|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH] Make get_page_from_l1e refcount correctly onfor
On 14/05/2009 09:22, "Tim Deegan" <Tim.Deegan@xxxxxxxxxx> wrote:
>> I have to admit that the change to mod_l1_entry() look suspicious to me -
>> as I understand it, the third parameter of get_page_from_l1e_for() represents
>> the target domain, and that's what FOREIGNDOM is to be used for.
>
> Possibly. IIUC get_page_from_l1e_for()'s first domain argument is the
> domain whose rights we are testing; so e.g. dom0 mapping domU memory
> uses FOREIGNDOM there to say "this should be domU's page". The second
> argument (whose pagetables are these) has always implicitly been "mine",
> i.e. current->domain. Again correct when dom0 maps domU's page.
>
> In the case we're trying to fix, although current->domain is dom0 (who
> is making a shadow control hypercall) the pagetables belong to domU.
Yes, there can be three domains involved: the one making the hypercall, the
one who owns the PTE, and the one who owns the page being mapped into the
PTE. I think some of the confusion around get_page_from_l1e() is that the
domain argument is the page-owner not the PTE-owner. It would make sense for
it to be the latter, and then as far as possible do the
is-the-page-owner-valid checks hidden inside get_page_from_l1e(). The only
fly in the ointment there is that FOREIGNDOM should only be permitted from
mod_l1_entry(). Possibly that should be the only caller that directly
accesses a more complex interface to get_page_from_l1e() (where the extra
argument would be the page-owner, not the PTE-owner!).
-- Keir
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|