE_USER, adjust_guest_l1e() will set either
>>>> _PAGE_GUEST_KERNEL or _PAGE_GLOBAL.
>>>
>>> The grant code doesn't use adjust_l1e() though.
>>
>> Both create_grant_pte_mapping() and create_grant_va_mapping() do
>> afaics.
>
>Ah yes, indeed. Please send a patch to deal with this and _PAGE_NX.
Since page table entries created through e.g. GNTTABOP_map_grant_ref
are being passed through adjust_guest_l1e(), they must not generally
get _PAGE_USER set - this will be taken care of by adjust_guest_l1e(),
and it will ensure that these don't get _PAGE_GLOBAL set inadvertently.
Due to the implied security aspect here (_PAGE_GLOBAL getting set on
kernel pages for x86-64), I'd like to ask that this also be applied to
older maintained branches.
At the same time, set _PAGE_NX for pte-s created for grants (as long as
hardware supports it), since it should be only data pages that remote
domains are being given access to.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Index: 2008-10-27/xen/include/asm-x86/page.h
===================================================================
--- 2008-10-27.orig/xen/include/asm-x86/page.h 2008-09-29 09:45:32.000000000
+0200
+++ 2008-10-27/xen/include/asm-x86/page.h 2008-10-31 16:58:13.000000000
+0100
@@ -314,6 +314,9 @@ unsigned long clone_idle_pagetable(struc
#define __PAGE_HYPERVISOR_NOCACHE \
(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD | _PAGE_ACCESSED)
+#define GRANT_PTE_FLAGS \
+ (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX | _PAGE_GNTTAB)
+
#ifndef __ASSEMBLY__
static inline int get_order_from_bytes(paddr_t size)
Index: 2008-10-27/xen/include/asm-x86/x86_32/page.h
===================================================================
--- 2008-10-27.orig/xen/include/asm-x86/x86_32/page.h 2008-09-24
10:50:47.000000000 +0200
+++ 2008-10-27/xen/include/asm-x86/x86_32/page.h 2008-10-31
16:56:19.000000000 +0100
@@ -105,9 +105,6 @@ extern unsigned int PAGE_HYPERVISOR_NOCA
#define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF))
#define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 32) | ((x) & 0xFFF))
-#define GRANT_PTE_FLAGS \
- (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB)
-
/*
* Disallow unused flag bits plus PAT/PSE, PCD, PWT and GLOBAL.
* Permit the NX bit if the hardware supports it.
Index: 2008-10-27/xen/include/asm-x86/x86_64/page.h
===================================================================
--- 2008-10-27.orig/xen/include/asm-x86/x86_64/page.h 2008-09-29
09:45:32.000000000 +0200
+++ 2008-10-27/xen/include/asm-x86/x86_64/page.h 2008-10-31
16:56:35.000000000 +0100
@@ -124,9 +124,6 @@ typedef l4_pgentry_t root_pgentry_t;
#define PAGE_HYPERVISOR (__PAGE_HYPERVISOR | _PAGE_GLOBAL)
#define PAGE_HYPERVISOR_NOCACHE (__PAGE_HYPERVISOR_NOCACHE | _PAGE_GLOBAL)
-#define GRANT_PTE_FLAGS \
- (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB|_PAGE_USER)
-
#define USER_MAPPINGS_ARE_GLOBAL
#ifdef USER_MAPPINGS_ARE_GLOBAL
/*
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home