From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall Date: Tue, 22 Jul 2014 17:44:59 +0100 Message-ID: <53CE950B.5060606@linaro.org> References: <1403780826-22123-1-git-send-email-andrii.tseglytskyi@globallogic.com> <1403780826-22123-7-git-send-email-andrii.tseglytskyi@globallogic.com> <53B6BB99.7060107@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrii Tseglytskyi Cc: Stefano Stabellini , Ian Campbell , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 07/22/2014 05:39 PM, Andrii Tseglytskyi wrote: > Hi Julien, Hi Andrii, > On Fri, Jul 4, 2014 at 5:35 PM, Julien Grall wrote: >> Hi Andrii, >> >> >> On 26/06/14 12:07, Andrii Tseglytskyi wrote: >>> >>> +long do_translate_pagetable(int cmd, >>> XEN_GUEST_HANDLE_PARAM(xen_pagetable_addr_t) pgt_addr) >>> +{ >>> + struct xen_pagetable_addr pgt; >>> + struct mmu_info *mmu = NULL; >>> + >>> + if ( copy_from_guest(&pgt, pgt_addr, 1) ) >>> + return -EFAULT; >>> + >>> + mmu = mmu_lookup(pgt.reg); >>> + if ( !mmu ) >>> + { >>> + pr_mmu("can't get mmu for addr 0x%08x", pgt.reg); >>> + return -EINVAL; >>> + } >>> + >>> + pgt.maddr = mmu_translate_pagetable(mmu, pgt.paddr); >>> + >>> + return copy_to_guest(pgt_addr, &pgt, 1); >>> +} >>> + >> >> >> AFAIU, nothing prevents a malicious guest to call this hypercall and screw >> the pagetable of the MMU. > > Right. Do you think that some kind of security checks needed here? You need at least ot check that the domain is allowed to access to the remote processor. It may be implemented via the solution we were talking on patch #1. Regards, -- Julien Grall