From: Julien Grall <julien.grall@linaro.org>
To: Andrii Tseglytskyi <andrii.tseglytskyi@globallogic.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Campbell <Ian.Campbell@citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Date: Tue, 22 Jul 2014 17:44:59 +0100 [thread overview]
Message-ID: <53CE950B.5060606@linaro.org> (raw)
In-Reply-To: <CAH_mUMNEyAvniHG7aoQR2NRVBOOfJLtXMF-ZxZnzTCKDTygZyw@mail.gmail.com>
On 07/22/2014 05:39 PM, Andrii Tseglytskyi wrote:
> Hi Julien,
Hi Andrii,
> On Fri, Jul 4, 2014 at 5:35 PM, Julien Grall <julien.grall@linaro.org> wrote:
>> Hi Andrii,
>>
>>
>> On 26/06/14 12:07, Andrii Tseglytskyi wrote:
>>>
>>> +long do_translate_pagetable(int cmd,
>>> XEN_GUEST_HANDLE_PARAM(xen_pagetable_addr_t) pgt_addr)
>>> +{
>>> + struct xen_pagetable_addr pgt;
>>> + struct mmu_info *mmu = NULL;
>>> +
>>> + if ( copy_from_guest(&pgt, pgt_addr, 1) )
>>> + return -EFAULT;
>>> +
>>> + mmu = mmu_lookup(pgt.reg);
>>> + if ( !mmu )
>>> + {
>>> + pr_mmu("can't get mmu for addr 0x%08x", pgt.reg);
>>> + return -EINVAL;
>>> + }
>>> +
>>> + pgt.maddr = mmu_translate_pagetable(mmu, pgt.paddr);
>>> +
>>> + return copy_to_guest(pgt_addr, &pgt, 1);
>>> +}
>>> +
>>
>>
>> AFAIU, nothing prevents a malicious guest to call this hypercall and screw
>> the pagetable of the MMU.
>
> Right. Do you think that some kind of security checks needed here?
You need at least ot check that the domain is allowed to access to the
remote processor.
It may be implemented via the solution we were talking on patch #1.
Regards,
--
Julien Grall
next prev parent reply other threads:[~2014-07-22 16:44 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-26 11:06 [PATCH v02 0/7] arm: introduce remoteprocessor iommu module Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 1/7] " Andrii Tseglytskyi
2014-06-29 18:00 ` Julien Grall
2014-07-22 15:20 ` Andrii Tseglytskyi
2014-07-22 16:29 ` Julien Grall
2014-07-31 11:59 ` Andrii Tseglytskyi
2014-07-31 12:11 ` Julien Grall
2014-07-31 12:49 ` Andrii Tseglytskyi
2014-07-04 13:59 ` Stefano Stabellini
2014-07-16 15:19 ` Ian Campbell
2014-07-22 12:42 ` Stefano Stabellini
2014-07-22 13:29 ` Julien Grall
2014-07-22 16:31 ` Andrii Tseglytskyi
2014-07-22 17:22 ` Andrii Tseglytskyi
2014-07-23 10:32 ` Stefano Stabellini
2014-07-23 10:54 ` Andrii Tseglytskyi
2014-07-22 15:40 ` Andrii Tseglytskyi
2014-07-22 15:32 ` Andrii Tseglytskyi
2014-08-01 10:06 ` Andrii Tseglytskyi
2014-08-01 10:32 ` Julien Grall
2014-08-01 10:34 ` Andrii Tseglytskyi
2014-08-01 10:37 ` Julien Grall
2014-08-01 10:43 ` Andrii Tseglytskyi
2014-08-20 19:40 ` Andrii Tseglytskyi
2014-08-21 15:30 ` Andrii Tseglytskyi
2014-08-21 23:41 ` Stefano Stabellini
2014-08-21 23:43 ` Stefano Stabellini
2014-07-16 15:29 ` Ian Campbell
2014-07-16 15:34 ` Ian Campbell
2014-07-22 16:24 ` Andrii Tseglytskyi
2014-07-22 16:14 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 2/7] arm: omap: introduce iommu translation for IPU remoteproc Andrii Tseglytskyi
2014-07-04 14:01 ` Stefano Stabellini
2014-07-22 16:56 ` Andrii Tseglytskyi
2014-07-04 14:30 ` Julien Grall
2014-07-22 16:58 ` Andrii Tseglytskyi
2014-07-16 15:36 ` Ian Campbell
2014-07-22 17:16 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 3/7] arm: omap: introduce iommu translation for GPU remoteproc Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 4/7] arm: omap: introduce print pagetable function for IPU remoteproc Andrii Tseglytskyi
2014-07-16 15:38 ` Ian Campbell
2014-07-22 16:55 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 5/7] arm: omap: introduce print pagetable function for GPU remoteproc Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall Andrii Tseglytskyi
2014-07-04 14:05 ` Stefano Stabellini
2014-07-16 15:42 ` Ian Campbell
2014-07-22 16:47 ` Andrii Tseglytskyi
2014-07-22 16:37 ` Andrii Tseglytskyi
2014-07-04 14:35 ` Julien Grall
2014-07-16 15:43 ` Ian Campbell
2014-07-22 16:50 ` Andrii Tseglytskyi
2014-07-22 16:39 ` Andrii Tseglytskyi
2014-07-22 16:44 ` Julien Grall [this message]
2014-07-22 16:48 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 7/7] arm: add trap for remoteproc mmio accesses Andrii Tseglytskyi
2014-06-26 16:52 ` Julien Grall
2014-06-27 8:36 ` Andrii Tseglytskyi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53CE950B.5060606@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@citrix.com \
--cc=andrii.tseglytskyi@globallogic.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).