[PATCH 8 of 8] Tools: After a helper maps a ring, yank it from the guest physmap

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
To: xen-devel@lists.xensource.com
Cc: ian.campbell@citrix.com, andres@gridcentric.ca, tim@xen.org,
	JBeulich@suse.com, ian.jackson@citrix.com, adin@gridcentric.ca
Subject: [PATCH 8 of 8] Tools: After a helper maps a ring, yank it from the guest physmap
Date: Tue, 06 Mar 2012 18:50:30 -0500	[thread overview]
Message-ID: <13cddd7608bda92389f6.1331077830@xdev.gridcentric.ca> (raw)
In-Reply-To: <patchbomb.1331077822@xdev.gridcentric.ca>

 tools/tests/xen-access/xen-access.c |  5 +++++
 tools/xenpaging/xenpaging.c         |  5 +++++
 2 files changed, 10 insertions(+), 0 deletions(-)


This limits the ability of the guest to play around with its own rings, and DoS
itself.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>

diff -r b8c6f0af992a -r 13cddd7608bd tools/tests/xen-access/xen-access.c
--- a/tools/tests/xen-access/xen-access.c
+++ b/tools/tests/xen-access/xen-access.c
@@ -269,6 +269,11 @@ xenaccess_t *xenaccess_init(xc_interface
                    (mem_event_sring_t *)xenaccess->mem_event.ring_page,
                    PAGE_SIZE);
 
+    /* Now that the ring is set, remove it from the guest's physmap */
+    if ( xc_domain_decrease_reservation_exact(xch, 
+                    xenaccess->mem_event.domain_id, 1, 0, &ring_pfn) )
+        PERROR("Failed to remove ring from guest physmap");
+
     /* Get platform info */
     xenaccess->platform_info = malloc(sizeof(xc_platform_info_t));
     if ( xenaccess->platform_info == NULL )
diff -r b8c6f0af992a -r 13cddd7608bd tools/xenpaging/xenpaging.c
--- a/tools/xenpaging/xenpaging.c
+++ b/tools/xenpaging/xenpaging.c
@@ -420,6 +420,11 @@ static struct xenpaging *xenpaging_init(
                    (mem_event_sring_t *)paging->mem_event.ring_page,
                    PAGE_SIZE);
 
+    /* Now that the ring is set, remove it from the guest's physmap */
+    if ( xc_domain_decrease_reservation_exact(xch, 
+                    paging->mem_event.domain_id, 1, 0, &ring_pfn) )
+        PERROR("Failed to remove ring from guest physmap");
+
     /* Get max_pages from guest if not provided via cmdline */
     if ( !paging->max_pages )
     {

next prev parent reply	other threads:[~2012-03-06 23:50 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-06 23:50 [PATCH 0 of 8] Mem event ring interface setup update, V3 Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 1 of 8] Tools: Remove shared page from mem_event/access/paging interfaces Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 2 of 8] x86/hvm: refactor calls to prepare and tear down a helper ring Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 3 of 8] Use a reserved pfn in the guest address space to store mem event rings Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 4 of 8] x86/mm: wire up sharing ring Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 5 of 8] Tools: libxc side for setting up the mem " Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 6 of 8] x86/mm: Clean up mem event structures on domain destruction Andres Lagar-Cavilla
2012-03-06 23:50 ` [PATCH 7 of 8] x86/mm: Fix mem event error message typos Andres Lagar-Cavilla
2012-03-06 23:50 ` Andres Lagar-Cavilla [this message]
2012-03-08 15:42   ` [PATCH 8 of 8] Tools: After a helper maps a ring, yank it from the guest physmap Ian Campbell
2012-03-12 11:23   ` Ian Jackson
2012-03-08 13:23 ` [PATCH 0 of 8] Mem event ring interface setup update, V3 Tim Deegan
2012-03-08 14:50   ` Andres Lagar-Cavilla
  -- strict thread matches above, loose matches on Subject: below --
2012-03-08 15:02 [PATCH 0 of 8] Mem event ring interface setup update, V3 rebased Andres Lagar-Cavilla
2012-03-08 15:03 ` [PATCH 8 of 8] Tools: After a helper maps a ring, yank it from the guest physmap Andres Lagar-Cavilla

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=13cddd7608bda92389f6.1331077830@xdev.gridcentric.ca \
    --to=andres@lagarcavilla.org \
    --cc=JBeulich@suse.com \
    --cc=adin@gridcentric.ca \
    --cc=andres@gridcentric.ca \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@citrix.com \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).