From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [PATCH V13 3/7] xen/arm: Allow hypervisor access to mem_access protected pages Date: Thu, 12 Mar 2015 13:50:14 +0000 Message-ID: <55019996.9050208@linaro.org> References: <1425677073-13729-1-git-send-email-tklengyel@sec.in.tum.de> <1425677073-13729-4-git-send-email-tklengyel@sec.in.tum.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1425677073-13729-4-git-send-email-tklengyel@sec.in.tum.de> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Tamas K Lengyel , xen-devel@lists.xen.org Cc: wei.liu2@citrix.com, ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com, ian.jackson@eu.citrix.com, tim@xen.org, stefano.stabellini@citrix.com, jbeulich@suse.com, keir@xen.org List-Id: xen-devel@lists.xenproject.org Hi Tamas, On 06/03/15 21:24, Tamas K Lengyel wrote: > +/* > + * If mem_access is in use it might have been the reason why get_page_from_gva > + * failed to fetch the page, as it uses the MMU for the permission checking. > + * Only in these cases we do a software-based type check and fetch the page if > + * we indeed found a conflicting mem_access setting. > + */ > +static int check_type_get_page(vaddr_t gva, unsigned long flag, > + struct page_info** page) > +{ > + long rc; > + paddr_t ipa; > + unsigned long maddr; > + unsigned long mfn; > + xenmem_access_t xma; > + p2m_type_t t; > + > + rc = gva_to_ipa(gva, &ipa); I though a bit more about this call. gva_to_ipa only checks if the mapping has read-permission. That would allow a guest to write on read-only mapping. You have to pass the flags to gva_to_ipa in order to avoid re-introducing XSA-98 [1] Regards, [1] http://xenbits.xen.org/xsa/advisory-98.html -- Julien Grall