Please don't top post.
On Wed, 2011-10-26 at 18:36 +0100, Mohammad Hedayati wrote:
> Though the page is not owned by the issuing domain, the l1 page is, so
> the l1e_get_page (if you meant so instead of get_page_from_l1e)
> succeeds. There should be a check somewhere else, probably in
> x86_emulate or subordinate routines.
I really did mean get_page_from_l1e which takes a reference on the page
referenced by an l1e, not the page containing that l1e. i.e. it takes a
reference on a data page not an l1 page-table page.
l1e_get_page just extracts the pfn from a PTE and converts it to a
struct page so it isn't interesting from this point of view.
Ian.
>
> On Wed, Oct 26, 2011 at 8:25 PM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Wed, 2011-10-26 at 17:46 +0100, Mohammad Hedayati wrote:
> >> After mapping a readonly granted page in a PV guest, the guest can try
> >> to change his l1 page table entry, faulting into Xen. Here xen
> >> emulates the update operation, but first it must check whether the
> >> modification is allowed or not (i.e. the grant is readonly or not).
> >> I'm looking through the code, but I can't find where this checking is
> >> done. Can anyone help?!
> >
> > I don't think a guest can modify any grant mapping that way, read only
> > or otherwise, they have to use the GNTTABOP hypercalls.
> >
> > The thing which prevents it is that the page is really owned by another
> > domain so the get_page_from_l1e in ptwr_emulated_update will fail.
> >
> > (disclaimer, I'm not really sure about this...)
> >
> > Ian.
> >
> >
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|