WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-ia64-devel

Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>, "Isaku Yamahata" <yamahata@xxxxxxxxxxxxx>
Subject: Re: [Xen-ia64-devel] PATCH: cleanup of tlbflush
From: Tristan Gingold <Tristan.Gingold@xxxxxxxx>
Date: Thu, 11 May 2006 11:05:55 +0200
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 11 May 2006 02:01:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <571ACEFD467F7749BC50E0A98C17CDD8094E7C0B@pdsmsx403>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <571ACEFD467F7749BC50E0A98C17CDD8094E7C0B@pdsmsx403>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5
Le Jeudi 11 Mai 2006 10:24, Tian, Kevin a écrit :
> From: Tristan Gingold [mailto:Tristan.Gingold@xxxxxxxx]
>
> >Sent: 2006年5月11日 16:04
> >
> >> I think the logic here is simple: domain assigns a virtual address to
> >
> >map
> >
> >> granted frame, and then later domain itself passes in same virtual
> >
> >address
> >
> >> to unmap granted frame. Xen simply helps domain upon its request.
> >
> >However we can't trust domU.  This model is too simple from a security
> >point
> >of view.
>
> No one talks about trusting domU. I'm not digging into xen/x86's code
> to see how they prevent such malicious behavior by passing an incorrect
> virtual address at domain unmap request. Maybe the solution is there,
> maybe not. Anyway it's a common security issue, not specific to ia64.
No, it is specific to ia64, because x86 purges the tlb.
Our main problem is purge time: it is a simple instruction on x86 (reloading 
cr3, maybe through IPI), while a lot of works on ia64.

> Please do things step by step. First to purge vhpt entry by gva based
> on current grant table arch, and then propose to xen-devel for common
> solution later if there.

Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel