WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-ia64-devel

Re: [Xen-ia64-devel] [rfc 13/15] Kexec: offsets for EFI runtime regions

To: Tristan Gingold <tgingold@xxxxxxx>
Subject: Re: [Xen-ia64-devel] [rfc 13/15] Kexec: offsets for EFI runtime regions
From: Horms <horms@xxxxxxxxxxxx>
Date: Mon, 10 Sep 2007 12:39:24 +0900
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 09 Sep 2007 20:39:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070910032049.GA2616@saphi>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20070817065042.645546902@xxxxxxxxxxxx> <20070817065447.235858579@xxxxxxxxxxxx> <20070908040630.GA2588@saphi> <20070910015427.GA15075@xxxxxxxxxxxx> <20070910032049.GA2616@saphi>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: mutt-ng/devel-r804 (Debian)
On Mon, Sep 10, 2007 at 05:20:49AM +0200, Tristan Gingold wrote:
> On Mon, Sep 10, 2007 at 10:54:29AM +0900, Horms wrote:
> > On Sat, Sep 08, 2007 at 06:06:30AM +0200, Tristan Gingold wrote:
> > > On Fri, Aug 17, 2007 at 03:50:55PM +0900, Simon Horman wrote:
> > > > This is used by paches that move the EFI runtime regions into what is
> > > > normally guest space.  A description of why this mapping is made is
> > > > included in the patch that makes the mapping.
> > > [...]
> > > > +/* In order for Kexec between Xen and Linux to work EFI needs
> > > > + * to be mapped into the same place by both. It seems most convenient
> > > > + * to make Xen do the dirty work here */
> > > > +#define __IA64_EFI_UNCACHED_OFFSET     0xc000000000000000UL
> > > > +#define __IA64_EFI_CACHED_OFFSET       0xf000000000000000UL
> > > 
> > > Hi,
> > > 
> > > sorry or this late comment but doesn't this code creates a security hole ?
> > > EFI_UNCACHED_OFFSET area will be visible inside vti domains as its virtual
> > > address is valid in these domains.
> > 
> > Hi Tristan,
> > 
> > I think that you have a good point there.
> > 
> > Currently the code is checking psr.cpl to make sure that it is 0,
> > and thus deny access to (non-vti?) domains. Is a similar check possible
> > for vti domains, or is the problem a little deeper?
> Unfortunately similar check is not possible for vti.  Hypervisor memory
> is protected from guest domain by using a 1 bit wider virtual address.
> (I think it would have been better to add a new bit in the mmu but...)

Mmm, that does indeed seem to cause some problems for my change.

-- 
Horms
  H: http://www.vergenet.net/~horms/
  W: http://www.valinux.co.jp/en/


_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel